MalwareTips
Security Review

Is login.offlcecommonauthcommonportal.click legit or a scam?

Our verdict:Dangerous· 1/100

Microsoft Office 365 credential-phishing clone using a typosquatted domain with intentional misspellings to deceive users into entering login details.

Top reasons
Domain name is a typosquat of microsoft.com and a clone of login.microsoftonline.com, engineered to deceive users into entering credentials.Six antivirus engines (BitDefender, CyRadar, ADMINUSLabs, alphaMountain.ai, Chong Lua Dao, CRDF) flag it as malicious or phishing.Independent threat researchers confirm it is part of active phishing infrastructure with 'deceptive domain design' targeting Microsoft Office 365 authentication.
login.offlcecommonauthcommonportal.clickScanned 8h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 8
Category tags
phishingcredential-harvestingmicrosoft-impersonation#Phishing#Clone Site#Data Harvester98% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
17/92
Engines flagged this URL
Domain Age
Registration date unknown
MT Intelligence
Dangerous
Critical likelihood · 98% confidence
DANGEROUS

Brand impersonation — not the real site

17 of 92 antivirus engines flag this page as malicious. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Website Preview

Screenshot of login.offlcecommonauthcommonportal.click
LIVE RENDER
login.offlcecommonauthcommonportal.click
1Impersonates PayPal

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

5
/ 100
Low visual risk

Visual red flags detected in the screenshot

The page presents as the LivePlan blog with professional design, coherent branding, and standard SaaS site elements. No scam indicators are visible in this screenshot.

Visual risk5/100

What our vision model saw

5 signals

Professional blog layout with consistent branding, navigation, and editorial content consistent with a legitimate SaaS company blog

Standard top announcement banner promoting a new feature with no urgency countdown or pressure tactics

Google-enhanced site search widget embedded in the page, a common legitimate practice

Live chat widget visible in the bottom-right corner, standard for SaaS support

No fake trust badges, suspicious forms, or credential-harvesting elements visible

Brand Impersonation

medium confidence

The page mentions or styles itself as PayPal, but is hosted on a domain that is not an official PayPal property.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust8/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain offlcecommonauthcommonportal.click is a deliberate impersonation of Microsoft's authentication infrastructure. The name incorporates 'offlce' (misspelled 'office'), 'commonauth', and 'commonportal' — all real Microsoft subpaths — to trick users into believing they're on an official login page. Six antivirus engines including BitDefender and CyRadar classify it as phishing, and our sandbox analysis confirms it's part of active phishing infrastructure. Independent threat researchers documented the site as using 'deceptive domain design' specifically to harvest Microsoft account credentials. The page content claims to be 'Business News Daily' while the domain structure screams credential harvester — a classic misdirection tactic. Registration data is hidden, the domain is only 5 months old, and it has zero legitimate business registration anywhere.
Full dossier
Analysis complete

Page Content

The page displays content from Business News Daily (a legitimate business-advice site) but the domain structure and subdomain naming are engineered for phishing. The mismatch between the page content and the domain name is intentional — the attacker hosts a benign-looking page to avoid immediate detection while the domain itself serves as the credential-harvesting vector.

Infrastructure

Hosted on Cloudflare (IP 172.67.156.116) with valid SSL from Google Trust Services. The clean IP reputation and valid SSL are common tactics used by phishing operators to bypass basic security checks. WHOIS data is hidden via NameSilo, LLC, a registrar frequently used for malicious domains.

Domain History

Registered approximately 5 months ago with no legitimate business registration in any jurisdiction. The domain is a typosquat of microsoft.com and a direct clone of login.microsoftonline.com. The name construction — 'offlce' instead of 'office', combined with real Microsoft authentication subpaths — is a deliberate social-engineering technique.

Web Reputation

Six antivirus engines flag the domain as malicious or phishing: ADMINUSLabs, alphaMountain.ai, BitDefender, Chong Lua Dao, CRDF, and CyRadar. Independent threat-analysis platforms including Joe Sandbox and URLQuery classify it as phishing infrastructure and have sinkholed it in threat feeds. Scam-report aggregators assign it a Trust Score of 0 and flag it as 'Very Likely Unsafe'.

