ScanMalware.com

Security Scan Report: onion-preprod.skyscannertools.net

Redirected to: https://login.microsoftonline.com/1fcfe53a-4bb8-4755-a41b-49887553eab0/oauth2/authorize?response_type=code&client_id=c756f042-d686-4e2f-98ab-15f6f154bb18&scope=openid&nonce=94a42434-f754-4a02-8dd6-6eb7b5a3cae8&redirect_uri=https%3a%2f%2fonion-preprod.skyscannertools.net%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fonion-preprod.skyscannertools.net%5c%2f%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22c7cdcd3c-2a20-4235-b34c-812f22bc13de%22%7d%23EndOfStateParam%23&client-request-id=c7cdcd3c-2a20-4235-b34c-812f22bc13de&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true

Submitted: Mar 15, 2026, 3:11:59 PMCompleted: Mar 15, 2026, 3:13:18 PMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://onion-preprod.skyscannertools.net

Effective URL: https://login.microsoftonline.com/1fcfe53a-4bb8-4755-a41b-49887553eab0/oauth2/authorize?response_type=code&client_id=c756f042-d686-4e2f-98ab-15f6f154bb18&scope=openid&nonce=94a42434-f754-4a02-8dd6-6eb7b5a3cae8&redirect_uri=https%3a%2f%2fonion-preprod.skyscannertools.net%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fonion-preprod.skyscannertools.net%5c%2f%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22c7cdcd3c-2a20-4235-b34c-812f22bc13de%22%7d%23EndOfStateParam%23&client-request-id=c7cdcd3c-2a20-4235-b34c-812f22bc13de&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

Impersonates Skyscanner login and harvests credentials – treat as phishing and do not submit any data.

Risk Factors
Brand impersonation on a non‑official, unranked domain
Credential‑harvesting login form (email + password)
Cross‑origin credential submission to Microsoft login endpoint
Suspicious support email address (EE‑SD‑Skybot@skyscannernet)
High JavaScript obfuscation score combined with credential collection
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

social media network

(51%)

Domain Information

The domain name 'onion-preprod.skyscannertools.net' uses the network infrastructure generic top-level domain (.net) and includes subdomain 'onion-preprod'. Count 15 characters in 'skyscannertools' split between four vowels and 11 consonants. Tokenizing the label suggests 3 words: sky, scanner, tools. Median word length is five characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://onion-preprod.skyscannertools.net

Page Load Overview

1.18s
Total Load Time
30
HTTP Requests
7
Domains
904 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:376 chars
Detector Agreement:67%

Website Classification

Primary Category

social media network51% confidence
Type: webapp
Method: ml+structural

All Detected Categories

social media network
51%
technology software
33%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
620.190.160.66United States
AS8075
420.190.159.64Ireland
AS20940
413.107.246.44GermanyUnknown
440.126.31.67NetherlandsUnknown
451.11.192.48UnknownUnknown
423.207.210.132UnknownUnknown
498.67.183.229Frankfurt am Main, Hesse, Germany
AS8075Microsoft Corporation
307--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T113836D9A7FB32937838A40B5F4B97E029A365D03C948CDA4F19CCC842FFA64D4527A57

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lDuWTm8GLG213tTHjZ+jgSYUvhWCAoIyEk77gx2xpTvPoMmCfiEMOTiVAC:W8YZgDzAJ32RAKC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:84169:cVBkCCYhaYBF8BqCiFAQkAGADwjUA1sOI18boABsAYIYACAwSIDkJSBzApMAoIAJghf/CQ8VAIBhyIAAQNAAg6IlBIGDIKBn

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:c3ffdf1818181800
Perceptual Hash:9ca0636f723cc8d3
Difference Hash:0f32b2323233320c
Wavelet Hash:ffffdf9818181800
Color Hash:#79d279

Other Hashes

Crop Resistant:bafabcb3b2bea2b2,f2b2c03034f080f8,0f32b2323233320c

Scan History

Scan history not available

Unable to load historical scan data