ScanMalware.com

Security Scan Report: enterpriseenrollment.nihak.fi

Redirected to: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.microsoft.com%2Fsignin%2Findex%2F&response_type=code%20id_token&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&state=OpenIdConnect.AuthenticationProperties%3DzHt8N9bHQMeh-Iy5U4Qok5HdSFYWu01UQm7gUTMR-KEKr9fz0zzL7wIy5BGbsirCqPP5yev0PPFUptH2xZeMr8TH6BBjB5KyxYhqdL6i3O2aYtxenbz2Xc-2atPy_pXJc8MlMoXaIVW6c4qN47vryiAAq21AkFlmIpKvDrNbPq3ej-DT-Jj3IF5uuMsaeuKlhy4YzZueESKcLH7ABYvu-UJHwNbgC1qKv2mQzblF1NZeHy54PHYogJfmRDI_BtHGc-EuLEFr7yvYLpsHj7Aiu7YN0pt651ezm-RAghJYMb4JN7moIjDosUc4kPsj8wCP098PWy81y1hMDTeHR1v1bpClZzcRyKx50y5U522a-gUv4Dmuoqrb3WV591S5HCYbP4l_7m-yoPTOW4fgPrXGhgyzR6UrxbBAGMIjGHoz934tFmNoOxXILOSM_cveh87OqGbYegj2qtax_UTu0npqAsQD9TUmGEY5kPQkPjLQN5tK8ZObbwY7WSwp_zyDCRIq&response_mode=form_post&nonce=639036243344151084.NDRhMWJlYTMtMzA3Zi00Y2VmLWEzYTMtZjkwYmJmMmNmODIwZTk4MDU4ODUtZGI2OS00NzkxLTk1YTktNjY4ZmI5MDMzZjhl&client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&site_id=501430&instance_aware=true&nativebroker=1&client-request-id=7be9bc86-4510-4b78-a529-82853749c98f&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=true

Site favicon
Submitted: Jan 10, 2026, 6:45:22 AMCompleted: Jan 10, 2026, 6:47:14 AMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://enterpriseenrollment.nihak.fi

Effective URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.microsoft.com%2Fsignin%2Findex%2F&response_type=code%20id_token&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&state=OpenIdConnect.AuthenticationProperties%3DzHt8N9bHQMeh-Iy5U4Qok5HdSFYWu01UQm7gUTMR-KEKr9fz0zzL7wIy5BGbsirCqPP5yev0PPFUptH2xZeMr8TH6BBjB5KyxYhqdL6i3O2aYtxenbz2Xc-2atPy_pXJc8MlMoXaIVW6c4qN47vryiAAq21AkFlmIpKvDrNbPq3ej-DT-Jj3IF5uuMsaeuKlhy4YzZueESKcLH7ABYvu-UJHwNbgC1qKv2mQzblF1NZeHy54PHYogJfmRDI_BtHGc-EuLEFr7yvYLpsHj7Aiu7YN0pt651ezm-RAghJYMb4JN7moIjDosUc4kPsj8wCP098PWy81y1hMDTeHR1v1bpClZzcRyKx50y5U522a-gUv4Dmuoqrb3WV591S5HCYbP4l_7m-yoPTOW4fgPrXGhgyzR6UrxbBAGMIjGHoz934tFmNoOxXILOSM_cveh87OqGbYegj2qtax_UTu0npqAsQD9TUmGEY5kPQkPjLQN5tK8ZObbwY7WSwp_zyDCRIq&response_mode=form_post&nonce=639036243344151084.NDRhMWJlYTMtMzA3Zi00Y2VmLWEzYTMtZjkwYmJmMmNmODIwZTk4MDU4ODUtZGI2OS00NzkxLTk1YTktNjY4ZmI5MDMzZjhl&client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&site_id=501430&instance_aware=true&nativebroker=1&client-request-id=7be9bc86-4510-4b78-a529-82853749c98f&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing login page impersonating Microsoft Azure on an unrelated domain.

Risk Factors
Credential harvesting login form
Brand impersonation/typosquatting
Unranked domain presenting a major brand
Redirect chain to official login page used to mask phishing
Domain age information unavailable

Details

Page Title

Sign in to Microsoft Azure

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(78%)

Domain Information

The domain name 'enterpriseenrollment.nihak.fi' uses the Finnish country-code top-level domain (.fi) and includes subdomain 'enterpriseenrollment'. The second-level label 'nihak' is 5 characters long split between 2 vowels and three consonants. Breaking it apart gives two words: ni, hak. Median word length comes out to 2.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://enterpriseenrollment.nihak.fi

Page Load Overview

37.14s
Total Load Time
16
HTTP Requests
7
Domains
473 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:187 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software78% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
78%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
620.42.72.131United States
AS8075
2150.171.84.26United States
AS20940
220.91.147.72United StatesUnknown
240.126.32.133Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
220.190.159.129United StatesUnknown
213.107.246.44United StatesUnknown
166--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T187834AE67EB6193BC78B55B5A4793E02AA3A5A03894CCDA4F14CC9802FF771D8137613

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:s0iB8GLGGL9rfH1ESgaTOqczzTEyqU6MVnvnaloMPb1Efiitng1:jiB809rfH1ESgaLcmyS2Fng1

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:86103:MAiAMBKwmBCBmgJBCCEAIxhAlVEQB0RJAICgQetUwQiJRSBycyIACAZCgwIBMcuB3AlYUICeQmABABNm5LADAjAwigACABY4

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:003e3f3f373fff00
Perceptual Hash:85d970f626d919e4
Difference Hash:c8e2d2d2e4cae6e7
Wavelet Hash:003a3b3f373f7700
Color Hash:#80862d

Other Hashes

Crop Resistant:c8e2d2d2e452e6e6,c6c7c3c3c3c6c7c6

Scan History

Scan history not available

Unable to load historical scan data