ScanMalware.com

Security Scan Report: rovisys.roving-office.com

Redirected to: https://login.microsoftonline.com/3138fb82-922f-4a0f-b26c-e3b8e1f767c9/oauth2/v2.0/authorize?client_id=363aa471-f7b1-400c-bd26-82d11c402153&redirect_uri=https%3A%2F%2Frovisys.roving-office.com%2FLogin%2FLoginCallback&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile%20offline_access%20email%20User.ReadBasic.All&state=OpenIdConnect.AuthenticationProperties%3D9DWZQC60VbojJicJm0lCFEn3aE2DagWaCLP-OoO76KrN8WEE1I-TY9pWIyzc4Rg5bF6fQDN_eezrieJOPV6Ea5NmBMTldN8zCLBTMxRGfIjF-0ewYoLzaKO-2Gzko0KfL3eTuS79DHumocvPZRv-KAbgfRh1qpIEaAocZcGwbw_LGatgEPdHXY_K6Fec1MSal4p6jF3Z9TH2AfvRkxZ_R4YmZs-TIcbCm-r14CQnoCpIg_6r&nonce=639082265187915783.NmI5ZWE1ZDEtOWIwYi00MDljLWE4OTUtMWI4M2QxNzliYTQxYTc2ZWY1ZGYtNDMwOS00Y2FmLTgwODgtYmVhOGUxNTE2ZWM3&x-client-SKU=ID_NET451&x-client-ver=5.2.1.0&sso_reload=true

Site favicon
Submitted: Mar 4, 2026, 1:08:35 PMCompleted: Mar 4, 2026, 1:09:53 PMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://rovisys.roving-office.com

Effective URL: https://login.microsoftonline.com/3138fb82-922f-4a0f-b26c-e3b8e1f767c9/oauth2/v2.0/authorize?client_id=363aa471-f7b1-400c-bd26-82d11c402153&redirect_uri=https%3A%2F%2Frovisys.roving-office.com%2FLogin%2FLoginCallback&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile%20offline_access%20email%20User.ReadBasic.All&state=OpenIdConnect.AuthenticationProperties%3D9DWZQC60VbojJicJm0lCFEn3aE2DagWaCLP-OoO76KrN8WEE1I-TY9pWIyzc4Rg5bF6fQDN_eezrieJOPV6Ea5NmBMTldN8zCLBTMxRGfIjF-0ewYoLzaKO-2Gzko0KfL3eTuS79DHumocvPZRv-KAbgfRh1qpIEaAocZcGwbw_LGatgEPdHXY_K6Fec1MSal4p6jF3Z9TH2AfvRkxZ_R4YmZs-TIcbCm-r14CQnoCpIg_6r&nonce=639082265187915783.NmI5ZWE1ZDEtOWIwYi00MDljLWE4OTUtMWI4M2QxNzliYTQxYTc2ZWY1ZGYtNDMwOS00Y2FmLTgwODgtYmVhOGUxNTE2ZWM3&x-client-SKU=ID_NET451&x-client-ver=5.2.1.0&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #689,362 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page harvesting Microsoft credentials; do not enter any data.

Risk Factors
Cross‑origin credential form (email + password) to a Microsoft login endpoint
Brand impersonation of Microsoft on an unrelated domain
Low Cisco Umbrella ranking (outside top 10 K) for a domain claiming a major brand
Suspicious subdomain (rovisys.roving-office.com) used for credential harvesting
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(63%)

Domain Information

The domain 'rovisys.roving-office.com' uses the commercial generic top-level domain (.com), featuring subdomain 'rovisys'. Its registrable label 'roving-office' stretches across 13 characters containing five vowels alongside 7 consonants; it also includes one hyphen. Word splitting yields 2 words: roving, office. Expect six characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://rovisys.roving-office.com

Page Load Overview

1.68s
Total Load Time
32
HTTP Requests
6
Domains
1.0 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:51 chars
Detector Agreement:67%

Website Classification

Primary Category

finance banking63% confidence
Type: webapp
Method: ml+structural

All Detected Categories

finance banking
63%
news media journalism
62%
healthcare medical
45%
government public service
41%
cryptocurrency blockchain
36%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
820.190.160.66United States
AS8075
420.190.159.73Sweden
AS20940
42.16.110.160FranceUnknown
413.89.178.26UnknownUnknown
413.107.246.44UnknownUnknown
440.85.190.10Washington, Virginia, United States
AS8075Microsoft Corporation
440.126.32.72UnknownUnknown
327--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T17A934CED7E622F37824A55B9A4753D025E7A6A93CD48DCB0B35C89842FFA34D4033A07

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:jg8GLGGiXwI+xsGcW06YuoIyEk77gx2xpTvPoMmC9tkkkMESh9iEP5C:E8YITzuJ32RAMkkkoC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:91674:zgc1EmkUgQiaIkAALQEkLFwhDBtQQAQQAMCyAwkFpJOpAIQqHYKhwGqIgsrA4AHAABIC4CsEGIgLShXSKApTJgWBIBrKbXww

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0713181818183010
Perceptual Hash:8cb9362698f1d9e8
Difference Hash:3f67b2b2b2f2e5e1
Wavelet Hash:07177f3f3818383c
Color Hash:#e0a06c

Other Hashes

Crop Resistant:bc6cf09ca0838496,3f67b2b2b2f2e5e1

Scan History

Scan history not available

Unable to load historical scan data