ScanMalware.com

Security Scan Report: cdwcrm.my.salesforce.com

Redirected to: https://login.microsoftonline.com/de9231de-45f4-4325-ae07-8ae72052517e/saml2?SAMLRequest=hZLbbuIwEIZfJfJ9Qo7koEIVEkqActicWriJQmKIIbFZ2wHap9%2BItlJXK3VH8sVo%2Fpl%2FbH8Pj7emFi6QMkTwACiSDASIC1IifBiAJH4SLfA4fGB5U6tnx215hUP4u4WMC10jZs5HZQBaih2SM8QcnDeQObxwInfx7KiS7Jwp4aQgNRBcxiDlnZVHMGsbSCNIL6iASfg8ABXnZ%2Bb0ekV5LWgjNW8Sy2vI9oQWUCpIAwS%2F80U45%2Fddv%2BQ1OSAsNaighJE9J7hG%2BK7vldBWNaWEom7sdVHXVEPMoWyKVg5NVTZUQzFh734BIEz9AchUz%2B1iqy7MYHFd%2BO4%2Fp6uORr5bXrbM7Vf6bZsdZqOoKDfLo72nzUZdRIguqlfFj0f1yXRjLQmfChedVsaEW%2BN6WU3fvLfTKUFHPR3bk%2BqcWvOZZe6D4H1u1X6LrshiZbCZFKRw94fJ9OUlNKs8fmk1T8tWOItjT4tMO29pLpp0FiBSn3eZO7PJWONKplb4eNuFLrx5kT8%2F69oyIWKsvOcjXlvK5JDMN7enVenrm0TVjut8fFGerwzr6zQ6hdv0OG2DTN7p%2Faz6lSbulFJ5k5wul%2FFrGMg2QzNvydNr91qMtXCKGc8xHwBVVvuirImKGSt9x%2Bg7mi31dWMLhPXnz48Q%2FiDqJ0x2HyLmBHG8FterKAZC%2BkVmJwCfHDp3d%2FodwJ8H51%2FUgeH%2FGHvofbcYfqZ%2Fkz%2F8Aw%3D%3D&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nwHuybQ2RutGpZ8mThZVmZnGk4dwiPMoc6EIGNCVx4I5AF11MOB0muzvilM7twL8vMfbR26jb3IEuhKN7tUicBoA4%2BlV%2F5uS4pLI7jAXO%2B3V3n5tIwib4%2BW2qsx5phpkeNVLYCACl%2BBl7sQT%2BrkikZfmegKK0Xhcn97jMYkKLzxWUmxA%2FL4XLAOu5D%2F9US834dw%2FuX48vHdj0WVWuEMMI2O8Ra%2BKwrgPW6mZYh0iFqGe%2BnoCbKvr58YZLcUYZbw44D%2BWIP8Ke1yjSaDpUbbheGnc7u3VO9E%2FboBuj4vn7E%2F9hWKnAIDMGUmLcAku8tHZAjZSZ85NWaMqgfeZDECDyG9DrMgrf5SACTn3fmP1xnxxH87O7WoFuuoI1495EoVLfDTYAR%2ByNOX2z5nqKqgqosHaecOhMIqdUWWT86BGWONHHBDUkEq9NCw4Nu4fSjpl2K0SyHbrZ80BwK9XCS%2Fw379C7YNMG79Kb1xbRHFTiDW0Szu4%2BxkfpsR4%2BPUsNdzeLyvmeqsygRg6zqVgxZ%2BU5ZYWWtD5lHuVa377MU3T07kdJh8G8srhQuLNL11X0dOyYP02j3ak1GmmZdnHnebnVOmbMEPqjIu8FT%2FOy0KTeWcZCv3odcdZDO%2BC6EE5w1S14bIzFUJIv%2BgsCuQ7XsLxo7g7HtHAX8d5dWdQ2%2FMMKHc%3D&sso_reload=true

Submitted: Mar 17, 2026, 4:56:37 PMCompleted: Mar 17, 2026, 4:57:47 PMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 47 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://cdwcrm.my.salesforce.com

