ScanMalware.com

Security Scan Report: pre-2177-ebanking.dcr.sehlat.io

Redirected to: https://login.microsoftonline.com/e20f6db1-0c59-4d26-b56c-b36bc14b34a2/oauth2/v2.0/authorize?client_id=dfe95be3-2a70-4878-9b46-1cfea628f8bd&redirect_uri=https%3A%2F%2Fid.sehlat.io%2Flogin%2Fcallback&response_type=code&scope=openid+profile+email+https%3A%2F%2Fgraph.microsoft.com%2F.default&state=f9rci7gn84SOZquBEYJtEvOifMR2O2KadxvUH08DwhAB0AKl1_Ss0ozCzFoasBUZsE2iuNIqalhhePaHEkOdjwzY7fOSEJ4s-iydkRiC7s6iSYajdvzIq5lzfheXjDW0DHjHXzn276-wcIZNxmjc1V8Lriugpt341ppK7Dv87TC1IWRLuuA3J5ZZfT1cnmnUtdUPgPetsfe-hb7897fsGiXDGf0fmOojudHRLVmcRv7TEpbIc8K-yDU6AY8aWrSwTSqjkcgCpoFTdZmgji7xpS5ElYQn6Yzilu4SkVPsfnCwIMzn0MyVfcJ6KyEaqkZKBuvS9SSFIQgCLJTlHzgUGrEv_N5i4wqCQt20y0yCuLrRubC7AE7mrggo9NIYRadfzSTcW42_cRliGZITZoIeK2_yMJkjjpZlFu8Zje0h5FGuYZgtEsRHufiqDZSt09IRy1xzWZhv1m9tke4lz6Db6BFXN1AOiwDg8yaL3JoBseZpjSAFT8qFEprr4BGoaMhMhVLRPPNq_NrcoV-b8lu4NUbSY94YdImAMvVujkyL8yBMYU8hxZfLS_qAJusE8H4-L8hTX_DrlNnpsBzvA-FVIVJAv-lt6GhPAttXmueI5VefqPasQc38RvQNY0QGXPzSEOM63emOOzVkeXcyQOMvXChkLwvW1IbtOoOpKf20HKRmyqvPLB9xT5Hnq5YwMmVtlbbkaHac0dUqMRRD1vVD4tnDCMdkzpkuXyLrFHwffFtDMNbFJaTUv3esgu4Tp5mRi4NC8dKZj8XWXEeegdm6bWP31Rkn0knXbwTV3MQsUsTdcz4Oc9hyMB9NAVk-tPmHv3vnUpPvrRSY_IvNN6oh78mzP60bHr_8h02_M59jDe9dY2Kvx5h302HbK5aCBqw2pfrHQFywi6BiB0nN9812F7M2Vg1qXEN80QtqYZ5IpMA86Gu4B8kNdzNnNA3R8Gs5oQPKeN9c_xYcBFAcYoXRoG7cU3bFANC8Gx7LHy4OC314foWj8Ytihh3IaTgqaJopC9dLE0x2caJayyBP99FWOtLuKkKSHE-avr38MJ49xZRTR5ICYbOEhS3uaGrjpqJCEw2t_wLvrA6DpW7V5WlRE-PGOtPRDWdKWId4Csmek3AGQiMnIh5VmmomJISi9_ipZuCkGme5ljHExu2IleyHixs2IroU7V9EcoSGs5oatFDOYiHQKTlO9jDFkUMznWZcgQi5IjVZ0HWD3HFgbOZxry3YmMxCiTlZSIpXFwjfXppMN_KLlDiIL1yQz748S-E4H5nvOyIbblGXW1srV9bADvIkcVClfuveCEDMp5U0Uzz2PMxlyMjvfqKWAMzxxp1fPAhGNw2mD-RwVrQlP1k50n0GA8ct5v2orQHD7HdWjIQlbJLn_A8BbwYP_E8%3D&sso_reload=true

Site favicon
Submitted: Feb 28, 2026, 1:18:53 PMCompleted: Feb 28, 2026, 1:20:09 PMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: http://pre-2177-ebanking.dcr.sehlat.io/

