ScanMalware.com

Security Scan Report: healthequity.officespacesoftware.com

Redirected to: https://login.microsoftonline.com/c5d0ad88-8f93-43b8-9b7c-c8a3bb8e410a/saml2?SAMLRequest=jZLLTsMwFER%2FJTuvnDQvmlhNpaoVUqWCUHks2KDrR6iFYwfbofD3OKkQZQFi44U9M2d87YWDTvVkNfiD3ovXQTgfrZwT1kuj10a7oRP2Vtg3ycT9ftegg%2Fe9I0lyEKD8ITik%2F4hN24Zz10NYTOuPYEXMTJcMIcglEMKTkZMwUIoCe0HRJoCkhpHynanMs9RxJ5k1Y4zRSupTECv5DHhV4aqtc1zktMI1nTPMKsgprUSRzmBCZCjabhr0RLOUwrzlmNcFx0VVz3FdQIZ5mfOyKoCWlAepc4PYaudB%2BwZls6zEaYaz%2Bi7NSXFByuIRRQ%2FhClPLLJ6h6L1T2pGR1KDBamLASUc0dMIRz8jt6mpHgpDA1wzPLf3fnt4ab5hRaLkY1WRqZ5f%2FmfQiOXcsTo96HQjbzY1Rkn1EK6XMcW0FeNEgbweBoktjO%2FC%2Fd0rjdNqRHLeTlAza9YLJVgqOkuUJ%2BvPzLD8B&RelayState=%2Fvd%2Fvd.jsp&sso_reload=true

Site favicon
Submitted: Dec 29, 2025, 1:46:49 PMCompleted: Dec 29, 2025, 1:48:00 PMpubliccompleted
Loading additional data...

Summary

This website contacted 11 IPs in 2 countries across 7 domains to perform 26 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://healthequity.officespacesoftware.com

Effective URL: https://login.microsoftonline.com/c5d0ad88-8f93-43b8-9b7c-c8a3bb8e410a/saml2?SAMLRequest=jZLLTsMwFER%2FJTuvnDQvmlhNpaoVUqWCUHks2KDrR6iFYwfbofD3OKkQZQFi44U9M2d87YWDTvVkNfiD3ovXQTgfrZwT1kuj10a7oRP2Vtg3ycT9ftegg%2Fe9I0lyEKD8ITik%2F4hN24Zz10NYTOuPYEXMTJcMIcglEMKTkZMwUIoCe0HRJoCkhpHynanMs9RxJ5k1Y4zRSupTECv5DHhV4aqtc1zktMI1nTPMKsgprUSRzmBCZCjabhr0RLOUwrzlmNcFx0VVz3FdQIZ5mfOyKoCWlAepc4PYaudB%2BwZls6zEaYaz%2Bi7NSXFByuIRRQ%2FhClPLLJ6h6L1T2pGR1KDBamLASUc0dMIRz8jt6mpHgpDA1wzPLf3fnt4ab5hRaLkY1WRqZ5f%2FmfQiOXcsTo96HQjbzY1Rkn1EK6XMcW0FeNEgbweBoktjO%2FC%2Fd0rjdNqRHLeTlAza9YLJVgqOkuUJ%2BvPzLD8B&RelayState=%2Fvd%2Fvd.jsp&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #62,580 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page impersonating HealthEquity; do not enter credentials.

Risk Factors
Brand impersonation (HealthEquity) on unrelated domain
Credential harvesting form (password field) on suspicious site
Multiple redirects to a different domain (Microsoft login) to mask phishing
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

healthcare medical

(39%)

Domain Information

The domain 'healthequity.officespacesoftware.com' uses the commercial generic top-level domain (.com) and includes subdomain 'healthequity'. The core label 'officespacesoftware' covers 19 characters containing eight vowels alongside 11 consonants. Tokenizing the label suggests 3 words: office, space, software. Median word length comes out to six characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://healthequity.officespacesoftware.com

Page Load Overview

5.35s
Total Load Time
14
HTTP Requests
4
Domains
74 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

healthcare medical39% confidence
Type: webapp
Method: ml+structural+ocr_tiebreaker

All Detected Categories

healthcare medical
39%
finance banking
34%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
413.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
120.190.160.4Netherlands
AS396982
113.89.178.26NetherlandsUnknown
135.223.54.201Council Bluffs, Iowa, United States
AS396982GOOGLE-CLOUD-PLATFORM
120.52.64.200NetherlandsUnknown
140.126.32.74NetherlandsUnknown
120.190.160.22NetherlandsUnknown
140.126.32.68NetherlandsUnknown
123.207.210.132NetherlandsUnknown
120.190.160.3NetherlandsUnknown
1411--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1FA734BDABFB61937864A44B9B4752E026F3A6A438C0CD9A0F15CCD842FFBB0D8527517

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:laTt8GLGGdiUI5Kk7fGgVzzTEyqU6MVnvnaloMPbJEJUmibPC:YTt82iUI5Kk7f1VmyS2iPC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:75221:QuHkQKNKoBySFKEgGyEQNMQG4ZmiYSaPAgZVKBdkSFSEotlAmlgCAwKkSCyI4AQCDqACtCh3CIbExYAEhWFgJihiAGpKQWpI

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000181818180000
Perceptual Hash:8cd93366cc9999cc
Difference Hash:100cb2b2b2b24c33
Wavelet Hash:30303c3c3c3c0f00
Color Hash:#786e3a

Other Hashes

Crop Resistant:9c0c603ab4a08382,8280ca3034608082,100cb2b2b2b24c33

Scan History

Scan history not available

Unable to load historical scan data