ScanMalware.com

Security Scan Report: global-exchange.ghost.io

Redirected to: https://trozr-8dfs.kjgt65yh.workers.dev/

Submitted: Mar 15, 2026, 5:56:32 PMCompleted: Mar 15, 2026, 5:57:57 PMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 1 HTTP transaction. The main domain is trozr-8dfs.kjgt65yh.workers.dev and was registered NaN years ago.

Submitted URL: https://global-exchange.ghost.io/bridge

Effective URL: https://trozr-8dfs.kjgt65yh.workers.dev/Redirected

The Cisco Umbrella rank of the primary domain is #42,708 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 88%

8
Risk Score

Impersonates Trezor Suite on a workers.dev subdomain; likely phishing – avoid and report.

Risk Factors
Brand impersonation of Trezor on a non‑official domain
Use of a free hosting subdomain (workers.dev) to host brand‑mimicking page
Domain mismatch between displayed brand and final URL
Domain age information unavailable

Details

Page Title

Trezor Suite

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(45%)

Domain Information

The domain 'global-exchange.ghost.io' uses the British Indian Ocean Territory country-code top-level domain (.io); it also runs on subdomain 'global-exchange'. The second-level label 'ghost' is 5 characters long containing 1 vowel alongside 4 consonants. Tokenizing the label suggests 1 word: ghost. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://global-exchange.ghost.io/bridge

Page Load Overview

0.78s
Total Load Time
25
HTTP Requests
5
Domains
598 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:214 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking45% confidence
Type: static
Method: ml+structural

All Detected Categories

finance banking
45%
documentation technical
44%
technology software
33%
cryptocurrency blockchain
29%
adult content
25%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
5104.26.7.128United States
AS15169
5146.75.123.7Frankfurt am Main, Hesse, Germany
AS54113Fastly, Inc.
5104.16.175.226United States
AS13335Cloudflare, Inc.
5142.251.208.170United States
AS15169Google LLC
5188.114.96.3United States
AS13335Cloudflare, Inc.
255--

Detected Technologies1

jQuery
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T186B1126131F8797B106104AC96E66E063F86D133C349164470BC35F9AFC5EC2CEABAAD

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

48:TFOxqmNSNHtOPJICIIv6I6AN96Y6Y6ZCRrrnff/Snj:TFgw4P/C7AyrrerLf3Snj

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:5549:ASwIEYbhFBB6BADFAECkE4GAMmAEAgAiEPBGSAYSAASwABMAIiESISsBHASIgACoAAJnBAQGiQJcACAIgaAhpQgBCiGASC8C

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:131f1f1f1f1f1f1f
Perceptual Hash:8ea4e06e0f66e06f
Difference Hash:2434a06060a02020
Wavelet Hash:051f0f0f10101010
Color Hash:#ac7a53

Other Hashes

Crop Resistant:2434a06060a02020

Scan History

Scan history not available

Unable to load historical scan data