ScanMalware.com

Security Scan Report: security.mythinkbot.com

Redirected to:
https://login.microsoftonline.com/49c9d410-6fbf-45e7-a04a-dd0afe14b3a0...
Submitted: Apr 26, 2026, 6:09:55 AMCompleted: Apr 26, 2026, 6:11:05 AMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://security.mythinkbot.com/auth/start

Effective URL: https://login.microsoftonline.com/49c9d410-6fbf-45e7-a04a-dd0afe14b3a0/oauth2/v2.0/authorize?client_id=501df8f9-a89a-41d0-ba26-64e9554d0075&response_type=code&redirect_uri=https%3A%2F%2Fsecurity.mythinkbot.com%2Fauth%2Fcallback&scope=User.Read+offline_access+openid+profile&state=BnbqkATi2PYQ0BB24hxdSw&code_challenge=V_J91Jh4t7nOXS1uResiUbu9A7hNJhoUl48s6o5WEko&code_challenge_method=S256&nonce=4848d7cdecb74642402804b275bdfbcca569962df4f10ab0672315ed854af087&client_info=1&prompt=select_account&sso_reload=trueRedirected

AI Security Verdict

Moderate Risk

Confidence: 95%

5
Risk Score

The site impersonates Microsoft, collects login credentials on an unranked domain, and forwards them to Microsoft’s login endpoint – confirmed phishing.

Risk Factors
Unranked domain used to mimic a major brand
Credential collection on a non‑official Microsoft domain
Brand impersonation with high confidence
Cross‑origin form posts to Microsoft login endpoint
Safety Factors
Domain age > 20 years (well‑established)
No Indicators of Compromise matched in threat intelligence
No JavaScript malware YARA patterns detected
No network IDS alerts
Established domain (8691 days old) with no strong malicious indicators — risk clamped from 9 to 5
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 'security.mythinkbot.com' uses the commercial generic top-level domain (.com) with subdomain 'security'. The registrable portion 'mythinkbot' spans 10 characters holding 2 vowels versus eight consonants. Segmentation suggests 3 words: my, think, bot. Median word length comes out to 3 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://security.mythinkbot.com/auth/start

Page Load Overview

1.80s
Total Load Time
17
HTTP Requests
5
Domains
466 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
599.151.12.56Pacifica, California, United States
AS7018AT&T Enterprises, LLC
340.79.167.8United States
AS8075
320.190.159.73Dublin, Leinster, Ireland
AS8075Microsoft Corporation
313.107.246.44United States
AS8075Microsoft Corporation
320.190.159.71Dublin, Leinster, Ireland
AS8075Microsoft Corporation
175--

Detected Technologies6

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ubuntu
40%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T10F835AEA7EA32937878640B5A5BA7D026F3A5D03884CCD60F19C89C42FF674D9237653

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lI8GLG2BtcUgAbxoIyEk77gx2xpTvPoMmCfPE0IidUhC:+8GfbxJ32RA7C

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:81189:xB0iOmzaCEMyQTSEBGMIwKAABDRCZdAppMDAiBgVz4R5hCym+JiVGQIEPFNDeMg1QgGGiwEBAYAzRGbYtXEETohkAAnoQIQl

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5eee6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#2d3e86

Other Hashes

Crop Resistant:88e4d2d3e5eee6e6

Scan History

Scan history not available

Unable to load historical scan data