Security Scan Report: verify.lilly.afi-cloud.de

Redirected to:
https://login.microsoftonline.com/18a59a81-eea8-4c30-948a-d8824cdc2580...
Site favicon
Submitted: Dec 11, 2025, 9:16:17 AMCompleted: Dec 11, 2025, 9:17:11 AMpubliccompleted
Loading additional data...

Summary

This website contacted 42 IPs in 3 countries across 7 domains to perform 35 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: http://verify.lilly.afi-cloud.de/

Effective URL: https://login.microsoftonline.com/18a59a81-eea8-4c30-948a-d8824cdc2580/saml2?SAMLRequest=hZLBbtswEETv%2FQqBd0okbRkUYSlwYwQ1kLZGrPTQS0CRq4QARbok5dZ%2FX1WOgfTQ9LqYfTuY2fXNr8FmJwjReFcjmhOUgVNeG%2Fdco8f2DnN003xYRzlYdhSbMb24B%2FgxQkzZJkYIadq79S6OA4QDhJNR8PhwX6OXlI5RFMWENv05t8bacy57g5X1o841FHJiPQWI3p4AZduJaJxMs43rsvXPxuWDUcFH3yfvrHGQKz8UlMuykpxiAMnxUi0IrpZcYs05WyqtWMlJMZtG2W5bo6cKNJW87DpKer3oOKEVdHqxUiXAiuhyksU4ws7FJF2qESOsxJRhSltSCboSjOWrkn1H2T745JW3H427pDQGJ7yMJgonB4giKXHYfL4XLCeiu4ii%2BNS2e7z%2FemhR9u2aNvuT9pS%2Fi%2BKS7%2Fus4%2Bth1FzqELPj8JbwPkBeC0PNf%2BtZF29vNNcH%2BDJBd9u9t0ads421%2FudtAJmgRr20cerxzodBpn%2F7oDmdJ0bjfpaK0cUjKNMb0KhoXu%2F%2B%2FWrNbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nKHM5VOFI8I%2FuAMyMaNVfzE3j%2FZwA%2B2Am7wEFHuUsqyUQMpD41l4g1o%2Bq8ubxp7wA7orNmYmGUfrpQnDxEHG1KMBWNOpe2GneTVP7yB5p8vBBWtXxpBXhwFqoyebE0o9dI%2FM7P4SnfOqig4AVQeggA%2Bt2nKExgS9e428Wg5YDSPGz7I8z%2FGxnjnbk0ohHzZF3rb1JwwGNK3%2FriS%2Fq%2FZxABQntXqeBxxwdh%2Bh1RtAqbvObwmfGNoj4nv3lACZcFnAfmJfcpjJxqAp0yRhZuGQQL%2B2xm1L%2F1o6ALG97igyb5Q3zg%2BfehC5qFsUiyL643sGigRkVsdTllHuedmdd2T2%2Bg%3D%3D&sso_reload=trueRedirected

AI Security Verdict

Low Risk

Confidence: 82%

2
Risk Score

Phishing page impersonating Eli Lilly to harvest credentials; avoid interaction.

Risk Factors
Brand impersonation of a well‑known company
Credential collection form
Unranked / low‑reputation domain
Excessive redirects (5)
Critical JavaScript obfuscation (high entropy, base64, eval‑like patterns)
Safety Factors
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 8 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(44%)

Domain Information

The domain 'verify.lilly.afi-cloud.de' uses the German country-code top-level domain (.de) and includes subdomain 'verify.lilly'. The registrable portion 'afi-cloud' spans 9 characters holding four vowels versus 4 consonants; bonus characters include 1 hyphen. Tokenizing the label suggests 2 words: afi, cloud. The median word length lands at four characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://verify.lilly.afi-cloud.de/

Page Load Overview

4.35s
Total Load Time
35
HTTP Requests
7
Domains
1.0 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:1,119 chars
Detector Agreement:67%

Website Classification

Primary Category

technology software44% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
44%
corporate business
40%
government public service
31%
documentation technical
25%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
35176.53.136.73Germany
AS3320Deutsche Telekom AG
013.107.246.45United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
023.53.42.114Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
052.168.117.168Washington, Virginia, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
0176.53.136.75Germany
AS3320Deutsche Telekom AG
040.126.31.131Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
040.126.31.0Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
023.53.42.146Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
020.190.159.4Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
040.126.31.2Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
3542--

Detected Technologies4

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1D2735BD97FB32937828A44B4B5B96E02AF3A5903990CDD60F15CC9842FFA75D8133A53

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:Fy8GLGGVcwXyoJjzTEyqU6MVnvnaloMPbeE+cviTbaC:w8gcsyDyS2jaC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:78289:nTMTiJMnBKAAOCoBwAogHABhkBEgCoBWigZBkCMkiGqAEscT0NRK2yQACGtAeoIHkNaA8B3GADlnZDB3TAVqEXAEA4aZgDCA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:3f3f1f1f18181818
Perceptual Hash:8da777d923d06648
Difference Hash:7272f2f2f2b2b270
Wavelet Hash:bf3f1f3f18181818
Color Hash:#9e87c5

Scan History

Scan history not available

Unable to load historical scan data