ScanMalware.com

Security Scan Report: msoid.na8.ko.com

Redirected to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639046875957309358.MzE0MzU0NDAtMjgxNy00N2Q4LTk2Y2EtOTFlY2RlYWI5OTBhNmVlNmM1OGUtNDE3Zi00NmRhLWE4N2YtYTVkZGY4YWE0MDI3&ui_locales=en-US&mkt=en-US&client-request-id=0b64feb2-9d87-4ae3-a56a-aea4509ea66b&state=XUmyT0NrwqWDfhLTkvmzdIfN4aRW_OBCynncqMqZKEffqNniNinXHVWr9It6xmMcoN-kmorive_AzTgCF4JZy0WaSLX5I7tOxrJ8yMR96qYPc3IKmQbcs5PJcq509ORD-yxuCCWElAG6CmrBFkaEHlz-sU_dYsMJpdfqJh3R0cj0CDDuGAGpKvsGeA8j96aLWU8OOLHaPGEcrCf8SAZPVPRLTdV-5tXCm7QrBnGgQs0Jwk-QvvGvBCXY-wZYF1n4-URfhQshxLC5UcsF78cNaz4QeJ1oIyUfgaZLZsv2EXA&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

Submitted: Jan 22, 2026, 2:06:33 PMCompleted: Jan 22, 2026, 2:07:41 PMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 1 country across 6 domains to perform 32 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://msoid.na8.ko.com

Effective URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639046875957309358.MzE0MzU0NDAtMjgxNy00N2Q4LTk2Y2EtOTFlY2RlYWI5OTBhNmVlNmM1OGUtNDE3Zi00NmRhLWE4N2YtYTVkZGY4YWE0MDI3&ui_locales=en-US&mkt=en-US&client-request-id=0b64feb2-9d87-4ae3-a56a-aea4509ea66b&state=XUmyT0NrwqWDfhLTkvmzdIfN4aRW_OBCynncqMqZKEffqNniNinXHVWr9It6xmMcoN-kmorive_AzTgCF4JZy0WaSLX5I7tOxrJ8yMR96qYPc3IKmQbcs5PJcq509ORD-yxuCCWElAG6CmrBFkaEHlz-sU_dYsMJpdfqJh3R0cj0CDDuGAGpKvsGeA8j96aLWU8OOLHaPGEcrCf8SAZPVPRLTdV-5tXCm7QrBnGgQs0Jwk-QvvGvBCXY-wZYF1n4-URfhQshxLC5UcsF78cNaz4QeJ1oIyUfgaZLZsv2EXA&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #518,379 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 78%

8
Risk Score

Phishing login page impersonating Microsoft – high risk

Risk Factors
Credential harvesting login form on an unrelated domain
Brand impersonation on a low‑ranked, non‑official domain
Redirect chain that forwards to legitimate Microsoft login after credential capture
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 'msoid.na8.ko.com' uses the commercial generic top-level domain (.com), featuring subdomain 'msoid.na8'. The registrable portion 'ko' spans 2 characters with one vowel and 1 consonant. Splitting it apart reveals 1 word: ko. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://msoid.na8.ko.com

Page Load Overview

0.82s
Total Load Time
30
HTTP Requests
5
Domains
469 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
513.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
513.107.6.156United States
AS8068MICROSOFT-CORP-MSN-AS-BLOCK
540.126.31.129United StatesUnknown
520.50.201.204UnknownUnknown
540.126.32.133UnknownUnknown
520.190.159.4UnknownUnknown
306--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T183835CEA7EA31D37874B44B5B8B57E02AA3A5A038C4CDC64F04CC9842FEA74D816B557

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lcE78GLGGsHT12wRrgMGaILozTEyqU6MVnvnaloMPb9Efii4xhC:aE78zHT12wRrgMGFLXyS2OxhC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:84787:eEwmAACTABKQdpBMUQBjAWogGAnHwGQEp5BA2iBG4CKaPiJniJmASCASGFEEcoIiERRg2lYSCMScLoBABgK0IGlhmyBARIiQ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#2d5886

Other Hashes

Crop Resistant:88e4d2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data