ScanMalware.com

Security Scan Report: login.microsoftonline.com

Redirected to:
https://bfui2bp0kz.credibledomain.de/l/JeRLk2aiKXQ?error=login_require...
Submitted: Apr 22, 2026, 9:05:51 PMCompleted: Apr 22, 2026, 9:07:17 PMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main domain is bfui2bp0kz.credibledomain.de.

Submitted URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?scope=openid&prompt=none&client_id=8d216f7e-d484-46a2-b5b0-07b7d1b3d10d&state=ZW1haWxAbWFpbC5jb20=

Effective URL: https://bfui2bp0kz.credibledomain.de/l/JeRLk2aiKXQ?error=login_required&error_description=AADSTS50058%3a+A+silent+sign-in+request+was+sent+but+no+user+is+signed+in.+The+cookies+used+to+represent+the+user%27s+session+were+not+sent+in+the+request+to+Azure+AD.+This+can+happen+if+the+user+is+using+Internet+Explorer+or+Edge%2c+and+the+web+app+sending+the+silent+sign-in+request+is+in+different+IE+security+zone+than+the+Azure+AD+endpoint+(login.microsoftonline.com).+Trace+ID%3a+5d5a9f14-67e6-47ac-8189-861a614c6d00+Correlation+ID%3a+4f4d8bde-f582-4196-80f5-a152ae64e8b0+Timestamp%3a+2026-04-22+21%3a05%3a54Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d50058&state=ZW1haWxAbWFpbC5jb20%3d#Redirected

The Cisco Umbrella rank of the primary domain is #8 of the top 1 million websitesTop 100 Site

AI Security Verdict

Moderate Risk

Confidence: 92%

5
Risk Score

The page redirects from Microsoft’s login to an unknown domain, contains a base64‑encoded email token and brand impersonation – high‑risk credential phishing. Report as scam.

Risk Factors
Base64 email token tracking
Domain mismatch between brand (Microsoft) and hosting domain
Redirect to unknown, potentially newly‑registered domain
Brand impersonation without disclosure
Absence of legitimate forms despite phishing indicators
Safety Factors
Original domain (login.microsoftonline.com) is well‑established and highly ranked
No Indicators of Compromise matched in threat intel databases
No JavaScript malware YARA matches
No network IDS alerts detected
No credential exfiltration or malicious JavaScript behavior observed
Established domain (8688 days old) with no strong malicious indicators — risk clamped from 8 to 5
Domain age information unavailable

Details

Page Title

Trail

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain name 'login.microsoftonline.com' uses the commercial generic top-level domain (.com); it also runs on subdomain 'login'. The core label 'microsoftonline' covers 15 characters containing 6 vowels alongside nine consonants. Breaking it apart gives two words: microsoft, online. The median word length lands at 7.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://login.microsoftonline.com/common/oauth2/v2.0/authorize?scope=openid&prompt=none&client_id=8d216f7e-d484-46a2-b5b0-07b7d1b3d10d&state=ZW1haWxAbWFpbC5jb20=

Page Load Overview

1.02s
Total Load Time
15
HTTP Requests
4
Domains
59 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:37 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: static
Method: structural

All Detected Categories

No categories detected

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
323.53.42.114Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
220.190.160.2Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
220.190.160.14Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
2104.18.95.41United States
AS13335Cloudflare, Inc.
2104.18.94.41United States
AS13335Cloudflare, Inc.
240.126.32.134Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
2172.67.144.224United States
AS13335Cloudflare, Inc.
157--

Detected Technologies4

Cloudflare
50%
Cloudflare Turnstile
45%
HSTS
40%
reCAPTCHA
30%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1F1118667E04544297623C5F6B670731C3845DD41D68FD480A9CAA3BECACB6C689A1B98

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

24:n2AYZ1XrYJsiNVtQGgn397vPq9Pa7uFWxRRmaj:nuXbYBo3lvi9I9xfj

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:1067:AIAAAAABAAQAAAAIAAAAAAAABAAAABACAAAAAAIICAABAAAAAgAIAABAgIQIAAEgyEAAAAIAAAAAAAgAAgACAAAAEAAAAAAA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffffe7e7ffffff
Perceptual Hash:e6cc9933664c9993
Difference Hash:0000100c0c100000
Wavelet Hash:f0f0f0e0c0c0fcfc
Color Hash:#e06cd0

Other Hashes

Crop Resistant:0000100c0c100000

Scan History

Scan history not available

Unable to load historical scan data