ScanMalware.com

Security Scan Report: hmsuks.onortec.com

Redirected to: https://login.microsoftonline.com/9c132d09-4765-4d2b-a356-e76985eecf78/saml2?SAMLRequest=nZJJb9swEIX%2FisA7tVDWRtgG3BhFDaStEbs99FJQ1CgmykXlUF3%2BfWUpQVMUySEngsP5%2BN48zBqF0QPfjeFi7%2BD7CBiiX0Zb5PPDhozecidQIbfCAPIg%2BWn3%2FpazOOWDd8FJp8kT5GVCIIIPylkSHfYb8rVpc1kUUFddU7Yta2pZ9V2aiVUmV3VTlWmWyb5ksq5I9Bk8TuSGTB9NOOIIB4tB2DCVUlbSlFGWn1nK85qz%2FAuJ9tM0yoowU5cQBuRJot29srFR0jt0fXBWKwuxdCZpZJazLm3oqioLuupYS0VelBSqsqkLANlXdXKdkZFo9zjIjbM4GvAn8D%2BUhE93t3%2BlLgbHbxg763wAOWtc8cS4btQQD5dhueNyMiokztX%2FQRIdH8J%2Bo2yn7P3LObdLE%2FJ35%2FORHj%2BezmS7vmrwOTe%2FfYVFA0F0IohnHK6Tp%2F%2Bvl736MDk77I9OK%2Fk7euu8EeF541mczRXV0X5u5aPFAaTqFXRT5Fq7nzceRIANCX4EkmwX0X%2F3d%2FsH&RelayState=https%3A%2F%2Fhmsuks.onortec.com%2F&sso_reload=true

Site favicon
Submitted: Feb 23, 2026, 8:38:20 PMCompleted: Feb 23, 2026, 8:39:34 PMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 6 countries across 7 domains to perform 35 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://hmsuks.onortec.com

Effective URL: https://login.microsoftonline.com/9c132d09-4765-4d2b-a356-e76985eecf78/saml2?SAMLRequest=nZJJb9swEIX%2FisA7tVDWRtgG3BhFDaStEbs99FJQ1CgmykXlUF3%2BfWUpQVMUySEngsP5%2BN48zBqF0QPfjeFi7%2BD7CBiiX0Zb5PPDhozecidQIbfCAPIg%2BWn3%2FpazOOWDd8FJp8kT5GVCIIIPylkSHfYb8rVpc1kUUFddU7Yta2pZ9V2aiVUmV3VTlWmWyb5ksq5I9Bk8TuSGTB9NOOIIB4tB2DCVUlbSlFGWn1nK85qz%2FAuJ9tM0yoowU5cQBuRJot29srFR0jt0fXBWKwuxdCZpZJazLm3oqioLuupYS0VelBSqsqkLANlXdXKdkZFo9zjIjbM4GvAn8D%2BUhE93t3%2BlLgbHbxg763wAOWtc8cS4btQQD5dhueNyMiokztX%2FQRIdH8J%2Bo2yn7P3LObdLE%2FJ35%2FORHj%2BezmS7vmrwOTe%2FfYVFA0F0IohnHK6Tp%2F%2Bvl736MDk77I9OK%2Fk7euu8EeF541mczRXV0X5u5aPFAaTqFXRT5Fq7nzceRIANCX4EkmwX0X%2F3d%2FsH&RelayState=https%3A%2F%2Fhmsuks.onortec.com%2F&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #315,583 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 82%

7
Risk Score

Site likely harvests credentials via a cross‑origin login form; treat as phishing and do not submit any credentials.

Risk Factors
Credential harvesting form that posts to a different domain
Login form collecting email and password
Highly obfuscated JavaScript (possible hidden behavior)
Low Cisco Umbrella ranking for a site presenting a sign‑in page
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Domain 'hmsuks.onortec.com' uses the commercial generic top-level domain (.com) with subdomain 'hmsuks'. The registrable portion 'onortec' spans 7 characters split between three vowels and 4 consonants. Tokenizing the label suggests three words: on, or, tec. The median word length lands at two characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://hmsuks.onortec.com

Page Load Overview

1.18s
Total Load Time
30
HTTP Requests
6
Domains
482 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
6194.180.197.20Netherlands
AS199816Ekco B.V.
423.53.42.114Germany
AS8075
440.126.31.67United States
AS20940
413.107.246.44FranceUnknown
413.69.116.108IrelandUnknown
440.126.31.2SwedenUnknown
420.190.160.128UnknownUnknown
307--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ubuntu
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T163735AE97FA31937878A41B5B4BA7D02AE3759039948CCA4F05CC8842FFB70D9167A53

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:l28GLGGKFBwoIyEk77gx2xpTvPoMBAldEA/hiiC:08zDwJ32RArC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:79300:ABhohkY4QgAxqAIFGSyTCAiCIhAhAABgG+CQBCjgIi0hAyYQcQDWBOOQFqArKaJMZpxpaAbkKBBw0ASNwIQAI1AUgrBYZhEx

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000181818180000
Perceptual Hash:9c996366c8d9c9cc
Difference Hash:202cb2b2b2b24c33
Wavelet Hash:003f1f1f1f1f0701
Color Hash:#b7c587

Other Hashes

Crop Resistant:a2c0683ab2a08382,8280c23034e08082,202cb2b2b2b24c33

Scan History

Scan history not available

Unable to load historical scan data