Security Scan Report: verify.ypsomed-dc.afi-cloud.de

Redirected to:
https://login.microsoftonline.com/6c8c3693-6f14-4d3f-9a09-51c73d0b9e14...
Site favicon
Submitted: Dec 7, 2025, 12:21:56 PMCompleted: Dec 7, 2025, 12:23:41 PMpubliccompleted
Loading additional data...

Summary

This website contacted 46 IPs in 4 countries across 7 domains to perform 32 HTTP transactions. The main domain is login.microsoftonline.com.

Submitted URL: https://verify.ypsomed-dc.afi-cloud.de/

Effective URL: https://login.microsoftonline.com/6c8c3693-6f14-4d3f-9a09-51c73d0b9e14/saml2?SAMLRequest=jZLLbtswFET3%2FQqBe%2BpBybJEWArcGEENpK0RK110E1DkZUKAIlWScuu%2FryrHQLpo0C0xPDOYuZubX4OOTuC8sqZBWZyiCAy3QpnnBj12d7hCN%2B2HjWeDJiPdTuHFPMCPCXyItt6DC%2FO%2FW2v8NIA7gjspDo8P9w16CWH0NElmtJLn%2BDx6O4DAgsdMKsy1nUQsIGEz8MmBt%2FoEKNrNWGVYWLJcCdo%2BKxMPijvrrQzWaGUg5nZISl7xvKxzXMqswIXIJa5ZWuNVxte5SPsasiJZkqNov2vQE5BKFn3Rl2tgsq%2FLQvRE5j0hfVaJQuazzPsJ9sYHZkKDSEpWOCM4XXcZoSSnaRWvivQ7ig7OBsut%2FqjMparJGWqZV54aNoCngdPj9vM9JXFK%2B4vI009dd8CHr8cORd%2BulZM%2Flc8jGE8vJb%2FPGl%2BNUXvZhC6J3VvC%2BwB2XQ21%2F7fRJnlr1F5P4ctM3u8OVit%2BjrZa25%2B3DliABkmm%2FTzmnXUDC%2F8Ok8XZ8qIElouUTsaPwJVUIFDSvvr%2BfXTtbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=bKQ6qc4NZLJ%2FBOJghoKgOuYBvXDBhpWbhDmUk3tHnGwS4%2BNsTSz7H9TLwb%2FTIjaHOOj%2BaTnNzCohlsgYjpEb4BXrkw0g2b7Ml6O5zyN2IdTisfvFqF20GAXhKDP5R0B8QjfuYX%2BvnDcuiHSnXYv45N3FK1txLq420GSHEMouHcYTZ%2B61AYcEUr3qXycDyy6qF%2FMJ9jl8TWLySCWUNpgKFXWGu%2BqesR2RMoJfCOjJXmoxOjtyVyxyCUBR6PFXWIuO7by5mBnEvYL3UqBdoM0NNHNf5Yc1Xv745RyRotar95Kl%2BCQ5tRmELfRoY3gP4H%2FPp5dRfljhzXAmv7pwACaKBA%3D%3D&sso_reload=trueRedirected

AI Security Verdict

Low Risk

Confidence: 88%

2
Risk Score

Phishing page impersonating Ypsomed, collecting credentials – high risk.

Risk Factors
Brand impersonation
Credential collection form
Unknown domain age
Critical JavaScript obfuscation
Safety Factors
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 8 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Domain 'verify.ypsomed-dc.afi-cloud.de' uses the German country-code top-level domain (.de), featuring subdomain 'verify.ypsomed-dc'. Its registrable label 'afi-cloud' stretches across 9 characters with four vowels and 4 consonants, along with 1 hyphen. Tokenizing the label suggests two words: afi, cloud. Expect 4 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://verify.ypsomed-dc.afi-cloud.de/

Page Load Overview

0.60s
Total Load Time
32
HTTP Requests
7
Domains
547 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:128 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
2013.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
420.190.159.23Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
323.207.210.137Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
2176.53.136.77Germany
AS3320Deutsche Telekom AG
120.190.160.5Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
152.178.17.233Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
120.190.159.2Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
0176.53.136.75Germany
AS3320Deutsche Telekom AG
023.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
040.126.31.67Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
3246--

Detected Technologies4

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1F4734ADA7EA72937838A50B9B5B97E026F7A98038C4DDD74F14CC9842FFA60C8123557

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:Fy8GLGGAOrL3oezTEyqU6MVnvnaloMPbrEKZhiA3C:w89U3eyS2yC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:76601:ABhemxOBXJc22WAAdHBARBB8ygOAkjSVAsfNJVwTnnIWCADdIhIkAtBAmsQIOWAACRnKTAAAICEwvDSDAjksZbDABOxgoIAh

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000181818180000
Perceptual Hash:8cd93366cc9999d8
Difference Hash:0c3032b2b2b28ca9
Wavelet Hash:f0001c1c1c1c0001
Color Hash:#87c595

Scan History

Scan history not available

Unable to load historical scan data