ScanMalware.com

Security Scan Report: iroc-sso-azure-login.aueibrasil.workers.dev

Redirected to: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=2247d63d-33af-4c46-9eb1-b83d2763bc3a&response_type=code&redirect_uri=https%3A%2F%2Firoc.seg.br%2Fauth%2Fcallback&response_mode=query&scope=openid%20profile%20email%20User.Read&sso_reload=true

Submitted: Mar 14, 2026, 2:30:36 PMCompleted: Mar 14, 2026, 2:31:47 PMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://iroc-sso-azure-login.aueibrasil.workers.dev/

Effective URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=2247d63d-33af-4c46-9eb1-b83d2763bc3a&response_type=code&redirect_uri=https%3A%2F%2Firoc.seg.br%2Fauth%2Fcallback&response_mode=query&scope=openid%20profile%20email%20User.Read&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 88%

8
Risk Score

Phishing page mimicking Microsoft login on a workers.dev subdomain; avoid and report.

Risk Factors
Brand impersonation on an unranked, non‑official domain
Login form on a newly created subdomain
Cross‑origin credential submission
High JavaScript obfuscation indicating hidden behavior
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Within the developer-focused generic top-level domain (.dev), 'iroc-sso-azure-login.aueibrasil.workers.dev' is registered with subdomain 'iroc-sso-azure-login.aueibrasil'. The second-level label 'workers' is 7 characters long containing 2 vowels alongside 5 consonants. Splitting it apart reveals one word: workers. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://iroc-sso-azure-login.aueibrasil.workers.dev/

Page Load Overview

0.98s
Total Load Time
17
HTTP Requests
4
Domains
408 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
540.126.31.0Dublin, Leinster, Ireland
AS8075Microsoft Corporation
323.207.210.137United States
AS13335
320.190.160.64IrelandUnknown
3188.114.96.3United States
AS13335Cloudflare, Inc.
313.107.213.44United States
AS8075Microsoft Corporation
175--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T165734AEA7EA2293B824A41B5B5B57D02AE7659038D4CCCA0F09CCDC42FF775D8127A17

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:jk8GLG21kiZUoIyEk77gx2xpTvPoMmCBPEfiicLC:o8iPUJ32RAOC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:78694:QhAGRMXy7GBAIoDWyQ4AkAIjMhBiBQACODwAIIBMQxtCTwfhQYGIIlcI5ORBCIEakgAnenIGwIQgJYDC7cnBwEBAB5INAGkF

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5eee6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#ac536e

Other Hashes

Crop Resistant:88e4d2d3e5eee6e6

Scan History

Scan history not available

Unable to load historical scan data