ScanMalware.com

Security Scan Report: nginx-auth.devcloud-system.gcrm.sehlat.io

Redirected to: https://login.microsoftonline.com/e20f6db1-0c59-4d26-b56c-b36bc14b34a2/oauth2/v2.0/authorize?client_id=dfe95be3-2a70-4878-9b46-1cfea628f8bd&redirect_uri=https%3A%2F%2Fid.sehlat.io%2Flogin%2Fcallback&response_type=code&scope=openid+profile+email+https%3A%2F%2Fgraph.microsoft.com%2F.default&state=v6f4H5EfncBo_Qt03MZVodC6s1Phl_VW8OWkm9R5zELvG-b5gpDJzbdSqW0Sy4iX7ijGgYsocAWgOM-aq_PbGySpPusNL9T_UkzruBf3uJn6MHv8iMj-U3U_hejMySoravLU_aOXoY0qbF7dfOI_JmvV6IyyA01cef8mQHZmUeQusGPcLvNCL_5yP-YYdeJqteY3Rl1wgZN3RZLq5kH_j7zZaMMkJ2T8IRc4hIT-hMKVP90Te6q5BLXXAAo8V57bnxsuxVPfwNdAK5mxaTwDmHxiO7Lno6fEqfIcnVdrYmoajFlwzTNRO_NKq024w9ziei_nj_d0Al9y7RlQe8Ah4FANN5o-G-G8yKwB-cJQj-tcGdSMMpwFvvhVsPJ8Ug8jYzGU_PldNJUP6uSEEgCtaGX4cZ62OkTs4NA_wiJXHpApn4NSLxaJyabISOxx1nPenhsNNW3uGSeebINwlmKmwRdnbhsS4k9b5TX-UfM8vCNyE8YJaBpjAfHxVZ4DXJrHNfmfEAjEa4qaAeL6m8t2qdHLXK792F3rEEL2cPOY90dtJIaGsBSl5UeLbPmyeYcNJ9YEh0pSg1yFpOcsUD4Ri1iYlvrrpXxMP71J2IRyNBXnMHBBJhc-pTnUQjQ8NaPEJFCxkIhcHsY09nBs6_wMquUq5W0_0A6xml_GjQyIEQkFHqOBhNMMRyc-pxfMDFVwGw67qnsi-3xe_zKQL1TiDcc0u-FcLXj55fr06jRsmrBAOEZyZ-3eYihDJnqgpEMIJKDb-FzE1HKhXSNHdfGzTPyl3mte4AOacSEYvi0sEHfQrQm8T-sBqkeVmjzdYZ6cj4k5Vo-lKd30jm9HJ3H-yi3n8h2HxZoi73InQZpwZ7mgGz0XxdyVivafHZEKnl0JgN3jZYDKTU44JsUWomCQAP2AfNlJKSDKpkp_AYnK9vKHfzEuSM7K6YvTU83p1xURjKffEKU12xAaLyyagZOlVo6uOuUa6q8OGxl7yMdrhDU1QCq-2G6j_Q_mipCe9dTteVmFxtqjwS2Q1f6MUTjiDXQA9SVkwmJy6xvvdq_BbGW6MK-Ca-cbhjERNAFy-RjumQSshEj62iPXVe51ccZ5wLv7mKZJ1D5GOMFUbMTeCfyct4T3sZcvn3u5ZWg7j03hi9MAqicsK2lfBxSJ13R7rMAhieK6UlWMI_caLA_2IGd3tccblNs1NtW5QHUHB55EYpP_fQI2Z3E20e2h_VioTlVuWFSAZdRXK0UHsopw7X0ZhD1QTDvXbmi6Gti6PYEWP7BBM4tFJKWoQWRm3YVNgoG59KZjlG-27dLPSr-6M5Laz1apecop_QB6o3BIF0p8Hzc57AtNC6QyGWNPLaxYQf0SrNND6TWIIWfcKt568-mWL_WuMmQBvohF7myEpsW7HacV&sso_reload=true

Site favicon
Submitted: Mar 4, 2026, 9:40:26 PMCompleted: Mar 4, 2026, 9:41:42 PMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 5 countries across 6 domains to perform 19 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://nginx-auth.devcloud-system.gcrm.sehlat.io/login?rd=https://pcm-br-approval-frontend-pre-pcm-br-approval-933.gcrm.sehlat.io%2Fclient-review%2F1b534ede-e1b5-48df-8f04-f0e9f098f0ba

