ScanMalware.com

Security Scan Report: heymarvin.criteois.com

Redirected to: https://login.microsoftonline.com/2a35d8fd-574d-48e3-927c-8c398e225a01/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=F7NRU4yT3WdyhJ3US93IyHKXkVLdLcnAzIbr3_m3-1Y&code_challenge_method=S256&response_mode=form_post&nonce=639075322212245091.MWQ0YThkNDUtMTNhNi00NmQwLWIzNWUtNTgzYWZhZmRhYmIwMTYwMjNkMDMtMjQ3ZS00Zjc2LTk3ZmMtMGE3ZTU1MjliMDFi&client_info=1&x-client-brkrver=IDWeb.3.5.0.0&client-request-id=0254f99d-97b4-4159-bcd6-4c2c7447368b&state=CfDJ8CxuJyUsQi1Hl3lhyNlp2TX2mQWySPi48dH9X_MP3wowaGz8Tf-LunpSG3xZieF76F3MBiYdxbUes_2OlrtV6Eg7VmhXbpvvTDTsohj45EcwI41uzlhS2tJS3sY25qiI87lED2k69wIMt9SGWVvNXet80G8uBQ4RLK-PAcaFPJYXylvPMp1K7_yCkDn3vyMOMQxUIvaLQJdcuMSzEw1mQx9PUO9wtCGqxChQUnONoCfxiMoYzbKUg7DfAEoY3RfOQ1qwq-T45IYCR5cTHDoYUFK-05VI2jSPRwKYUBC47hvi3alrOgwtaWiv0fzWjgfsTHUk4TtnpfxfLNGEbmiutKo1p6Ov6XtehX6ZOxVowWc8rNoHz-c7ElQTMZXekyrOHkzuOguHhoZBSC4eKfzbj8xVNdl4WVblRG6MWrKZdVe6vEE0NMWJHlFokO39KdYezZoj0zVAN8rSh_SsBcSu1kIEiKvEtRhr005eP6wHT8oQCUOggCswMVQko2UcKp_UIFwH55xcLFG7muMPZ_k8SDA&x-client-SKU=ID_NET8_0&x-client-ver=8.3.0.0&sso_reload=true

Site favicon
Submitted: Feb 24, 2026, 12:16:57 PMCompleted: Feb 24, 2026, 12:18:14 PMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 6 countries across 9 domains to perform 46 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://heymarvin.criteois.com

Effective URL: https://login.microsoftonline.com/2a35d8fd-574d-48e3-927c-8c398e225a01/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=F7NRU4yT3WdyhJ3US93IyHKXkVLdLcnAzIbr3_m3-1Y&code_challenge_method=S256&response_mode=form_post&nonce=639075322212245091.MWQ0YThkNDUtMTNhNi00NmQwLWIzNWUtNTgzYWZhZmRhYmIwMTYwMjNkMDMtMjQ3ZS00Zjc2LTk3ZmMtMGE3ZTU1MjliMDFi&client_info=1&x-client-brkrver=IDWeb.3.5.0.0&client-request-id=0254f99d-97b4-4159-bcd6-4c2c7447368b&state=CfDJ8CxuJyUsQi1Hl3lhyNlp2TX2mQWySPi48dH9X_MP3wowaGz8Tf-LunpSG3xZieF76F3MBiYdxbUes_2OlrtV6Eg7VmhXbpvvTDTsohj45EcwI41uzlhS2tJS3sY25qiI87lED2k69wIMt9SGWVvNXet80G8uBQ4RLK-PAcaFPJYXylvPMp1K7_yCkDn3vyMOMQxUIvaLQJdcuMSzEw1mQx9PUO9wtCGqxChQUnONoCfxiMoYzbKUg7DfAEoY3RfOQ1qwq-T45IYCR5cTHDoYUFK-05VI2jSPRwKYUBC47hvi3alrOgwtaWiv0fzWjgfsTHUk4TtnpfxfLNGEbmiutKo1p6Ov6XtehX6ZOxVowWc8rNoHz-c7ElQTMZXekyrOHkzuOguHhoZBSC4eKfzbj8xVNdl4WVblRG6MWrKZdVe6vEE0NMWJHlFokO39KdYezZoj0zVAN8rSh_SsBcSu1kIEiKvEtRhr005eP6wHT8oQCUOggCswMVQko2UcKp_UIFwH55xcLFG7muMPZ_k8SDA&x-client-SKU=ID_NET8_0&x-client-ver=8.3.0.0&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page impersonating Microsoft login; do not enter credentials.

Risk Factors
Cross‑origin credential form posting to Microsoft login
Brand impersonation of Microsoft on a non‑official domain
Unranked domain presenting a Microsoft‑style login page
OAuth flow with suspicious client_id indicating possible token theft
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

You're looking at domain 'heymarvin.criteois.com' on the commercial generic top-level domain (.com) and includes subdomain 'heymarvin'. The registrable portion 'criteois' spans 8 characters with four vowels and four consonants. Breaking it apart gives three words: cri, teo, is. The median word length lands at three characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://heymarvin.criteois.com

Page Load Overview

2.23s
Total Load Time
37
HTTP Requests
8
Domains
486 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
523.102.12.43Dublin, Leinster, Ireland
AS8075Microsoft Corporation
440.126.32.6France
AS44788
440.126.32.138United States
AS20940
4178.250.1.14SwedenUnknown
420.190.159.2GermanyUnknown
420.190.159.23NetherlandsUnknown
423.207.210.132UnknownUnknown
451.116.253.168UnknownUnknown
413.107.246.44UnknownUnknown
379--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T192937DD97EA72937878A44BAB5B93F029A3B5803894CDD70F19CC9C42FEA71D8127507

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:l3s/8GLGGDipDsLefY4aEYv/3moIyEk77gx2xpTvPoMmCfVEZWgizrdC:ds/8WipDsLefY4aEYH3mJ32RA6rdC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:91899:uDQHI+rEdDUJQoEomnIIDYcEEyFqgIFADEQSAp64GxEYJFyAGYCgBYVBaMsxYoBIVw3wjQQLBXBABEKDialoEgAESQ7nEDAE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0101181818180000
Perceptual Hash:88892376ccd9ddcc
Difference Hash:ffcfb3b3b2b2cff3
Wavelet Hash:07071f1f1f1f0707
Color Hash:#bf408a

Other Hashes

Crop Resistant:90b060b2b2809383,e680c03034e08086,ffcfb3b3b2b2cff3

Scan History

Scan history not available

Unable to load historical scan data