Security Scan Report: enterpriseenrollment.toniwise.fi

Redirected to:
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?...
Site favicon
Submitted: Jul 9, 2026, 10:00:58 PMCompleted: Jul 9, 2026, 10:02:23 PMpubliccompleted
Loading additional data...

Summary

This website contacted 10 IPs in 4 countries across 8 domains to perform 25 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://enterpriseenrollment.toniwise.fi

Effective URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fintune.microsoft.com%2Fauth%2Flogin%2F&client-request-id=019f48e6-024d-71ec-908a-8cd7871fd76c&response_mode=fragment&client_info=1&clidata=1&nonce=019f48e6-024e-7027-86b7-c1ecdb96a54d&state=eyJpZCI6IjAxOWY0OGU2LTAyNGUtNzM2Ni04OTQ5LTMyMGVlOWQ5YmQwNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&x-client-SKU=msal.js.browser&x-client-VER=5.13.0&response_type=code&code_challenge=YIcBsegE-pUAcqUZ0aHMhGor8K41O7xRGwLKfMxMedA&code_challenge_method=S256&site_id=501430&instance_aware=true&sso_reload=trueRedirected

AI Security Verdict

Low Risk

Confidence: 78%

2
Risk Score

The site mimics Microsoft Azure login on an unrelated, unranked domain and collects credentials, indicating a high‑risk brand‑impersonation phishing page.

Risk Factors
Brand impersonation of Microsoft Azure
Credential collection form on unrelated domain
Unranked / low‑reputation domain
Highly obfuscated JavaScript
Safety Factors
Form posts to legitimate Microsoft login endpoint
No credential exfiltration detected
No malicious IoC or YARA matches
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 7 to 2
Domain age information unavailable

Details

Page Title

Sign in to Microsoft Azure

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(77%)

Domain Information

You're looking at domain 'enterpriseenrollment.toniwise.fi' on the Finnish country-code top-level domain (.fi), featuring subdomain 'enterpriseenrollment'. The second-level label 'toniwise' is 8 characters long holding 4 vowels versus four consonants. Segmentation suggests two words: toni, wise. Median word length comes out to 4 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://enterpriseenrollment.toniwise.fi

Page Load Overview

17.53s
Total Load Time
25
HTTP Requests
8
Domains
571 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:187 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software77% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
77%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
713.107.246.44Azure · CLOUDUnited States
AS8075Microsoft Corporation
220.184.175.12Azure · CLOUDSan Jose, California, United States
AS8075Microsoft Corporation
252.236.189.96Azure · CLOUDAmsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
240.126.31.71Azure · CLOUDDublin, Leinster, Ireland
AS8075Microsoft Corporation
2150.171.84.24Azure · CLOUDUnited States
AS8075Microsoft Corporation
223.53.42.115Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
220.190.159.23Office365 · CLOUDDublin, Leinster, Ireland
AS8075Microsoft Corporation
220.190.159.0Office365 · CLOUDDublin, Leinster, Ireland
AS8075Microsoft Corporation
223.53.42.120Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
240.126.31.69Azure · CLOUDDublin, Leinster, Ireland
AS8075Microsoft Corporation
2510--

Detected Technologies5

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C6935BE97EA6193BC78745B1B4B97E02AA3A5903884CDDA8B14CCD842FFB75D8137503

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:+Z408GLG2fdip7ko62uuNH50oOIZ9Tjuokmap5vPoMLuBv0foile0/o1:8408zp7kCZ0Qa/AOeL1

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:90848:cDkGkoABgACnlrIMw6QFAkIACgig83EAQUEILVwSKSAUHUBEBAIhNAOjxUKEgOJT5UGQARDMOaBSBIAnlQEBTnnlEYxJLQSE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:003a3f3f373fff00
Perceptual Hash:85d970f626d919e4
Difference Hash:c8e2d2d2e4cae6e7
Wavelet Hash:003a3b3f373f7700
Color Hash:#6440bf

Other Hashes

Scan History

Scan history not available

Unable to load historical scan data