ScanMalware.com

Security Scan Report: nextcloud.addsecure.com

Redirected to:
https://login.microsoftonline.com/d66e2949-99d1-4048-831c-edd84afaea6d...
Submitted: Apr 10, 2026, 2:11:13 AMCompleted: Apr 10, 2026, 2:12:24 AMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: http://nextcloud.addsecure.com/

Effective URL: https://login.microsoftonline.com/d66e2949-99d1-4048-831c-edd84afaea6d/saml2?SAMLRequest=pZLLbtswEEX3%2FopAez2oKKpE2AacuA8Drm3EThfZBCNyFBOQSJVDts7fV5baJimQbModh3PP3LnglKBtOr7w7qhv8btHcpOL%2FpzaRhMfHmeBt5obIEVcQ4vEneD7xdc1T6OEd9Y4I0wT%2FCN7XwVEaJ0yepStlrNgu%2Fm43n5ebR6KK5ankBQZqyuGJV6KD0V1VUEh6ixhIq8qzGtMYZR%2BQ0s9Zxb02GAy0og8rjQ50K6vJ2keJlnIkkOScsY4y%2B9H6bJfVmlwg%2FzoXEc8jhvzqHTUKmENmdoZ3SiNkTBtLPMc0zIrw7KULMySrAiLSyZClLLIoAaEXMbn1dMRv%2FudzLXSUunH9wOpxibiXw6HXbjb7g8jZPEnqBujybdo92h%2FKIF3t%2BtnzxpPTjTGywikJBTejo57Jp6i7tjF0HUU%2Bx71cDY4uIxBUDAfhkzPdz7EZuf%2FB23RgQQH0%2Fgl83lKxzf97qvlzjRKPA318%2FlkbAvu7YhYxIaKkmE9tHKvqUOhaoUy%2BItZNI35eWMRHM4CZz0GF%2FF8Mnp5%2FcnnvwA%3D&RelayState=https%3A%2F%2Fnextcloud.addsecure.com%2Findex.php%2Fapps%2Fuser_saml%2Fsaml%2Flogin&sso_reload=trueRedirected

AI Security Verdict

Low Risk

Confidence: 95%

2
Risk Score

The site impersonates Nextcloud, presents a credential‑stealing login form, and redirects to Microsoft login – high‑risk phishing.

Risk Factors
Brand impersonation
Credential collection on unrelated domain
Unranked / low‑reputation domain
Multiple redirects
Safety Factors
No Indicators of Compromise matches
No JavaScript malware YARA detections
No network IDS alerts
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 8 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

healthcare medical

(41%)

Domain Information

You're looking at domain 'nextcloud.addsecure.com' on the commercial generic top-level domain (.com); it also runs on subdomain 'nextcloud'. The registrable portion 'addsecure' spans 9 characters with 4 vowels and 5 consonants. Segmentation suggests 2 words: add, secure. Average segment length settles at 4.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://nextcloud.addsecure.com/

Page Load Overview

1.40s
Total Load Time
20
HTTP Requests
5
Domains
876 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:173 chars
Detector Agreement:67%

Website Classification

Primary Category

healthcare medical41% confidence
Type: webapp
Method: ml+structural+ocr_tiebreaker

All Detected Categories

healthcare medical
41%
technology software
37%
finance banking
32%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
523.200.24.97United States
AS8075
385.117.162.201Sweden
AS43591AddSecure AB
313.107.246.44United States
AS8075Microsoft Corporation
340.79.141.154SwedenUnknown
340.126.32.134UnknownUnknown
340.126.32.76UnknownUnknown
206--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1B5835BDA7EA71937824645F6B5B97E02AE3A5903894CDDA4F19CCC882FFA35C8137503

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:jg8GLG2dUdrOroIyEk77gx2xpTvPoMmCBuEA5siW6C:08oUgrJ32RAC6C

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:82005:JbUCR4xIVVwQUkQABnaDBONGiCDJkApsAiGCgEV3ZDAQZKIAEBBW4BN1ABCN4AkbaBpiUh0BUEouDY+aEYrJpKEYAA3shghC

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:000018181c180000
Perceptual Hash:99cc3336cc4fc998
Difference Hash:cf323333b3335d59
Wavelet Hash:03ff19381f3f070c
Color Hash:#93521f

Other Hashes

Crop Resistant:9a7a62bcb383beb2,9210403434600012,cf323333b3335d59

Scan History

Scan history not available

Unable to load historical scan data