ScanMalware.com

Security Scan Report: vodafone-icon-sp.irmsecurity.com

Redirected to: https://login.microsoftonline.com/600fc84d-b45f-4cc5-8ea4-63619872e13f/saml2?SAMLRequest=jZJRb9owFIXf%2BRWV353ExJhgARIrW4fEABW2h71MxrluLSV26ut0679vSLp1m7Rq983X93y659hzVHXVyFUb790tPLSAcXTV1Y%2B6cij7ywVpg5NeoUXpVA0oo5bH1aetHCeZbIKPXvuK%2FCV7W6UQIUTr3SDbrBdkv3u%2F3d9sdt8Eg8JMcqF4XnJTTM8zI85CZDOegynFNDPlTBUMBukXCNhxFqTDktFAQ2xh4zAqF7t%2BNhY0Y5QVJ8Yk5zLLvw7SdWfWOhV7%2BX2MDco0rfyddUltdfDoTfSusg4S7etUZJnRBS%2FpmU8M5VpPaAGKU5ELNiumY2C5SS%2FWxwP%2B8JLMO%2BtK6%2B7eDuQ8DKH8eDod6GF%2FPA2Q1c%2Bgrr3DtoZwhPBoNXy%2B3b7u%2FOhLZbwDarV3FJvEhhpBt8HGp3511T1vv1qqNJJlT55fzrLPKiz%2FlzRPf1e9chq56yxt1gdfWf3U9y%2F1wYdaxX87ZwnrO7akph%2BVrcMGtDUWSvILs6oq%2F%2F06gIqwIDG0QK7S5WjY5c%2B%2Fu3wG&RelayState=%2Fapplication&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=cNpnu0fKp9VcmTkkCzcgTij7sBWSS7eOxiQXUbNQ9Z9posNOLp5ClNQfnzQVkQdvpOnin0T42na0Jbsrdv8VOevHB99nYOA0lhsZVq4nRpuXJs%2FqGlQGhls6pvHtl%2BvbGpsrQ89duaPBRWYHIOfLX2JojAAAqBnk5VLfAtDiVvxaZRctsFeUR9bk2HVe0ttSS4dOCT3Stp%2FpJz9aF9g9n0bgCZlS83K9vUTGeLjsN3SqDlr1lbAl7hgRU1VWqoclyXWzoU8uzVyncIM95SISMRFBrnumecTlZR3gYRQb%2F701VF1Gtck3cqK6U12Tm5LpplBE8RT5YbCe8fSpcwrG8w%3D%3D&sso_reload=true

Site favicon
Submitted: Jan 18, 2026, 11:44:01 AMCompleted: Jan 18, 2026, 11:45:20 AMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://vodafone-icon-sp.irmsecurity.com/auth/saml/sso

Effective URL: https://login.microsoftonline.com/600fc84d-b45f-4cc5-8ea4-63619872e13f/saml2?SAMLRequest=jZJRb9owFIXf%2BRWV353ExJhgARIrW4fEABW2h71MxrluLSV26ut0679vSLp1m7Rq983X93y659hzVHXVyFUb790tPLSAcXTV1Y%2B6cij7ywVpg5NeoUXpVA0oo5bH1aetHCeZbIKPXvuK%2FCV7W6UQIUTr3SDbrBdkv3u%2F3d9sdt8Eg8JMcqF4XnJTTM8zI85CZDOegynFNDPlTBUMBukXCNhxFqTDktFAQ2xh4zAqF7t%2BNhY0Y5QVJ8Yk5zLLvw7SdWfWOhV7%2BX2MDco0rfyddUltdfDoTfSusg4S7etUZJnRBS%2FpmU8M5VpPaAGKU5ELNiumY2C5SS%2FWxwP%2B8JLMO%2BtK6%2B7eDuQ8DKH8eDod6GF%2FPA2Q1c%2Bgrr3DtoZwhPBoNXy%2B3b7u%2FOhLZbwDarV3FJvEhhpBt8HGp3511T1vv1qqNJJlT55fzrLPKiz%2FlzRPf1e9chq56yxt1gdfWf3U9y%2F1wYdaxX87ZwnrO7akph%2BVrcMGtDUWSvILs6oq%2F%2F06gIqwIDG0QK7S5WjY5c%2B%2Fu3wG&RelayState=%2Fapplication&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=cNpnu0fKp9VcmTkkCzcgTij7sBWSS7eOxiQXUbNQ9Z9posNOLp5ClNQfnzQVkQdvpOnin0T42na0Jbsrdv8VOevHB99nYOA0lhsZVq4nRpuXJs%2FqGlQGhls6pvHtl%2BvbGpsrQ89duaPBRWYHIOfLX2JojAAAqBnk5VLfAtDiVvxaZRctsFeUR9bk2HVe0ttSS4dOCT3Stp%2FpJz9aF9g9n0bgCZlS83K9vUTGeLjsN3SqDlr1lbAl7hgRU1VWqoclyXWzoU8uzVyncIM95SISMRFBrnumecTlZR3gYRQb%2F701VF1Gtck3cqK6U12Tm5LpplBE8RT5YbCe8fSpcwrG8w%3D%3D&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

High‑risk phishing page impersonating Vodafone; do not provide login details.

Risk Factors
Brand impersonation (Vodafone) on an unrelated domain
Credential harvesting form (email + password)
Unranked domain presenting a major brand
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

You're looking at domain 'vodafone-icon-sp.irmsecurity.com' on the commercial generic top-level domain (.com); it also runs on subdomain 'vodafone-icon-sp'. The second-level label 'irmsecurity' is 11 characters long split between 4 vowels and seven consonants. Segmentation suggests three words: i, rm, security. Expect two characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://vodafone-icon-sp.irmsecurity.com/auth/saml/sso

Page Load Overview

0.83s
Total Load Time
28
HTTP Requests
7
Domains
474 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:646 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
420.190.159.2Ireland
AS8075
451.11.192.49Germany
AS20940
440.126.32.76United States
AS19551
445.60.74.50United States
AS19551INCAPSULA
42.21.239.142UnknownUnknown
413.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
420.190.160.5Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
287--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T197734BDA7FA61937868A45B9B47A3D02AE365903894CCDA4F19CCD802FFB70D8133657

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lE8GLGGXaTpsKozTEyqU6MVnvnaloMPbJE4o4iGKC:y8y+CKXyS2DC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:77762:ADGAORosYsIA1koVaAAAWJhgADMQAExgSBzDgTIRJDBQbIKStlAAGFIaDAW8KOACk0CAA2pQASDiACcUUVSEEayVK9oCgLg4

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00191918181c1e04
Perceptual Hash:9c89377163b6423d
Difference Hash:03b3333333b0306c
Wavelet Hash:831b1fbf181c9e16
Color Hash:#7f2dd2

Other Hashes

Crop Resistant:e270b2938ea6a6ba,cb80c23232c280c2,03b3333333b0306c

Scan History

Scan history not available

Unable to load historical scan data