Effective URL: https://login.microsoftonline.com/de9231de-45f4-4325-ae07-8ae72052517e/saml2?SAMLRequest=hZLbbuIwEIZfJfJ9Qo7koEIVEkqActicWriJQmKIIbFZ2wHap9%2BItlJXK3VH8sVo%2Fpl%2FbH8Pj7emFi6QMkTwACiSDASIC1IifBiAJH4SLfA4fGB5U6tnx215hUP4u4WMC10jZs5HZQBaih2SM8QcnDeQObxwInfx7KiS7Jwp4aQgNRBcxiDlnZVHMGsbSCNIL6iASfg8ABXnZ%2Bb0ekV5LWgjNW8Sy2vI9oQWUCpIAwS%2F80U45%2Fddv%2BQ1OSAsNaighJE9J7hG%2BK7vldBWNaWEom7sdVHXVEPMoWyKVg5NVTZUQzFh734BIEz9AchUz%2B1iqy7MYHFd%2BO4%2Fp6uORr5bXrbM7Vf6bZsdZqOoKDfLo72nzUZdRIguqlfFj0f1yXRjLQmfChedVsaEW%2BN6WU3fvLfTKUFHPR3bk%2BqcWvOZZe6D4H1u1X6LrshiZbCZFKRw94fJ9OUlNKs8fmk1T8tWOItjT4tMO29pLpp0FiBSn3eZO7PJWONKplb4eNuFLrx5kT8%2F69oyIWKsvOcjXlvK5JDMN7enVenrm0TVjut8fFGerwzr6zQ6hdv0OG2DTN7p%2Faz6lSbulFJ5k5wul%2FFrGMg2QzNvydNr91qMtXCKGc8xHwBVVvuirImKGSt9x%2Bg7mi31dWMLhPXnz48Q%2FiDqJ0x2HyLmBHG8FterKAZC%2BkVmJwCfHDp3d%2FodwJ8H51%2FUgeH%2FGHvofbcYfqZ%2Fkz%2F8Aw%3D%3D&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nwHuybQ2RutGpZ8mThZVmZnGk4dwiPMoc6EIGNCVx4I5AF11MOB0muzvilM7twL8vMfbR26jb3IEuhKN7tUicBoA4%2BlV%2F5uS4pLI7jAXO%2B3V3n5tIwib4%2BW2qsx5phpkeNVLYCACl%2BBl7sQT%2BrkikZfmegKK0Xhcn97jMYkKLzxWUmxA%2FL4XLAOu5D%2F9US834dw%2FuX48vHdj0WVWuEMMI2O8Ra%2BKwrgPW6mZYh0iFqGe%2BnoCbKvr58YZLcUYZbw44D%2BWIP8Ke1yjSaDpUbbheGnc7u3VO9E%2FboBuj4vn7E%2F9hWKnAIDMGUmLcAku8tHZAjZSZ85NWaMqgfeZDECDyG9DrMgrf5SACTn3fmP1xnxxH87O7WoFuuoI1495EoVLfDTYAR%2ByNOX2z5nqKqgqosHaecOhMIqdUWWT86BGWONHHBDUkEq9NCw4Nu4fSjpl2K0SyHbrZ80BwK9XCS%2Fw379C7YNMG79Kb1xbRHFTiDW0Szu4%2BxkfpsR4%2BPUsNdzeLyvmeqsygRg6zqVgxZ%2BU5ZYWWtD5lHuVa377MU3T07kdJh8G8srhQuLNL11X0dOyYP02j3ak1GmmZdnHnebnVOmbMEPqjIu8FT%2FOy0KTeWcZCv3odcdZDO%2BC6EE5w1S14bIzFUJIv%2BgsCuQ7XsLxo7g7HtHAX8d5dWdQ2%2FMMKHc%3D&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #1,775 of the top 1 million websitesTop 10K Site

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

Phishing login page impersonating Microsoft, harvesting credentials on a Salesforce subdomain.

Risk Factors
Cross‑origin credential form (email+password) to a different domain
Brand impersonation: Microsoft login page hosted on a non‑Microsoft domain
Highly obfuscated JavaScript indicative of hidden behavior
Login form detected (risk score 6/10)
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Within the commercial generic top-level domain (.com), 'cdwcrm.my.salesforce.com' is registered; it also runs on subdomain 'cdwcrm.my'. Its registrable label 'salesforce' stretches across 10 characters with four vowels and 6 consonants. Word splitting yields 2 words: sales, force. Expect 5 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://cdwcrm.my.salesforce.com

Page Load Overview

1.39s
Total Load Time
32
HTTP Requests
6
Domains
1.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
820.190.160.14United States
AS8075
423.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
440.126.31.67Ireland
AS16509
413.107.246.44United States
AS8075Microsoft Corporation
420.44.10.122UnknownUnknown
420.190.160.4UnknownUnknown
435.158.127.52UnknownUnknown
327--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A4835DEA7FA2183B828A41B5B0B57D02AA769903DC4CDDA0F09CCD842FFA75D9137517

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:j28GLG29VY9pQ2oIyEk77gx2xpTvPoMmCB/Evl2iLfC:K8IVY9S2J32RApfC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:83053:mpAqRgjAwCJNIAMSQjE4otEkEAQFZygdEEwIQhDInMAMmCcj6QQuKJqNOgBABBAJWLUABAEYYAAlVYZYgKEBGxiaLIgisEYz

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:706018581818107e
Perceptual Hash:c8e92666c95c9d1e
Difference Hash:a783b3b2b3b1f5d0
Wavelet Hash:f3785bf81818107f
Color Hash:#bf4084

Other Hashes

Crop Resistant:e26062b2b2a28382,9080c03034c08090,a783b3b2b3b1f5d0

Scan History

Scan history not available

Unable to load historical scan data