ScanMalware.com

Security Scan Report: zxf.zmk.mybluehost.me

Redirected to: https://zxf.zmk.mybluehost.me/wp-content/tabsan/NRD/0037640/Sign_in.php

Submitted: Dec 7, 2025, 3:18:31 AMCompleted: Dec 7, 2025, 3:20:01 AMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 42 HTTP transactions. The main domain is zxf.zmk.mybluehost.me.

Submitted URL: https://zxf.zmk.mybluehost.me/wp-content/tabsan/NRD/

Effective URL: https://zxf.zmk.mybluehost.me/wp-content/tabsan/NRD/0037640/Sign_in.phpRedirected

The Cisco Umbrella rank of the primary domain is #99,570 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

Phishing page impersonating Nordea that harvests credentials – confirmed scam.

Risk Factors
Credential harvesting via password field
Brand impersonation of Nordea
Use of WordPress directories for phishing page
Unrelated, likely newly registered domain
Multiple redirects to suspicious page
Domain age information unavailable

Details

Page Title

Nordea - Identification

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(82%)

Domain Information

You're looking at domain 'zxf.zmk.mybluehost.me' on the Montenegrin country-code top-level domain (.me) and includes subdomain 'zxf.zmk'. The second-level label 'mybluehost' is 10 characters long with 3 vowels and 7 consonants. Segmentation suggests 3 words: my, blue, host. Median word length is four characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://zxf.zmk.mybluehost.me/wp-content/tabsan/NRD/

Page Load Overview

3.36s
Total Load Time
42
HTTP Requests
1
Domains
86 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:5,820 chars
Detector Agreement:75%

Website Classification

Primary Category

technology software82% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
82%
documentation technical
75%
healthcare medical
75%
government public service
75%
blog personal website
74%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
4250.6.53.109Bungarribee, New South Wales, Australia
AS31898ORACLE-BMC-31898
421--

Detected Technologies3

X-UA-Compatible
100%
PasswordField
100%
Bluehost
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1E7C3295081E70633160A47DCA7DB2BAABE8DD267D8074194767C0BEC9F87CB1AD4F264

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:e9qGguIm9FeIpbqoVRRIG5DLck9WH1nPfXsJpvCwlpYXs69WVGzDLcS9WH1nPfX2:e9rfe8bqKVw9cboc6wsw9cbocb7UydJ

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:118819:pA3AEiNQ2hAIakxrBBAYBLiYAEJWRCMuPg0PSJJNIBjogBiQgYIFymggxGGiiEEzDIWwXggmcEgboCRCoHQkENGwyyg4IAgw

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0018ffffffffffff
Perceptual Hash:99181c5c7163e6e7
Difference Hash:30b20c32322a2808
Wavelet Hash:00000018dfdfd7cf
Color Hash:#d2b079

Other Hashes

Crop Resistant:b24c323232280408,aab6b28cb2b2b2b2

Scan History

Scan history not available

Unable to load historical scan data