Security Scan Report: msoid.ipaymentinc.biz

Redirected to:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_...
Site favicon
Submitted: Jul 8, 2026, 12:35:35 PMCompleted: Jul 8, 2026, 12:36:43 PMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 30 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://msoid.ipaymentinc.biz

Effective URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639191109375966335.MGZkYTRlZWQtMGFlZi00NGViLWFhMDYtOGIwYmI4OWFiZmFkNzBhYmM0NWUtNGJkMy00M2ZiLTlhYmItMTFjMDlmZTZhY2Jj&ui_locales=en-US&mkt=en-US&client-request-id=1bc6683f-8771-4649-b163-db04af954571&state=1cPTkMyhP3LNy8FLr8QRp4UGyOD9hxXPLyCz0MAWVI3GykH2g1oD8TsrmDd0hY-spgzsU-CHRBh8QLwKK_Aovl3RW77GtjPQPWDE48bw-wHib54Iq40Zx9apN7m49UJFC-JLFb-ZCFZB0MR6X90atXjnfMR4Tlrr3iUGUNutBSAh6sqN7YyKgEEmhDhYr7d06NqJhXd1vgA7HktTAcHl3MVutQVNc3bFTOGHPn1cGJlt685HTZdzp6c1VIvbVqCEkd_KBmRFUpOhkgTRw5MVn2HDcQwqoTSppYMIaRxWn9EeF56AmLemd9XOM-HrOuVrtKZ5Ajiqn4ETxxufizDiALbDA7HmxWsrdftIwJQnIbI0rsHEWe_85ShHh88WpybzlRrBcF311WXcA1XrePQ_Y9MXDfl1rIUt2jkgOP2UqYw&x-client-SKU=ID_NET8_0&x-client-ver=8.14.0.0&sso_reload=trueRedirected

AI Security Verdict

Low Risk

Confidence: 85%

2
Risk Score

The site mimics Microsoft login to harvest credentials; high risk of phishing.

Risk Factors
Brand impersonation of Microsoft
Credential collection form on unrelated domain
Unranked / low‑reputation domain
Highly obfuscated JavaScript
Safety Factors
Form posts to legitimate Microsoft login endpoint
Domain age is old (≈24 years)
No Indicators of Compromise or YARA malware matches
No network IDS alerts
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 8 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

You're looking at domain 'msoid.ipaymentinc.biz' on the business-focused generic top-level domain (.biz) with subdomain 'msoid'. The second-level label 'ipaymentinc' is 11 characters long containing 4 vowels alongside seven consonants. Segmentation suggests three words: i, payment, inc. The median word length lands at three characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://msoid.ipaymentinc.biz

Page Load Overview

1.01s
Total Load Time
30
HTTP Requests
5
Domains
476 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
613.107.9.156Azure · CLOUDUnited States
AS8068Microsoft Corporation
640.126.32.134Office365 · CLOUDAmsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
620.190.160.67Office365 · CLOUDAmsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
620.190.159.64Office365 · CLOUDDublin, Leinster, Ireland
AS8075Microsoft Corporation
613.107.246.44Azure · CLOUDUnited States
AS8075Microsoft Corporation
305--

Detected Technologies4

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T158936CE67EA72A37878A84B1B4B97E06AE371903494CCC64F19CC8842FEB75D8137547

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:FcRO8GLG2RMVQgIRNMhqKH6B/o4IZ9Tjuokmap5vPoMLufz0fiii5rC:6RO8rQgIROaB/Ia/AtVC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:91447:xhwiTMIotJACZgwYsQkFbkyNBCgMIYIrAYbExfTAQ4AgIIwCIEhwSEEKBaVptgcZBxkgXAzCwIURRJ0EcWEhBUQaMkITC8SA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f3737
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#2d8637

Other Hashes

Crop Resistant:88e4d2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data