ScanMalware.com

Security Scan Report: verify.numat-test.com

Redirected to: https://login.microsoftonline.com/2f2b18fb-66ef-4423-86cb-4b21bba627ee/oauth2/v2.0/authorize?client_id=f82de8b6-f0b8-40f5-af3c-a32f975f1430&prompt=select_account&redirect_uri=https%3A%2F%2Fauthenticate.numat-test.com%2Foauth2%2Fcallback&response_type=code&scope=openid+profile+email+offline_access&state=SGF0QjVGMkEzN3NRZ2tUWEFwYTJkSndjYkNDdEU4MWZ4WHhnbFpVaHdCND18MTc2NDc0NzMwNnxRSzEyTlQyM3RZSElzQ2NXMms2OVlnRXxvrA1XHCMXrs5x7hdAc255DeCcbJStQW8TaYwEfeJ3wAnfpsgpC0X9s_kRB0wI-iyNuR-84j1sDaD1Uo2FX9lrdAQN4CxGgout1-ByhPSUQ9kp74U0uYdMNv3e91lhnBJoh08lZiLmXRIe9u3eyAr0TOFQJcYlNDq1dOXOClRgOsQj53_aq5C8iQpU4JOVM9HOSG0v5kCBWd9Ry3jLVURFyo0DKPTYXnRwVqitULya0in_bb-CgTKC3QcTQQk2Q52VXZWBNJUnn1EHyoAtUwHuxomrAwVSBehveEDe-J_mOWdIke817WG8ocK85eqRfavfzTVgPZOY-d-uyVR_kZv6Mh3I9RQIxTTr-NuSRcae2Pqlx95zUdhuSOPz_VF4crCwPNHgKttxlJtnu2tZGqXiULTT3OeyUnF45Qrtuj7uI5lpjTkVZWEMKvNmWMRouAQL0Mcdlc8cLYgN3OzOfgcJDHPMHOvmlctXOg1VDNbk58vt3PJWBnhNDzhYV4GsPHtDcfMmd3a_UyuchvlcMHFVZauSOvckvgdUjKgf&sso_reload=true

Site favicon
Submitted: Dec 3, 2025, 7:34:17 AMCompleted: Dec 3, 2025, 7:35:40 AMpubliccompleted
Loading additional data...

Summary

This website contacted 44 IPs in 4 countries across 8 domains to perform 33 HTTP transactions. The main domain is login.microsoftonline.com.

Submitted URL: http://verify.numat-test.com/

Effective URL: https://login.microsoftonline.com/2f2b18fb-66ef-4423-86cb-4b21bba627ee/oauth2/v2.0/authorize?client_id=f82de8b6-f0b8-40f5-af3c-a32f975f1430&prompt=select_account&redirect_uri=https%3A%2F%2Fauthenticate.numat-test.com%2Foauth2%2Fcallback&response_type=code&scope=openid+profile+email+offline_access&state=SGF0QjVGMkEzN3NRZ2tUWEFwYTJkSndjYkNDdEU4MWZ4WHhnbFpVaHdCND18MTc2NDc0NzMwNnxRSzEyTlQyM3RZSElzQ2NXMms2OVlnRXxvrA1XHCMXrs5x7hdAc255DeCcbJStQW8TaYwEfeJ3wAnfpsgpC0X9s_kRB0wI-iyNuR-84j1sDaD1Uo2FX9lrdAQN4CxGgout1-ByhPSUQ9kp74U0uYdMNv3e91lhnBJoh08lZiLmXRIe9u3eyAr0TOFQJcYlNDq1dOXOClRgOsQj53_aq5C8iQpU4JOVM9HOSG0v5kCBWd9Ry3jLVURFyo0DKPTYXnRwVqitULya0in_bb-CgTKC3QcTQQk2Q52VXZWBNJUnn1EHyoAtUwHuxomrAwVSBehveEDe-J_mOWdIke817WG8ocK85eqRfavfzTVgPZOY-d-uyVR_kZv6Mh3I9RQIxTTr-NuSRcae2Pqlx95zUdhuSOPz_VF4crCwPNHgKttxlJtnu2tZGqXiULTT3OeyUnF45Qrtuj7uI5lpjTkVZWEMKvNmWMRouAQL0Mcdlc8cLYgN3OzOfgcJDHPMHOvmlctXOg1VDNbk58vt3PJWBnhNDzhYV4GsPHtDcfMmd3a_UyuchvlcMHFVZauSOvckvgdUjKgf&sso_reload=trueRedirected

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

High‑risk phishing site using a brand‑spoofed login page on a brand‑new domain.

Risk Factors
Credential harvesting form on a brand‑impersonating page
Domain is unranked and appears to be newly registered
Brand impersonation of Microsoft on a non‑official domain
Redirect chain leading to a legitimate Microsoft endpoint (used to mask phishing)
Absence of any legitimate business context for the domain
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 'verify.numat-test.com' uses the commercial generic top-level domain (.com); it also runs on subdomain 'verify'. Count 10 characters in 'numat-test' with 3 vowels and six consonants, along with one hyphen. Word splitting yields three words: num, at, test. Expect three characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://verify.numat-test.com/

Page Load Overview

1.80s
Total Load Time
33
HTTP Requests
8
Domains
1.0 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1913.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
440.126.32.76Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
495.100.135.57Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
2172.67.129.50United States
AS13335CLOUDFLARENET
140.126.31.2Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
152.168.117.168Washington, Virginia, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
120.190.159.131Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
020.190.160.17Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
020.190.159.4Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
020.190.159.68Dublin, Leinster, Ireland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
3344--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T144835CE97EA62937868A0575B9B53D02AA3A49039D0CCE74F15CCC882FF770D8277197

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lRbymxbymE8GLGGWbym/M+bymW1n2upzTEyqU6MVnvnaloMP4eEBglioC:/OcOv8rOJ+OHku0yS2UC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:85962:0SxSJAAAZCA/XAjkLSCYwYuA4GNMTAAxCAYAOQQNiLgAkCcIOYZQAJoQMZAGI54MAhngIVd4GCNZBEUACshCXphT2F5CMIMV

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:3c3c3c3c3c3c3c00
Perceptual Hash:879278cd6d326c6c
Difference Hash:f8d8f0f8e4e4d8c0
Wavelet Hash:3c3c3e3e3e3e3c00
Color Hash:#3ad22d

Other Hashes

Crop Resistant:9838723ab2a28382,8280c03034e08084,f8d8f0f8e4e4d8c0

Scan History

Scan history not available

Unable to load historical scan data