ScanMalware.com

Security Scan Report: he3629866.us.create.litera.com

Redirected to:
https://login.microsoftonline.com/379afe17-342f-4edb-86e6-94031f5c7e2f...
Site favicon
Submitted: Jan 6, 2026, 11:09:45 AMCompleted: Jan 6, 2026, 11:10:59 AMpubliccompleted
Loading additional data...

Summary

This website contacted 10 IPs in 1 country across 6 domains to perform 42 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://he3629866.us.create.litera.com

Effective URL: https://login.microsoftonline.com/379afe17-342f-4edb-86e6-94031f5c7e2f/oauth2/v2.0/authorize?client_id=2f7989e2-87fc-4549-817c-245de2d82114&redirect_uri=https%3A%2F%2Fhe3629866.us.create.litera.com%3A8446%2Fsignin-aad&response_type=code&scope=openid%20profile%20email&code_challenge=ehx4j8RQjh1qNu95t-yohYWilRf5S-fxmCH2WAmpwUk&code_challenge_method=S256&response_mode=form_post&nonce=639032946129659315.OGZjYzVlZjMtZWY2Mi00OWUzLWE0ODMtYWIzOWZjMDY4YjRiNTFlMDIxMGQtMzFlNS00ZGYzLWExMjUtNmIwYTYxMDJkYjNl&state=CfDJ8KQkH_TYyCJEg1eozI0dIdQq9HINJEqTa-LQacP7azR5-sxQXlDjkdZF4Szqq9LoWc_abYVt5Pqnztdp6O4sVekrO62AysejC8xPL9j2SsQyvXj8CrbkkRCPQRbdXXX2XUEL5VIAGu2F27lCi48_WBUXRNCVQ2qXkS2FBCLb29cj&x-client-SKU=ID_NET8_0&x-client-ver=7.1.2.0&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #38,401 of the top 1 million websites

AI Security Verdict

Low Risk

Confidence: 78%

2
Risk Score

Login page collects credentials on an old domain with heavily obfuscated script; no clear malicious payload but moderate risk.

Risk Factors
Credential collection on a non‑official domain
Highly obfuscated JavaScript code
Safety Factors
Domain is long‑standing and has no reputation hits
Form action points to a legitimate Microsoft login endpoint
No network‑level malicious alerts
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 5 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

cryptocurrency blockchain

(37%)

Domain Information

Within the commercial generic top-level domain (.com), 'he3629866.us.create.litera.com' is registered; it also runs on subdomain 'he3629866.us.create'. The registrable portion 'litera' spans 6 characters with three vowels and three consonants. Splitting it apart reveals 2 words: liter, a. Median word length is three characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://he3629866.us.create.litera.com

Page Load Overview

6.86s
Total Load Time
4
HTTP Requests
1
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

cryptocurrency blockchain37% confidence
Type: webapp
Method: ml+structural+ocr_tiebreaker

All Detected Categories

cryptocurrency blockchain
37%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
440.126.32.136United States
AS8075
040.126.31.0United States
AS8075
023.207.210.137United States
AS8075
040.126.31.69United States
AS8075
040.126.32.72United States
AS8075
023.207.210.132United States
AS8075
023.101.175.155Chicago, Illinois, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
040.126.31.130United States
AS8075
013.107.246.44United States
AS8075
020.190.159.73United States
AS8075
410--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1CF236CDA3F9038374B9659B190EE7F0AC67885D35988C8D4F19DC88C2DB6BAB4177213

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:lsBKBy8J7QLGGyzqpB/5VsFBFMQTC49S1AsGzj/TcHyqUO9vVMtvnnv5ValoMPfu:lsBKBy8GLGG8qpBL4BFMQ2rPGzzTEyqq

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:45851:QGGgIFRAKEG0GWKlDxAiMQG0ACJAO4DpBcHfkBQACkkBgOZpeCSEFApQSARJIiQAOAVxB6oFUA2GTEHrgECCYjNECg8ARCIC

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010293b37373737
Perceptual Hash:865b51664cb37366
Difference Hash:88e4cadbe5ece4e6
Wavelet Hash:00302b3b373f3737
Color Hash:#c587b6

Other Hashes

Crop Resistant:88e4cadbe5ece4e6

Scan History

Scan history not available

Unable to load historical scan data