ScanMalware.com

Security Scan Report: msoid.kiwa.com

Redirected to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639096097067950988.MmIwN2I0OGEtYjBmOC00ZDc0LWJhZGYtMDJiYzRhMDU2OWJhNDI1ZGZhOGYtZjY4Mi00MjJhLWIwNWItODA3NWU2OWE2MTM5&ui_locales=en-US&mkt=en-US&client-request-id=dc7a6497-862d-4d22-90c5-a748c8c84e4d&state=tgUuqEPiVQF-YPVPPlunu_7gHaNxB5tIoBf2Ipo3NOITMqJWJBSyFsq-805Qkpm9d7i-bxBRc_ZsofbFaW4bLuvxSjLOpJUThyDwf46ubIbUt4an9MOdDIWx2cLqq_iKQZ7CmS2gH-GSMCJMoBGfR67JyyeSYIeJnwL45I4zcmDitNMa6_NRCvz1R808dObPiq7vLyOMGsCRB-EmW-tnFDacnmzeGlG81-OxQbFbuUMK3HwUBXLClVYcs1kIfgJJKaAUgIqYfPS3dp3Z8EUdaK10AaahnVNuxt2fzDmfcWkdeC879bK5RDMyFnCDOsEAZ2X9Mim62w6nxoEFnzOceXDbV238zIyLAcfR3sUZLAFBMbjTVi1pvm4ij8OnUjcqCoLRKmoKcjnri5cHW4bXHzu5y0HZUzCEKcPF366517w&x-client-SKU=ID_NET8_0&x-client-ver=8.14.0.0&sso_reload=true

Submitted: Mar 20, 2026, 1:21:44 PMCompleted: Mar 20, 2026, 1:22:55 PMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 39 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://msoid.kiwa.com

Effective URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639096097067950988.MmIwN2I0OGEtYjBmOC00ZDc0LWJhZGYtMDJiYzRhMDU2OWJhNDI1ZGZhOGYtZjY4Mi00MjJhLWIwNWItODA3NWU2OWE2MTM5&ui_locales=en-US&mkt=en-US&client-request-id=dc7a6497-862d-4d22-90c5-a748c8c84e4d&state=tgUuqEPiVQF-YPVPPlunu_7gHaNxB5tIoBf2Ipo3NOITMqJWJBSyFsq-805Qkpm9d7i-bxBRc_ZsofbFaW4bLuvxSjLOpJUThyDwf46ubIbUt4an9MOdDIWx2cLqq_iKQZ7CmS2gH-GSMCJMoBGfR67JyyeSYIeJnwL45I4zcmDitNMa6_NRCvz1R808dObPiq7vLyOMGsCRB-EmW-tnFDacnmzeGlG81-OxQbFbuUMK3HwUBXLClVYcs1kIfgJJKaAUgIqYfPS3dp3Z8EUdaK10AaahnVNuxt2fzDmfcWkdeC879bK5RDMyFnCDOsEAZ2X9Mim62w6nxoEFnzOceXDbV238zIyLAcfR3sUZLAFBMbjTVi1pvm4ij8OnUjcqCoLRKmoKcjnri5cHW4bXHzu5y0HZUzCEKcPF366517w&x-client-SKU=ID_NET8_0&x-client-ver=8.14.0.0&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #483,099 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

Phishing page mimicking Microsoft login; do not enter credentials.

Risk Factors
Brand impersonation: Microsoft branding on unrelated domain
Low Cisco Umbrella ranking for a site claiming a major brand
Cross‑origin credential form sending email/password to Microsoft login endpoint
Potential credential harvesting via login form on suspicious domain
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Domain 'msoid.kiwa.com' uses the commercial generic top-level domain (.com); it also runs on subdomain 'msoid'. The second-level label 'kiwa' is 4 characters long holding two vowels versus 2 consonants. Splitting it apart reveals two words: k, iwa. Expect 2 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://msoid.kiwa.com

Page Load Overview

0.72s
Total Load Time
31
HTTP Requests
5
Domains
472 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
613.107.6.156United States
AS8068Microsoft Corporation
513.107.246.44United States
AS8075Microsoft Corporation
551.11.192.48United StatesUnknown
540.126.31.128UnknownUnknown
520.190.160.14UnknownUnknown
540.126.32.138Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
316--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A3937CE97EF7293B868645B1B5752E026B361A478C0CDCA0F15CC9842FFB75E8023A57

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lcafz38GLG2Aauz5PbRzDo4g+vRoIyEk77gx2xpTvPoMmCfuEfIi7wYIoGC:aIr8TZRbRXJRJ32RAyaTC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:90379:sQjQZPo0hIOFsgACawREQnEgIAPJDCnQSOCECBHQoIgokEbSuiAgHFuhptJgaRIACAw+cbhGimIwYAnsaYkFCG0CAMaIAMKD

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#936b1f

Other Hashes

Crop Resistant:88e4d2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data