ScanMalware.com

Security Scan Report: vpn1.compass-usa.com

Redirected to: https://login.microsoftonline.com/cd62b7dd-4b48-44bd-90e7-e143a22c8ead/saml2?SAMLRequest=fVLLTtwwFP2VyPuME5PmYc2MlGkCGgnQqEUgsUEe56ZYcuzU16b07%2BsEIdEFbI%2FP8XnYWxSTnnkb%2FLP5Ab8DoE9eJ22Qrwc7EpzhVqBCbsQEyL3kP9uba842GZ%2Bd9VZaTT5IvlYIRHBeWUOSY7cjT2X5ralZXrG2aOqib7os6w%2BHy%2Bqi75u2qluS3IPDyN%2BRKI8ixABHg14YH6GMlWnGUpbf5Yyzkmf1I0m62EEZ4VfVs%2Fczckq1%2FaXMZlLSWbSjt0YrAxtpJyqHkp2rYUiLc1GnRXEe0iaDKoW8uBCMyRrEQJdmjCSX1klYt9qRUWiEJdEpllIv8I7stwuZr0nd%2Ft3%2FZTb5YjdHchpQrNYLkeJMJ%2FBiEF7QDkYRtH%2FoD%2Fen2ytnw7ylH2%2Fbvr3Wbdz12J2sVvLvkmkS%2FvPZ802%2BImpIx5XKg8EZpBoVDCRptbZ%2FvjsQPjbwLgCh%2BzfT%2F3%2FF%2Fh8%3D&is_passive=NULL&entity_id=NULL&sso_reload=true

Site favicon
Submitted: Feb 21, 2026, 12:26:04 PMCompleted: Feb 21, 2026, 12:27:17 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 3 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://vpn1.compass-usa.com

Effective URL: https://login.microsoftonline.com/cd62b7dd-4b48-44bd-90e7-e143a22c8ead/saml2?SAMLRequest=fVLLTtwwFP2VyPuME5PmYc2MlGkCGgnQqEUgsUEe56ZYcuzU16b07%2BsEIdEFbI%2FP8XnYWxSTnnkb%2FLP5Ab8DoE9eJ22Qrwc7EpzhVqBCbsQEyL3kP9uba842GZ%2Bd9VZaTT5IvlYIRHBeWUOSY7cjT2X5ralZXrG2aOqib7os6w%2BHy%2Bqi75u2qluS3IPDyN%2BRKI8ixABHg14YH6GMlWnGUpbf5Yyzkmf1I0m62EEZ4VfVs%2Fczckq1%2FaXMZlLSWbSjt0YrAxtpJyqHkp2rYUiLc1GnRXEe0iaDKoW8uBCMyRrEQJdmjCSX1klYt9qRUWiEJdEpllIv8I7stwuZr0nd%2Ft3%2FZTb5YjdHchpQrNYLkeJMJ%2FBiEF7QDkYRtH%2FoD%2Fen2ytnw7ylH2%2Fbvr3Wbdz12J2sVvLvkmkS%2FvPZ802%2BImpIx5XKg8EZpBoVDCRptbZ%2FvjsQPjbwLgCh%2BzfT%2F3%2FF%2Fh8%3D&is_passive=NULL&entity_id=NULL&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #70,758 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 78%

8
Risk Score

Redirects to Microsoft login; some suspicious signals (cross‑origin form, IDS alert) but likely a legitimate SSO portal.

Risk Factors
Cross‑origin credential form to an external domain
Critical network IDS alert indicating possible data exfiltration
Domain age information unavailable

Details

Page Title

vpn1.compass-usa.com

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain name 'vpn1.compass-usa.com' uses the commercial generic top-level domain (.com), featuring subdomain 'vpn1'. The second-level label 'compass-usa' is 11 characters long split between four vowels and six consonants; bonus characters include one hyphen. Tokenizing the label suggests two words: compass, usa. Median word length comes out to 5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://vpn1.compass-usa.com

Page Load Overview

3.11s
Total Load Time
33
HTTP Requests
6
Domains
1000 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
334.2.228.194Henrico, Virginia, United States
AS3356Level 3 Parent, LLC
331--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T18C048F77329A063986558498E05B43099F20B143F506C9BCB9BCBAD9BFDED06107BB78

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:pfQho9PKBb9Js3q9Jzbs6tlg3SBKwdQWgceIszo2bMy8Oldq:ehoC9JSqzzbs6o3Sj3gcrsE2eAA

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:184491:g42BEFoCHAQgkwLR4mFQoBgNDKpSFEgcKnMxBBIAEgCRkiITkAKIMNCAwFzjAIwEkrc3MAcJJQBLAwW0hDCIQCcFIsRDIEGg

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffcfc3c7ffffffff
Perceptual Hash:b3318ccccc673333
Difference Hash:00180c1400000000
Wavelet Hash:3f1f030f00000000
Color Hash:#57931f

Other Hashes

Crop Resistant:00180c1400000000

Scan History

Scan history not available

Unable to load historical scan data