Effective URL: https://login.microsoftonline.com/e20f6db1-0c59-4d26-b56c-b36bc14b34a2/oauth2/v2.0/authorize?client_id=dfe95be3-2a70-4878-9b46-1cfea628f8bd&redirect_uri=https%3A%2F%2Fid.sehlat.io%2Flogin%2Fcallback&response_type=code&scope=openid+profile+email+https%3A%2F%2Fgraph.microsoft.com%2F.default&state=f9rci7gn84SOZquBEYJtEvOifMR2O2KadxvUH08DwhAB0AKl1_Ss0ozCzFoasBUZsE2iuNIqalhhePaHEkOdjwzY7fOSEJ4s-iydkRiC7s6iSYajdvzIq5lzfheXjDW0DHjHXzn276-wcIZNxmjc1V8Lriugpt341ppK7Dv87TC1IWRLuuA3J5ZZfT1cnmnUtdUPgPetsfe-hb7897fsGiXDGf0fmOojudHRLVmcRv7TEpbIc8K-yDU6AY8aWrSwTSqjkcgCpoFTdZmgji7xpS5ElYQn6Yzilu4SkVPsfnCwIMzn0MyVfcJ6KyEaqkZKBuvS9SSFIQgCLJTlHzgUGrEv_N5i4wqCQt20y0yCuLrRubC7AE7mrggo9NIYRadfzSTcW42_cRliGZITZoIeK2_yMJkjjpZlFu8Zje0h5FGuYZgtEsRHufiqDZSt09IRy1xzWZhv1m9tke4lz6Db6BFXN1AOiwDg8yaL3JoBseZpjSAFT8qFEprr4BGoaMhMhVLRPPNq_NrcoV-b8lu4NUbSY94YdImAMvVujkyL8yBMYU8hxZfLS_qAJusE8H4-L8hTX_DrlNnpsBzvA-FVIVJAv-lt6GhPAttXmueI5VefqPasQc38RvQNY0QGXPzSEOM63emOOzVkeXcyQOMvXChkLwvW1IbtOoOpKf20HKRmyqvPLB9xT5Hnq5YwMmVtlbbkaHac0dUqMRRD1vVD4tnDCMdkzpkuXyLrFHwffFtDMNbFJaTUv3esgu4Tp5mRi4NC8dKZj8XWXEeegdm6bWP31Rkn0knXbwTV3MQsUsTdcz4Oc9hyMB9NAVk-tPmHv3vnUpPvrRSY_IvNN6oh78mzP60bHr_8h02_M59jDe9dY2Kvx5h302HbK5aCBqw2pfrHQFywi6BiB0nN9812F7M2Vg1qXEN80QtqYZ5IpMA86Gu4B8kNdzNnNA3R8Gs5oQPKeN9c_xYcBFAcYoXRoG7cU3bFANC8Gx7LHy4OC314foWj8Ytihh3IaTgqaJopC9dLE0x2caJayyBP99FWOtLuKkKSHE-avr38MJ49xZRTR5ICYbOEhS3uaGrjpqJCEw2t_wLvrA6DpW7V5WlRE-PGOtPRDWdKWId4Csmek3AGQiMnIh5VmmomJISi9_ipZuCkGme5ljHExu2IleyHixs2IroU7V9EcoSGs5oatFDOYiHQKTlO9jDFkUMznWZcgQi5IjVZ0HWD3HFgbOZxry3YmMxCiTlZSIpXFwjfXppMN_KLlDiIL1yQz748S-E4H5nvOyIbblGXW1srV9bADvIkcVClfuveCEDMp5U0Uzz2PMxlyMjvfqKWAMzxxp1fPAhGNw2mD-RwVrQlP1k50n0GA8ct5v2orQHD7HdWjIQlbJLn_A8BbwYP_E8%3D&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page that harvests Microsoft credentials; do not enter any data and report as scam.

Risk Factors
Credential harvesting form on a non‑official domain
Brand impersonation of Microsoft on an unranked domain
Multiple redirects (5) indicating possible URL manipulation
Cross‑origin credential submission to a different domain
Highly obfuscated JavaScript
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain name 'pre-2177-ebanking.dcr.sehlat.io' uses the British Indian Ocean Territory country-code top-level domain (.io), featuring subdomain 'pre-2177-ebanking.dcr'. The second-level label 'sehlat' is 6 characters long with two vowels and four consonants. Splitting it apart reveals three words: se, hl, at. Median word length comes out to two characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://pre-2177-ebanking.dcr.sehlat.io/

Page Load Overview

2.01s
Total Load Time
21
HTTP Requests
7
Domains
1016 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
62.16.241.207Sweden
AS8075
340.68.146.194Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
340.126.32.134United StatesUnknown
320.101.155.1Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
320.190.159.4UnknownUnknown
313.107.246.44UnknownUnknown
216--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1D9A37DE97FE31937828951B5B0BA3E02AF3A5843494CCDA4F15CC9C42FEA71D8527A17

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lHa6ah8GLGGmv4a0KaaOImEf4UgaHoIyEk77gx2xpTvPoMmCftEqtzisNC:BNa8hv4aaFlEgjaHJ32RAwNC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:98477:ANsACSAlJOrPQECEMCgASGKMAoDiUABwPxATiCRMnQoSbipEXIgAM4s6oOhRwLghEEaICgiIdAG3IRoCWAjFi4GBCGsQA5BE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:fffffe1818180000
Perceptual Hash:9dc8233ecdd1998c
Difference Hash:204db23232325cfe
Wavelet Hash:ffffff9a18180000
Color Hash:#87c5c5

Other Hashes

Crop Resistant:82a0eabab2b283b2,bea0c03034e080b6,204db23232325cfe

Scan History

Scan history not available

Unable to load historical scan data