ScanMalware.com

Security Scan Report: device.login.mso.msidentity.com

Redirected to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639054166964751626.OGRhYWI1NTUtZWY3Yy00MmI4LTljZWQtOGVlNDNjOGJjZmIzN2Q0MGNmNDctNTVlMi00N2ZiLWExNDctNzFmODk0ODEyMTk4&ui_locales=en-US&mkt=en-US&client-request-id=8f2dbe9c-a850-41fa-9bbe-3bc68b2099a0&state=1iJhe_aD8poeWNi6S-BEIZcUOq4ICBlgwPAVq5i5xdGPzXPjmj-f6MPHwRD4U0UmL9Wk_mN9wo9Xr0lqKeFziZxUKcwQPjp9x7phTXhawELmFQJpsqN0V6RV2p8evI4oKarFvAzvhIZEzvv557zP_ZCOvQgda0itK86rZGP7JOpoVQ89hoGwc5d1vSo02D8OpDjW7wGfN4RxxqJz7K5imIzp4YhkLhw3Po-xrOtkfkVoQ-qH0pCxwfbpX2W1hWc-stlq7JMF-FptWRDKsmhnMXuIL0K1sMj6fniuhE9AmqA&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

Site favicon
Submitted: Jan 31, 2026, 12:38:13 AMCompleted: Jan 31, 2026, 12:39:26 AMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 47 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://device.login.mso.msidentity.com

Effective URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639054166964751626.OGRhYWI1NTUtZWY3Yy00MmI4LTljZWQtOGVlNDNjOGJjZmIzN2Q0MGNmNDctNTVlMi00N2ZiLWExNDctNzFmODk0ODEyMTk4&ui_locales=en-US&mkt=en-US&client-request-id=8f2dbe9c-a850-41fa-9bbe-3bc68b2099a0&state=1iJhe_aD8poeWNi6S-BEIZcUOq4ICBlgwPAVq5i5xdGPzXPjmj-f6MPHwRD4U0UmL9Wk_mN9wo9Xr0lqKeFziZxUKcwQPjp9x7phTXhawELmFQJpsqN0V6RV2p8evI4oKarFvAzvhIZEzvv557zP_ZCOvQgda0itK86rZGP7JOpoVQ89hoGwc5d1vSo02D8OpDjW7wGfN4RxxqJz7K5imIzp4YhkLhw3Po-xrOtkfkVoQ-qH0pCxwfbpX2W1hWc-stlq7JMF-FptWRDKsmhnMXuIL0K1sMj6fniuhE9AmqA&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #542 of the top 1 million websitesTop 1K Site

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page impersonating Microsoft login; do not enter credentials.

Risk Factors
Brand impersonation on an unofficial domain
Credential harvesting form (email + password)
Typographical errors indicating low‑quality phishing page
Unusual subdomain structure (device.login.mso.msidentity.com) mimicking Microsoft login
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Domain 'device.login.mso.msidentity.com' uses the commercial generic top-level domain (.com), featuring subdomain 'device.login.mso'. The registrable portion 'msidentity' spans 10 characters with 3 vowels and 7 consonants. Breaking it apart gives 2 words: ms, identity. The median word length lands at five characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://device.login.mso.msidentity.com

Page Load Overview

1.70s
Total Load Time
32
HTTP Requests
5
Domains
501 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
820.190.160.66United States
AS8068
420.190.160.132Germany
AS8075
413.69.239.72Netherlands
AS20940
413.107.246.44UnknownUnknown
423.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
420.190.160.131UnknownUnknown
413.107.6.156United States
AS8068Microsoft Corporation
327--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T174835CD97EE32937868A85F5F4756E029B364A439808CC64F19CCD842FFBB1D8527623

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:jcj48GLGGWeYycFRH7sFXldn0ozTEyqU6MVnvnaloMPtbEfii4R89C:Qj48VycFR4Fn0XyS2Cm9C

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:86888:rBgOFpg4QSEiCgCJyACMSqAEB8JQKAAWjsAOqoihAAmCMJDiA2OQP5nZRDQUoKHxkF3DBGPSSUhxFa4giYIAREAQChIBoJ14

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#87c3c5

Other Hashes

Crop Resistant:88e4d2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data