ScanMalware.com

Security Scan Report: bellsouth-att-signing-050ee6.webflow.io

Submitted: Jan 20, 2026, 11:37:16 AMCompleted: Jan 20, 2026, 11:38:23 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 3 domains to perform 9 HTTP transactions. The main domain is bellsouth-att-signing-050ee6.webflow.io and was registered NaN years ago.

Submitted URL: https://bellsouth-att-signing-050ee6.webflow.io/

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

High‑risk phishing site impersonating BellSouth/AT&T with credential‑stealing login form.

Risk Factors
Credential harvesting form (email + password)
Brand impersonation of BellSouth/AT&T on a non‑official domain
Unranked domain (low reputation) mimicking a major brand
Domain age information unavailable

Details

Page Title

Bellsouth Att Signing

Scan Type

public

Language

🇺🇸

English

(69% confidence)

Category

unknown

(0%)

Domain Information

Domain 'bellsouth-att-signing-050ee6.webflow.io' uses the British Indian Ocean Territory country-code top-level domain (.io); it also runs on subdomain 'bellsouth-att-signing-050ee6'. The second-level label 'webflow' is 7 characters long containing two vowels alongside five consonants. Tokenizing the label suggests 2 words: web, flow. Median word length comes out to 3.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://bellsouth-att-signing-050ee6.webflow.io/

Page Load Overview

0.31s
Total Load Time
17
HTTP Requests
4
Domains
12 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:69%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:69%
Script Type:Latin
Text Length:610 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: static
Method: structural

All Detected Categories

No categories detected

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7172.64.151.8United States
AS13335CLOUDFLARENET
5104.18.161.117United States
AS13335CLOUDFLARENET
513.226.247.129United States
AS16509AMAZON-02
173--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T17171B6636439402B530B1AF0F7A0B1CEB083D75CCD524980E4FD9ABC539DCAE6B2998C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:NNy+HPTCLTw/rvdgT/hFoK4A+DoQRIeO9et:DlPG3wTWFH+DoQRIeOK

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:3529:IEAAIIQmMAoAgAFAAgQkRBGBhgMgIADABIAAoBAIgBBAAAAAEYwAAAJEwACBAAAAFEopiEAgBECAAAEITWAUCJADgCQIAYgy

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:7f7f7f000000ffff
Perceptual Hash:a080cd7f77d988a6
Difference Hash:8084a08e0e080000
Wavelet Hash:7f7f03000000ffff
Color Hash:#d22d7a

Other Hashes

Crop Resistant:8084a08e0e080000

Scan History

Scan history not available

Unable to load historical scan data