ScanMalware.com

Security Scan Report: ycloud.accounts.ondemand.com

Redirected to:
https://accounts.sap.com/saml2/idp/sso
Site favicon
Submitted: May 6, 2026, 10:09:54 PMCompleted: May 6, 2026, 10:11:04 PMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 1 country across 2 domains to perform 13 HTTP transactions. The main domain is accounts.sap.com and was registered NaN years ago.

Submitted URL: https://ycloud.accounts.ondemand.com

Effective URL: https://accounts.sap.com/saml2/idp/ssoRedirected

The Cisco Umbrella rank of the primary domain is #8,485 of the top 1 million websitesTop 10K Site

AI Security Verdict

High Risk

Confidence: 78%

8
Risk Score

The site presents a high‑risk credential phishing scenario due to a critical IDS alert, heavy JS obfuscation, and a login form impersonating SAP on a third‑party domain.

Risk Factors
Critical IDS alert indicating possible data exfiltration
Critical JavaScript obfuscation behavior
Credential collection form on a domain not matching the brand
Potential brand impersonation of SAP
Large HTTP POST request pattern
Domain age information unavailable

Details

Page Title

SAP C/4HANA Identity: Sign In

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(66%)

Domain Information

Within the commercial generic top-level domain (.com), 'ycloud.accounts.ondemand.com' is registered; it also runs on subdomain 'ycloud.accounts'. Its registrable label 'ondemand' stretches across 8 characters holding 3 vowels versus five consonants. Segmentation suggests 2 words: on, demand. Median word length comes out to four characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://ycloud.accounts.ondemand.com

Page Load Overview

1.37s
Total Load Time
13
HTTP Requests
2
Domains
499 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:221 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software66% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
66%
cryptocurrency blockchain
41%
social_media
25%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7130.214.144.159United States
AS35039SAP SE
6130.214.144.214United States
AS35039SAP SE
132--

Detected Technologies2

PasswordField
100%
HSTS
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T15B92D83094607C3750437ADD25D5EF0ABB5B9119CF068418B9BC8BD40BA7E225A3B7BE

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

384:oXoq5WiBJMpLKQbpD/DvpD5kPF0yF46rstTZbFlEvyL:oXoYWyy5KQbtDvpu9JbstTZbFlEvyL

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:20255:poowNukhJQmqAhLCAhv0AAEMmiMgxpgVbBoMkBAgcBElJKAGaBhJIoispOAYBESgQMgggoYxmkUEQCyX0wqSFAE2BgUj5aAj

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:1808080018100008
Perceptual Hash:999922cc9b66cc9b
Difference Hash:10121a1c32340408
Wavelet Hash:d8c8d8c0d8d8c0f8
Color Hash:#98d279

Other Hashes

Crop Resistant:10121a1c32340408

Scan History

Scan history not available

Unable to load historical scan data