JavaScript is required to use the scan form. Reading existing reports works without it.

login-stage.iws-action.com

Category: Phishing

Scanned: Jun 7, 2026, 08:10 PM UTC · First seen: Jun 7, 2026 · Threat Engines: 14 / 91 · Times Scanned: 1

5 / 100 Trust Score Based on scan findings at the time of analysis

Potentially Dangerous

0 - High Risk50 - Moderate100 - No Threats

Fresh scan recommended

Last scanned 16 days ago - security status may have changed since then.

Not scanned has not been scanned yet. Hit Scan Now to check it.

Scans can take up to 5 minutes to complete. Please keep this tab open - we'll redirect you to the report when it's ready.

Failed

Scan unavailable

Scan failed

Protect yourself from potentially harmful websites

Combo Cleaner's real-time web protection module actively blocks access to scam, phishing & malware-infected websites.

★★★★★ 4.8 / 5 Recommended by PCrisk.com editors Windows · Mac · Android · iOS

Download Combo Cleaner Free scan · no signup

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Screenshot of login-stage.iws-action.com Captured Jun 7, 2026

https://login-stage.iws-action.com

This website has been flagged as potentially harmful

Screenshot blurred for safety. Multiple security engines flagged potential threats at the time of scanning.

Domain Age 10 years (iws-action.com)

Popularity Rank Not Ranked - This website does not appear in the Tranco top list

Threat Databases Flagged by 14 of 91 engines

SSL Certificate ✓ Valid (TLS)

Hosting Provider Microsoft Corporation

Server Location Los Angeles, United States

Web Server Unknown

CMS Platform Unknown

IP Address 150.171.110.117

Domain & WHOIS Information

Registrar Network Solutions, LLC

Registered September 24, 2015 (iws-action.com)

Expires September 24, 2030

Name Servers ANAHI.NS.CLOUDFLARE.COM

DNSSEC Unsigned

Hosting Microsoft Corporation

This is a subdomain of iws-action.com. The WHOIS data above belongs to the parent domain, not to login-stage.iws-action.com. The actual creation date of this subdomain is unknown and could be much more recent than the parent.

Reputation & Threat Check 91 security engines checked

14 of 91 engines flagged this website Flagged by 14 security vendors at the time of scanning

Not flagged Flagged

Flagged by 14 of 91 engines

Direct Threat Database Sources

Google Listed Spamhaus DBL Not listed SURBL Listed Spamhaus ZEN Not listed Barracuda Not listed SpamCop Not listed Spamhaus ZRD Not listed URLhaus Not listed Phishtank Not listed QBMA Not listed

View detailed engine results on VirusTotal

File Scan Summary Powered by Quttera Engine

1 file scanned

No threats

Low Risk

Medium Risk

High Risk

No threats Low Risk Medium Risk High Risk

External Links & Domains

External Links

All Clean

Iframes

Clean

Referenced Domains

All Clean

Flagged Resources

None Detected

Description of login-stage.iws-action.com

The domain login-stage.iws-action.com appears to host a web login page rather than a full public-facing website. Based on the page title, screenshot, and subdomain naming, it presents itself as a sign-in portal and uses branding that resembles a Microsoft account login experience. The parent domain iws-action.com does not appear, from the provided data alone, to be an official Microsoft-owned domain.

The subdomain structure "login-stage" may suggest a staging, testing, or campaign-related environment, but the visible content is a credential-entry form asking for email, phone, or Skype details. Because the page is focused on account access rather than general information or services, its apparent purpose may be to collect user login credentials from visitors who believe they are signing in to a familiar third-party service.

Safety Assessment for login-stage.iws-action.com

The scan results indicate substantial risk signals at the time of this scan. The URL was flagged by 14 out of 91 security engines, with many classifying it as phishing or otherwise malicious. In addition, it was listed in a major safe-browsing database for social engineering, and the screenshot shows a login page that visually resembles a Microsoft sign-in screen while being hosted on an unrelated domain. That combination is commonly associated with credential-harvesting activity.

Although the malware scan did not identify malicious files on the page itself, phishing pages often rely on deceptive forms and branding rather than downloadable malware. The domain is relatively old, which can sometimes lend credibility to a site, but age alone does not offset the stronger phishing indicators present here. Based on these findings, this website may pose potential risks to visitors.

Technical Description

The site presented a valid TLS certificate issued by a mainstream certificate authority, with expiry in October 2026. It resolves to an IP address hosted by Microsoft Corporation in Los Angeles, and its nameservers are provided through Cloudflare. DNSSEC appears to be unsigned based on the supplied WHOIS and DNS data.

From a security perspective, the presence of HTTPS should not be treated as proof of legitimacy; phishing pages commonly use valid certificates as well. The main technical concern here is not transport encryption but the apparent mismatch between the domain name and the branded login experience shown on the page, alongside multiple phishing detections and blacklist listings at the time of the scan.

HTTP Redirect Chain

302 https://login-stage.iws-action.com/

302 https://www.office.com/login

200 https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639164597764268474.MjVlZDBkOWMtZGVkNS00ZTExLWFmNDItZmFhYTk3ZDhiZDk3MThjMWU0MDQtMjY2MC00MmMzLTlmMWYtOWMwMGFjYzZlNjEy&ui_locales=en-US&mkt=en-US&client-request-id=7270300a-c68a-420a-9b13-6bbd4679840c&state=q4HgCLrlWw5_koMVg6DN5Ud7xvlCf1axOkBe0bbeOKb0FRwacdbkTvcxDhAjhIRTiChoBZDlvrnmVLYn_UwK0sMdjmKJl5aTIHJF67UNckaSzmawvQo78LYTvE1f7lAaN8Pc_4-Zl5gH7hecXQfA1hunoAMDBmd9RAKQQulTuNkOtKNXvp9Zx5GOI5nWzX2Xr89-5jVKgyZXSx8GOInnVQb7ClgE0IWHh-8vd6dFfIghiLHhk4D-E0VvChw2bgTnKcpDxz5Iry4JYgkqQ_UjVARKRm5iC5pn5pXyVLkFreFFMHFnA7jLBnO58ZsJKTtc0-OsxuvMoeUZf8Wg4pv2G_5CNZVWbUntI2wfc4NdXWWiQGe0zg_rqXMDrviidjqt7XO50tISux53vKRT3CopiPi8pm-t25pDfjoVWqXMzs8&x-client-SKU=ID_NET8_0&x-client-ver=8.14.0.0

Website Insights

Popularity

Not Ranked

Tranco Rank

Not in Top 1M

Visitors Unknown

Category: Phishing

Rank History (30 days)

No rank data available

15 cookies detected

Essential15

Analytics0

Advertising0

Social0

4 1st party cookies

11 3rd party (trackers)

Dispute This Score For website owners

Believe this score is inaccurate?

If you are the website owner and believe the scan results contain errors or false positives, you can submit a dispute for manual review. Our team typically responds within 1-2 business days.

Your Email *

Your Name

Domain *

Dispute Reason *

Additional Details *

You will be asked to verify your email before the dispute can be processed.

By submitting this form, you confirm that the information provided is accurate. Disputes are reviewed manually and results may take up to 48 hours to update.

One more step..

To submit your dispute for login-stage.iws-action.com, please click the verification link we just emailed you. Once verified, we'll review it within 1–2 business days.

This report was generated automatically and is provided for informational purposes only. Results are based on a point-in-time scan and may contain false positives or incomplete data. This does not constitute a security audit or certification. No vendor in the market can guarantee a 100% detection rate. If you believe this report is inaccurate, please submit a dispute.

Similar Recently Scanned