ScanMalware.com

Security Scan Report: prod1.ar-us.blackline.com

Redirected to:
https://login.microsoftonline.com/common/oauth2/authorize?client_id=a6...
Site favicon
Submitted: Jun 20, 2026, 4:06:24 AMCompleted: Jun 20, 2026, 4:23:45 AMpubliccompleted
Loading additional data...

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 2 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://prod1.ar-us.blackline.com

Effective URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=a67219bc-eb55-469b-86e7-fc8e5541a45d&redirect_uri=https%3A%2F%2Fprod1.ar-us.blackline.com%2FApp_pages%2FAdmin%2Flogin.aspx&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DE0XvRvWvwPGCWzQZ_5UDU5TV5QcAdRiv-ht1-8LBtr3feKk6z_Et_LARXCxIIMNZpA90TsiqIM-IIb0nvzQ6S5JBTFHdS3dphKUx2Wf_VuuAyWS9LAGA9GIyE84DG_RvKu5LZa9-trg2HaBb8ny1v7zWR7UgPWLu6zCz9xq40Re6O0vpKKWBUW-xhdpf0xcAsErXYsPucbZKkrxWN87U5hNS62VDeslYyU5UlaKvBfEzUTKHSCB5iknmbQ6IqaYBTP3jcA&response_mode=form_post&nonce=639175261601122394.Mzg2NjZmZWEtNGRhNC00M2UxLTk4MDEtMTExNjIwMzg5MTcyM2JkZDNkNTQtYjgzMi00MThlLWE5OWEtYzgwNjZiZWNiNDA4&x-client-SKU=ID_NET472&x-client-ver=8.14.0.0&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #44,068 of the top 1 million websites

AI Security Verdict

Low Risk

Confidence: 78%

2
Risk Score

Page likely a phishing login page impersonating Microsoft; avoid interaction.

Risk Factors
Brand impersonation of Microsoft on non‑official domain
Credential collection form on third‑party domain
Highly obfuscated JavaScript
Safety Factors
Domain age > 29 years (well‑established)
No malicious IoC or YARA matches
No network IDS alerts
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 7 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 'prod1.ar-us.blackline.com' uses the commercial generic top-level domain (.com) with subdomain 'prod1.ar-us'. Its registrable label 'blackline' stretches across 9 characters containing 3 vowels alongside 6 consonants. Word splitting yields 2 words: black, line. Average segment length settles at 4.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://prod1.ar-us.blackline.com

Page Load Overview

1.48s
Total Load Time
18
HTTP Requests
5
Domains
467 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
620.190.160.2Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
440.126.31.69Dublin, Leinster, Ireland
AS8075Microsoft Corporation
4172.64.147.116United States
AS13335Cloudflare, Inc.
423.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
184--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T15C935BE57EE61D37878A45B1B5B53D06AE7A5E039C48CD60B19C88C82FFA34D8133653

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:Fu8GLG2GA4kuXB6ZxUko6IZ9Tjuokmap5vPoMLuf0U0fiiiihC:U8JA4kuXB6Ykka/A1ihC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:89822:AZMAREAAAVSmGhLV62QCweKBB5QeQpKM9AgAYuEgBQboCUDiOA6JENqEugBY8TAAoFAwahgJAQsyAIkAAECQDlGEptVJAJoF

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f3737
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#8be06c

Other Hashes

Crop Resistant:88e4d2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data