ScanMalware.com

Security Scan Report: sandbox.wshretool.com

Redirected to: https://login.microsoftonline.com/84626e63-5afd-4182-9834-42f67d61e68c/saml2?SAMLRequest=fZJRb9sgFIX%2FisU7tnEIwSiJlDWaFqnboibdw14mjK8bJAwZF7fdv5%2FjbFordX1B4nIO93wXlqh7d1abIZ38HfwcAFP23DuPajpYkSF6FTRaVF73gCoZddh8vlVVXqpzDCmY4MgLy%2FsOjQgx2eBJttuuyI%2B6qReMa6CNnJeU83GRRnJaSqibTorazDTJvkHE0bMi4xWjEXGAncekfRpLZSVoySibHRlXrFLzRb4Q5XeSbUcW63WanKeUzqiKwoUH6%2FPemhgwdCl4Zz3kJvSF5KISIGZ0rruWciYrWssZp7zqxKIVDIQ0xYWwItn%2BD%2FgH61vrH95nbq4iVJ%2BOxz3dfz0cSbb5O4eb4HHoIR4gPloD93e3%2F7Ki9m0TnvMnPEVIIbgp5yXCFYOsl5eNmgYS12%2FKl8VLyfL62l%2FGjLvtPjhrfmUfQ%2Bx1%2Bj8Cy9lUsS3tJqmCXlu3adsIiCOKc%2BHpJoJOsCKddgikWF%2Fbvv5X698%3D&sso_reload=true

Submitted: Jan 13, 2026, 2:09:40 PMCompleted: Jan 13, 2026, 2:14:29 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 27 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://sandbox.wshretool.com

Effective URL: https://login.microsoftonline.com/84626e63-5afd-4182-9834-42f67d61e68c/saml2?SAMLRequest=fZJRb9sgFIX%2FisU7tnEIwSiJlDWaFqnboibdw14mjK8bJAwZF7fdv5%2FjbFordX1B4nIO93wXlqh7d1abIZ38HfwcAFP23DuPajpYkSF6FTRaVF73gCoZddh8vlVVXqpzDCmY4MgLy%2FsOjQgx2eBJttuuyI%2B6qReMa6CNnJeU83GRRnJaSqibTorazDTJvkHE0bMi4xWjEXGAncekfRpLZSVoySibHRlXrFLzRb4Q5XeSbUcW63WanKeUzqiKwoUH6%2FPemhgwdCl4Zz3kJvSF5KISIGZ0rruWciYrWssZp7zqxKIVDIQ0xYWwItn%2BD%2FgH61vrH95nbq4iVJ%2BOxz3dfz0cSbb5O4eb4HHoIR4gPloD93e3%2F7Ki9m0TnvMnPEVIIbgp5yXCFYOsl5eNmgYS12%2FKl8VLyfL62l%2FGjLvtPjhrfmUfQ%2Bx1%2Bj8Cy9lUsS3tJqmCXlu3adsIiCOKc%2BHpJoJOsCKddgikWF%2Fbvv5X698%3D&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #542,509 of the top 1 million websites

AI Security Verdict

Safe Website

Confidence: 92%

1
Risk Score

Redirect to official Microsoft login; no phishing indicators detected.

Safety Factors
Established domain age
Final destination is a legitimate Microsoft login page
No malicious Indicators of Compromise
Redirect follows a standard SAML request pattern
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Domain 'sandbox.wshretool.com' uses the commercial generic top-level domain (.com), featuring subdomain 'sandbox'. The core label 'wshretool' covers 9 characters split between three vowels and 6 consonants. Breaking it apart gives three words: w, sh, retool. Expect two characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://sandbox.wshretool.com

Page Load Overview

1.27s
Total Load Time
141
HTTP Requests
7
Domains
1.1 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:78 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
11352.255.226.176Washington, Virginia, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
1411--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T19AC295487A38C1BDA2232F53FAD2E8A56442734E8A51D4B0F0BF82F81794FCA4D65C56

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:agW0aJ+KDHkY9wDSl6W1J4UvIqI98yyZuDCLgBQOp2dQYuIsHJQz8KBDfp9+D/YE:w2KxbhJ4UQqV/LgBQo2vaY8KR685p7Q

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:27421:5AuIDEEKGFphBAAnxBQHVRMAjuOpgpAODIEbgsTAZYIyANItlAjMvdbgCYBACAhQeShAFj6QAYQHEFiKFiCiwiygTuAIHogm

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffe7a5e7ffffffff
Perceptual Hash:e6668c9999996366
Difference Hash:000c0c0c00000000
Wavelet Hash:1f0727270f0f0f0f
Color Hash:#3a7871

Other Hashes

Crop Resistant:000c0c0c00000000

Scan History

Scan history not available

Unable to load historical scan data