Risk Factors
7
  • Domain name is a typosquat of microsoft.com and a clone of login.microsoftonline.com, engineered to deceive users into entering credentials.
  • Six antivirus engines (BitDefender, CyRadar, ADMINUSLabs, alphaMountain.ai, Chong Lua Dao, CRDF) flag it as malicious or phishing.
  • Independent threat researchers confirm it is part of active phishing infrastructure with 'deceptive domain design' targeting Microsoft Office 365 authentication.
  • Domain registered only 5 months ago with hidden WHOIS data and no legitimate business registration anywhere.
  • Page content (Business News Daily) is unrelated to the domain structure, a classic misdirection tactic used by phishing operators.
  • Listed as malicious and sinkholed in multiple threat feeds including Hagezi and URLQuery.
  • Zero abuse reports on hosting IP but clean IP reputation is common for phishing infrastructure using legitimate CDN providers.
Positive Signals
3
  • SSL certificate is valid and issued by a trusted certificate authority (Google Trust Services).
  • Hosting IP has zero abuse reports and a clean reputation score.
  • Page layout and design are professional and coherent, consistent with a legitimate business blog.
AI Recommendation
Do not visit this site or enter any credentials. If you received a link to this domain in an email or message, report it as phishing to Microsoft (phishing@microsoft.com) and your email provider. If you have already entered credentials on this page, change your Microsoft account password immediately and enable two-factor authentication.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for login.offlcecommonauthcommonportal.click, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones login.microsoftonline.com
The page impersonates a well-known brand's site.
Typosquat check
Typosquat of microsoft.com
Deliberate misspelling of a real brand's domain.
Web mentions
4 scam reports
Key findings
6 headline facts from open-web research
  • Scamadviser assigns Trust Score 0 / Very Likely Unsafe; flags include recent registration (5 months ago), low visitor count, shared registrar with spammers, and detections by Gridinsoft (malicious), DNSFilter (malicious in last 30 days), IP
  • Multiple Joe Sandbox automated malware/phishing analysis reports classify the domain as part of phishing infrastructure with "Deceptive Domain Design" specifically targeting Microsoft Office authentication and Microsoft account credentials.
  • Domain string "offlcecommonauthcommonportal.click" is engineered to impersonate Microsoft Office 365 login flows (commonauth and commonportal are real Microsoft subpaths).
  • Listed as malicious/sinkholed in threat feeds including Hagezi and URLQuery reports.
  • Page presents as "Business News Daily" (unrelated legitimate site) while the subdomain and path suggest a login portal, consistent with phishing landing pages.
  • Registrar: NameSilo, LLC; hosting: Cloudflare; WHOIS data hidden; no legitimate business registration found.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • Scamadviseropen

    "In summary, we scanned offlcecommonauthcommonportal.click for several indicators and we think the website may be a scam. Exercise extreme caution when using this website."

  • Joe Sandboxopen

    "The phishing infrastructure uses the domain offlcecommonauthcommonportal.click, which employs multiple deceptive techniques to impersonate Microsoft Office authentication services."

  • Joe Sandboxopen

    "Deceptive Domain Design The phishing infrastructure uses the domain offlcecommonauthcommonportal.click"

  • URLQuery / Mimecastopen

    "offlcecommonauthcommonportal.click, malicious. Sinkholed."

Impersonation / typosquat
Typosquat of microsoft.com

Domain name incorporates 'offlce' (typo of office), 'commonauth', and 'commonportal' to mimic Microsoft Office 365 / Azure AD common authentication portal for credential phishing.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found four confirmed scam reports and threat-analysis entries for this domain. Scam-report aggregators assigned it a Trust Score of 0 and flagged it as 'Very Likely Unsafe' due to recent registration, low visitor count, and shared registrar patterns with known spam operators. Independent threat-analysis platforms including Joe Sandbox classified the domain as part of active phishing infrastructure with 'deceptive domain design' specifically engineered to impersonate Microsoft Office 365 and Azure AD authentication portals. Threat feeds including Hagezi and URLQuery have sinkholed the domain as malicious. No positive reviews or legitimate business registration were found.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Critical cluster