Effective URL: https://login.microsoftonline.com/e20f6db1-0c59-4d26-b56c-b36bc14b34a2/oauth2/v2.0/authorize?client_id=dfe95be3-2a70-4878-9b46-1cfea628f8bd&redirect_uri=https%3A%2F%2Fid.sehlat.io%2Flogin%2Fcallback&response_type=code&scope=openid+profile+email+https%3A%2F%2Fgraph.microsoft.com%2F.default&state=v6f4H5EfncBo_Qt03MZVodC6s1Phl_VW8OWkm9R5zELvG-b5gpDJzbdSqW0Sy4iX7ijGgYsocAWgOM-aq_PbGySpPusNL9T_UkzruBf3uJn6MHv8iMj-U3U_hejMySoravLU_aOXoY0qbF7dfOI_JmvV6IyyA01cef8mQHZmUeQusGPcLvNCL_5yP-YYdeJqteY3Rl1wgZN3RZLq5kH_j7zZaMMkJ2T8IRc4hIT-hMKVP90Te6q5BLXXAAo8V57bnxsuxVPfwNdAK5mxaTwDmHxiO7Lno6fEqfIcnVdrYmoajFlwzTNRO_NKq024w9ziei_nj_d0Al9y7RlQe8Ah4FANN5o-G-G8yKwB-cJQj-tcGdSMMpwFvvhVsPJ8Ug8jYzGU_PldNJUP6uSEEgCtaGX4cZ62OkTs4NA_wiJXHpApn4NSLxaJyabISOxx1nPenhsNNW3uGSeebINwlmKmwRdnbhsS4k9b5TX-UfM8vCNyE8YJaBpjAfHxVZ4DXJrHNfmfEAjEa4qaAeL6m8t2qdHLXK792F3rEEL2cPOY90dtJIaGsBSl5UeLbPmyeYcNJ9YEh0pSg1yFpOcsUD4Ri1iYlvrrpXxMP71J2IRyNBXnMHBBJhc-pTnUQjQ8NaPEJFCxkIhcHsY09nBs6_wMquUq5W0_0A6xml_GjQyIEQkFHqOBhNMMRyc-pxfMDFVwGw67qnsi-3xe_zKQL1TiDcc0u-FcLXj55fr06jRsmrBAOEZyZ-3eYihDJnqgpEMIJKDb-FzE1HKhXSNHdfGzTPyl3mte4AOacSEYvi0sEHfQrQm8T-sBqkeVmjzdYZ6cj4k5Vo-lKd30jm9HJ3H-yi3n8h2HxZoi73InQZpwZ7mgGz0XxdyVivafHZEKnl0JgN3jZYDKTU44JsUWomCQAP2AfNlJKSDKpkp_AYnK9vKHfzEuSM7K6YvTU83p1xURjKffEKU12xAaLyyagZOlVo6uOuUa6q8OGxl7yMdrhDU1QCq-2G6j_Q_mipCe9dTteVmFxtqjwS2Q1f6MUTjiDXQA9SVkwmJy6xvvdq_BbGW6MK-Ca-cbhjERNAFy-RjumQSshEj62iPXVe51ccZ5wLv7mKZJ1D5GOMFUbMTeCfyct4T3sZcvn3u5ZWg7j03hi9MAqicsK2lfBxSJ13R7rMAhieK6UlWMI_caLA_2IGd3tccblNs1NtW5QHUHB55EYpP_fQI2Z3E20e2h_VioTlVuWFSAZdRXK0UHsopw7X0ZhD1QTDvXbmi6Gti6PYEWP7BBM4tFJKWoQWRm3YVNgoG59KZjlG-27dLPSr-6M5Laz1apecop_QB6o3BIF0p8Hzc57AtNC6QyGWNPLaxYQf0SrNND6TWIIWfcKt568-mWL_WuMmQBvohF7myEpsW7HacV&sso_reload=trueRedirected

AI Security Verdict

Moderate Risk

Confidence: 92%

6
Risk Score

Login page forwards credentials to Microsoft; likely a legitimate SSO but cross‑origin credential submission warrants caution.

Risk Factors
Cross‑origin credential form sending email/password to an external domain (login.microsoftonline.com)
Safety Factors
Domain age > 10 years (well‑established)
No malicious Indicators of Compromise detected
No JavaScript malware patterns detected
No network IDS alerts detected
Final destination is a legitimate Microsoft login service
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

You're looking at domain 'nginx-auth.devcloud-system.gcrm.sehlat.io' on the British Indian Ocean Territory country-code top-level domain (.io); it also runs on subdomain 'nginx-auth.devcloud-system.gcrm'. Count 6 characters in 'sehlat' split between 2 vowels and four consonants. Word splitting yields 3 words: se, hl, at. Expect 2 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://nginx-auth.devcloud-system.gcrm.sehlat.io/login?rd=https://pcm-br-approval-frontend-pre-pcm-br-approval-933.gcrm.sehlat.io%2Fclient-review%2F1b534ede-e1b5-48df-8f04-f0e9f098f0ba

Page Load Overview

1.65s
Total Load Time
19
HTTP Requests
6
Domains
452 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
320.190.147.2Paris, Île-de-France, France
AS8075Microsoft Corporation
213.107.246.45United States
AS8075Microsoft Corporation
240.68.146.194Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
220.190.147.3Paris, Île-de-France, France
AS8075Microsoft Corporation
223.207.210.137Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
240.126.53.9Sweden
AS8075Microsoft Corporation
220.73.196.4Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
223.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
220.190.147.5Paris, Île-de-France, France
AS8075Microsoft Corporation
199--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T116A38ED57EB26937464A44BDB07AAE02AB76A9078C4CDEA4F10CCD842FFA71D4137607

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:Dznfn08GLGGa3A3KnCiEnB3S3r3Z3omNo5IyEk77gx2xpTvPoMmCBxEqrdi73GC:Xf08FCiEeNZ32RAAC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:99571:cEEsRCNKClPqk3iwYAIVsKoqJDiYKjCQLARgJw6QUAAAhyQGLEbsSAiwGY9AYnCAVFwjAQQAqmGKSAhGlACklCbxYOEwAmBU

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:fffffe1818180000
Perceptual Hash:9dc8233ecdd1998c
Difference Hash:204db23232325cfe
Wavelet Hash:ffffff9a18180000
Color Hash:#34862d

Other Hashes

Crop Resistant:82a0eabab2b283b2,ba80c03034e080be,204db23232325cfe

Scan History

Scan history not available

Unable to load historical scan data