ScanMalware.com

Security Scan Report: erdrich-my.sharepoint.com

Redirected to:
https://login.microsoftonline.com/2f617e5d-31f9-49ff-8e3c-0a3ecdcd09c0...
Site favicon
Submitted: May 9, 2026, 11:36:43 AMCompleted: May 9, 2026, 11:38:06 AMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 4 countries across 8 domains to perform 39 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://erdrich-my.sharepoint.com

Effective URL: https://login.microsoftonline.com/2f617e5d-31f9-49ff-8e3c-0a3ecdcd09c0/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&ear%5Fjwe%5Fcrypto=eyJhbGciOiJFQ0RILUVTIiwiZW5jIjoiQTI1NkdDTSIsImFwdiI6IkFBQUFDVVZoY2tOc2FXVnVkR2dBQUFCRlEwc3pNQUFBQUUrRzhsbWJDbVlzN2ZhRStWNTVLMUpJVnZDV3doMEJOcEpHTENNVUlBcUdnMVFoZHdtWmk0TDNoVmUxam0xV1NZamwrS3RxSW1wQlI1REhhM0FCVCtqOGNTbkVtMkZBKzZIaHVRdC8wRVhSUjFGYUk3Q3ArQmFiYnZIbkl6QUFMUUFBQUJqTU45Slg5aHFhQ296ajIrK1FhQmIzTWxaYUo3VHJjYkk9In0%3D&ear%5Fjwk=eyJhbGciOiJFQ0RILUVTIiwiY3J2IjoiUC0zODQiLCJ4IjoiQUFBQU1FK0c4bG1iQ21ZczdmYUUrVjU1SzFKSVZ2Q1d3aDBCTnBKR0xDTVVJQXFHZzFRaGR3bVppNEwzaFZlMWptMVdTUT09IiwieSI6IkFBQUFNSWpsK0t0cUltcEJSNURIYTNBQlQrajhjU25FbTJGQSs2SGh1UXQvMEVYUlIxRmFJN0NwK0JhYmJ2SG5JekFBTFE9PSIsImt0eSI6IkVDIn0%3D&spa%5Fclient%5Fid=08e18876%2D6177%2D487e%2Db8b5%2Dcf950c1e598c&client%5Finfo=1&response%5Ftype=code%20id%5Ftoken%20spa%5Frt&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=4FAFB3E1E5A54874EA998234C80A9C6B56B5B76D6699562A%2D14247C306E1A54EA2F2A5DED4F616F3350B5A649271EB0B45A9A1A8401FA91E5&redirect%5Furi=https%3A%2F%2Ferdrich%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0wJjMyPUFBTGclMkZRQUFBQlE3MjgyUWRTWUtqZkFTSlhKJTJGYjhpWjhXNXZocjBobTMxTm4yTk5nTFNaamg1YWhZeUhMU3BkeG9CUGRXUktYNlBXQ2d6aGVGVyUyQnJMdnRaY1NjJTJGTm5GNWNsdjJHcER6ciUyRk5ScG4xJTJCMm9LcXZaZlpaM0dSakdWemp4NW1GalJ6SXlZWnh5cno1JTJCeUs0YVpCRFY3QmdLJTJCZEVUY290YUclMkZPSVpZakFQV1lSanFzOWZjSlFCVDB0YkFlU1dWZ0llTyUyRmNJcnpyV0ElMkZUbEM1TkF6b05NbTlWRDBrdThjd3klMkIxRjFrV2p2VUFBQSUyRlhYbWw1SXgwUlV4eDhlSkVOOU0yOUttJTJCbDViS3lRM1R2WjZpWk56RTFZV2wzR3l4VFhRMG1lSEM5VWtCZzA3SSUyQklDbEtmeXc5eWpCU28lMkJDNkNDNkt2czBGVTRvSEFSVkFRWWpyYjMxUVNnNG4wcTkwYjFJT2twR3pvRVBEZTB5RlJUS283VkFRSXV5OEElM0QlM0Q&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=36eb11a2%2D1066%2D1001%2D1e7a%2D439621052704&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #66 of the top 1 million websitesTop 100 Site

AI Security Verdict

High Risk

Confidence: 82%

7
Risk Score

The site hosts a legitimate Microsoft SSO login but exhibits critical IDS alerts and heavily obfuscated scripts, indicating active malware/C2 activity – treat as high‑risk and avoid.

Risk Factors
Critical IDS alerts indicating malware activity and command‑and‑control communication
Highly obfuscated JavaScript code
Credential collection form (login) on a site not directly owned by Microsoft
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Within the commercial generic top-level domain (.com), 'erdrich-my.sharepoint.com' is registered; it also runs on subdomain 'erdrich-my'. Its registrable label 'sharepoint' stretches across 10 characters split between 4 vowels and 6 consonants. Breaking it apart gives two words: share, point. Median word length comes out to five characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://erdrich-my.sharepoint.com

Page Load Overview

1.45s
Total Load Time
32
HTTP Requests
7
Domains
485 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
820.190.160.132Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
423.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
413.107.136.10Redmond, Washington, United States
AS8075Microsoft Corporation
451.11.192.48Paris, Île-de-France, France
AS8075Microsoft Corporation
440.126.32.68Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
413.107.246.44United States
AS8075Microsoft Corporation
440.126.32.134Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
327--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1FEA35CD97EA22D37C29640B5B5B57F069A37A9078948DC94F08CCD883FFA74D8127A13

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:W88vApvA0jsnvANvAquvA7avAwdJ32RADvAcFC:oopo0jsnoNoquo7aoO2EocFC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:98996:gaUiBAjKIISAMEBEAE5sSCEAUSgcA5ojkCJDJGMkDGjRNIjIqJmAkJgHQxD8IAZ4FAuCDEuBOAJjThgUtEYIACGQiFTWmIDA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b3737373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4f2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#a240bf

Other Hashes

Crop Resistant:88e4f2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data