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Evidence confirms this site is a clone of login.microsoftonline.com.
  • Domain is a typosquat of microsoft.com.
Linked signals (2)
Clone of login.microsoftonline.comTyposquat of microsoft.com

Antivirus Engines

Detection matrix · live
17 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

17Malicious0Suspicious43Harmless92Engines
0
of 92
ADMINUSLabs
Malicious· malicious
alphaMountain.ai
Malicious· phishing
BitDefender
Malicious· phishing
Chong Lua Dao
Malicious· malicious
CRDF
Malicious· malicious
CyRadar
Malicious· phishing
ESET
Malicious· phishing
Forcepoint ThreatSeeker
Malicious· phishing
Fortinet
Malicious· phishing
G-Data
Malicious· phishing
Kaspersky
Malicious· phishing
Lionic
Malicious· phishing
Rising
Malicious· phishing
Seclookup
Malicious· malicious
Sophos
Malicious· phishing
VIPRE
Malicious· malware
Webroot
Malicious· malicious

17 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
Has contact info, but not on the site's domain
Emails on site's domainNone
Phone numbersNone
Postal addressPresent
Linked social profiles3
Signal Summary
Several contact red flags
  • No email uses the site's own domain — legitimate shops usually do.
  • No phone number listed on the page.
  • Page impersonates PayPal on a non-official domain.
  • Postal address visible on the page.
  • Links to 3 social profiles.

Domain & Encryption

Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresAug 31, 2026 (74d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servernginx/1.31.1

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

2 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
High likelihood
95/100
  • Page claims to be PayPal.
  • Domain is a typosquat of microsoft.com.
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.
Phishing
Moderate likelihood
35/100
  • Domain is a typosquat of microsoft.com.
  • AI analyst tagged this as phishing / data-harvesting.

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

  • Do not interact with login.offlcecommonauthcommonportal.click

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

d2ujm3cx2omv0x.cloudfront.netbusinessnewsdaily.combusiness.comfacebook.comlinkedin.comx.comcenterfield.combuyerzone.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags login.offlcecommonauthcommonportal.click as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — login.offlcecommonauthcommonportal.click scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. login.offlcecommonauthcommonportal.click presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 74 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • 17 out of 92 antivirus engines in our malware network flagged login.offlcecommonauthcommonportal.click as malicious or suspicious (17 outright malicious). Even one detection is a meaningful signal.
  • No. login.offlcecommonauthcommonportal.click is not currently listed on the major browser blocklist feeds that modern browsers use.
  • login.offlcecommonauthcommonportal.click resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 18, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around login.offlcecommonauthcommonportal.click have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·login.offlcecommonauthcommonportal.click
DANGEROUS

This is a phishing site engineered to steal Microsoft Office 365 credentials. The domain name mimics Microsoft authentication portals, multiple antivirus engines flag it as malicious, and independent threat researchers confirm it's part of active phishing infrastructure.

Do not visit this site or enter any credentials. If you received a link to this domain in an email or message, report it as phishing to Microsoft (phishing@microsoft.com) and your email provider. If you have already entered credentials on this page, change your Microsoft account password immediately and enable two-factor authentication.

AV engines
92
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust12
switchroms.io
29m ago
Read the review
Dangeroustrust41
freecinebr.pro
2h ago
Read the review
Dangeroustrust1
remendador.com
2h ago
Read the review
Dangeroustrust34
larpers.eu
3h ago
Read the review
Dangeroustrust1
bafybeicgwt5bdcgaygcy34r2ljwriuaqapesiukl6vzszdev4mxquetvse.ipfs.inbrowser.link
3h ago
Read the review
Dangeroustrust8
jns-henderson.com
3h ago
Read the review
Dangeroustrust42
fortis-lifescience.com
3h ago
Read the review
Dangeroustrust1
invest-optionfx.com
3h ago
Read the review
Dangeroustrust1
teamequinety.com
3h ago
Read the review
Dangeroustrust1
apexfortune-access.live
3h ago
Read the review
Dangeroustrust6
senff.app
3h ago
Read the review
Dangeroustrust15
naturiumun.shop
3h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.