ScanMalware.com

Security Scan Report: dealers.sandhills.com

Redirected to:
https://identity.sandhillslogin.com/Account/Login?ReturnUrl=%2Fconnect...
Site favicon
Submitted: May 19, 2026, 6:39:58 AMCompleted: May 19, 2026, 6:42:00 AMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 1 country across 6 domains to perform 25 HTTP transactions. The main domain is identity.sandhillslogin.com and was registered NaN years ago.

Submitted URL: https://dealers.sandhills.com

Effective URL: https://identity.sandhillslogin.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDS_SSO%26redirect_uri%3Dhttps%253A%252F%252Fdealers.sandhills.com%252FDomainAuthority%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%26code_challenge%3Dyvs2fAprOTwajVprdHT3HJYP1BXOHtOXihMWKnyzg2A%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D639147696049641832.YWQ4OTJhNTktNDA5Yi00NmVlLWJkZDktZDAzM2QwMTBhYzJjOGY1ZmIwODAtZjViOC00YjkyLWFlNmMtZjMxZjk0ZDgxM2Qx%26did%3D14237%26state%3DCfDJ8Km65g3yo5JIoIDvT99pCcQW_Df4jXWbTmkbuiTse_eKyWvJ94kKVr5QFrZON4LKzUFVDHSl5LACQ4B8BO8QnslWQLsGXdS68rURwX37BAp7UeT6DbHPx6LcCIeq9hTxN-OojU-WycnM9ROufK5c3IJz7alxcXMSJtkS1iAro-KNH_Nes00F4jKN9O_1c-Cr88BbSXPSNSnD5TkaP2rBa4R-P0HvCixL22cM3S4fZ4prF8FhXW7FHRfNxKZjjzXA-D6CjZZZ5jn7LtvBR9PT5Bzu_Ksv0WIlIdcXI-ujKdPdSYN-FsLOQZ1LMjYciugn-snx5R5_DsE-nUGJWhVrtHFDFrmKVlvRn_O7SKcru3L7gXpTS9HTNGhVY2uu2GBzfZUPYaWIo-81ZOi_haPVDJriauWC9ztStxOz6dzUop8VqWv7Bi9TqDdFFvgFjZjqPQ_lcf_ocrlA0dEX9u0F6-Ovyh3YKBlcv2TQSgvXUTn840sbtylBb0P9Bu4ZGdm5odIy5UoDIkoipZ1HZDYIzQU%26x-client-SKU%3DID_NET8_0%26x-client-ver%3D7.1.2.0Redirected

The Cisco Umbrella rank of the primary domain is #86,030 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 94%

10
Risk Score

The site impersonates Sandhills, collects credentials on a suspicious new domain, and triggers critical malware alerts – confirmed scam.

Risk Factors
Brand impersonation with credential collection on unrelated domain
Critical IDS alerts indicating malware/C2 activity
Multiple redirects to a new domain
Unknown age of the authentication domain
Cross‑origin form submission to a non‑official domain
Domain age information unavailable

Details

Page Title

Sandhills Log in

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(74%)

Domain Information

Within the commercial generic top-level domain (.com), 'dealers.sandhills.com' is registered; it also runs on subdomain 'dealers'. The core label 'sandhills' covers 9 characters containing two vowels alongside 7 consonants. Tokenizing the label suggests 2 words: sandhill, s. Expect 4.5 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://dealers.sandhills.com

Page Load Overview

20.26s
Total Load Time
34
HTTP Requests
9
Domains
344 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:2,261 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software74% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
74%
documentation technical
64%
government public service
62%
corporate business
32%
adult content
26%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
9172.64.144.135United States
AS13335Cloudflare, Inc.
5142.251.157.119United States
AS15169Google LLC
5172.64.145.242United States
AS13335Cloudflare, Inc.
5104.18.42.14United States
AS13335Cloudflare, Inc.
5142.251.14.94United States
AS15169Google LLC
5192.178.183.97United States
AS15169Google LLC
346--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C1B2086294F29C230A4186C0B1E1FB99AED6E35BAF448DC0BF6C0F612FDBD81542365D

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

384:QB1caek2v6LsRixR71G0ITe1sAoMkeNznsRtbffajsRDJAu5:E1caek2v6LSio0FNznS5ajS9Au5

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:23733:WEhhFwsbjICgGCaNiQCLWwQiQYCAIGDVtMADRREQuAYkQImCKKJPNC5SOSIukYEKgKeQEylEhLSSxiwSMApJBTFAEhPgBpMI

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:e7e7ffe7e7e7e7e7
Perceptual Hash:f3dd22cc338859cc
Difference Hash:0c0c0c0c0c4c0c4d
Wavelet Hash:e6e6e6e624242626
Color Hash:#9787c5

Other Hashes

Crop Resistant:0c0c0c0c0c4c0c4d

Scan History

Scan history not available

Unable to load historical scan data