ScanMalware.com

Security Scan Report: qh1.gi-de.com

Redirected to: https://login.microsoftonline.com/527b83a7-2c25-44e3-acc9-9e01b40b2111/oauth2/authorize?response_type=code&client_id=d006f55d-ab19-4d68-b2e3-6a81c8acf081&scope=openid&nonce=330dcd03-a453-42de-8aca-d551450a07d8&redirect_uri=https%3a%2f%2fqh1.gi-de.com%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fqh1.gi-de.com%5c%2f%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%229bd97a33-05b1-4d29-be61-ce1b5c277161%22%7d%23EndOfStateParam%23&client-request-id=9bd97a33-05b1-4d29-be61-ce1b5c277161&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true

Site favicon
Submitted: Jan 12, 2026, 2:06:23 PMCompleted: Jan 12, 2026, 2:07:37 PMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://qh1.gi-de.com

Effective URL: https://login.microsoftonline.com/527b83a7-2c25-44e3-acc9-9e01b40b2111/oauth2/authorize?response_type=code&client_id=d006f55d-ab19-4d68-b2e3-6a81c8acf081&scope=openid&nonce=330dcd03-a453-42de-8aca-d551450a07d8&redirect_uri=https%3a%2f%2fqh1.gi-de.com%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fqh1.gi-de.com%5c%2f%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%229bd97a33-05b1-4d29-be61-ce1b5c277161%22%7d%23EndOfStateParam%23&client-request-id=9bd97a33-05b1-4d29-be61-ce1b5c277161&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #337,204 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page impersonating Giesecke+Devrient with credential‑stealing login form

Risk Factors
Credential harvesting login form on a domain that does not belong to the displayed brand
Brand impersonation on a low‑ranking domain
Final destination domain (login.microsoftonline.com) does not correspond to the brand shown
Use of a suspicious Azure AD client ID in the redirect URL
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain name 'qh1.gi-de.com' uses the commercial generic top-level domain (.com); it also runs on subdomain 'qh1'. Its registrable label 'gi-de' stretches across 5 characters holding two vowels versus two consonants, along with one hyphen. Word splitting yields two words: gi, de. The median word length lands at 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://qh1.gi-de.com

Page Load Overview

4.86s
Total Load Time
17
HTTP Requests
6
Domains
517 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
523.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
313.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
320.190.160.130GermanyUnknown
398.67.183.227Frankfurt am Main, Hesse, Germany
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
320.190.159.128UnknownUnknown
175--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T11B735BDA7EB31937828951B5B4B57E02AA3B5D139808CE64F18CCD802FEB74D8573663

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lm8GLGGpVJqM2WozTEyqU6MVnvnaloMPb1EBIgieC:c8gVJqlWXyS2BC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:78893:KUOEEIG0cLRUaALjRuFSACIkAOJogpkIBUIYAGEAIAJWVAi6EPI6JEEDAkIgEAEaDtASQkApklIGiGICerEijtAEBhzKpYDG

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000181818180000
Perceptual Hash:99193376cc9999cc
Difference Hash:f8d8b2b2b2b2ddfb
Wavelet Hash:0e0c1e1f1f1f0f0f
Color Hash:#53aca8

Other Hashes

Crop Resistant:da78623ab2928382,d882c23232e280d8,f8d8b2b2b2b2ddfb

Scan History

Scan history not available

Unable to load historical scan data