ScanMalware.com

Security Scan Report: gh.lordfilm17.ru

Redirected to: https://md.lordfilm131.ru/

Site favicon
Submitted: Dec 26, 2025, 4:14:02 AMCompleted: Dec 26, 2025, 4:14:29 AMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 3 countries across 12 domains to perform 75 HTTP transactions. The main domain is md.lordfilm131.ru.

Submitted URL: https://gh.lordfilm17.ru

Effective URL: https://md.lordfilm131.ru/Redirected

The Cisco Umbrella rank of the primary domain is #516,942 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 95%

9
Risk Score

Confirmed phishing site harvesting credentials on a brand‑new low‑rank domain.

Risk Factors
Hidden password field (credential harvesting technique)
Login form on a newly registered (<7 days) domain
Low Cisco Umbrella ranking for a site claiming to provide free movies
Multiple redirects increasing suspicion
Domain age information unavailable

Details

Page Title

Лордфильм - Смотреть фильмы онлайн в хорошем качестве бесплатно

Scan Type

public

Language

🇷🇺

Russian

(80% confidence)

Category

entertainment media

(38%)

Domain Information

The domain name 'gh.lordfilm17.ru' uses the Russian country-code top-level domain (.ru) and includes subdomain 'gh'. Its registrable label 'lordfilm17' stretches across 10 characters with 2 vowels and six consonants, notching two digits. Tokenizing the label suggests three words: lord, film, 17. Median word length is 4 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://gh.lordfilm17.ru

Page Load Overview

1.25s
Total Load Time
78
HTTP Requests
12
Domains
1.2 MB
Total Size

Language Analysis

Primary Language

🇷🇺Russian
Code: ru
Confidence:80%
Script:Cyrillic
Direction:ltr

Detection Details

Language Code:ru
Detection Confidence:80%
Script Type:Cyrillic
HTML Lang Attribute:ru
Text Length:3,512 chars
Detector Agreement:100%

Website Classification

Primary Category

entertainment media38% confidence
Type: webapp
Method: ml+structural

All Detected Categories

entertainment media
38%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
14185.199.108.153United States
AS54113FASTLY
887.250.251.119Russia
AS13238YANDEX LLC
8185.199.111.153United States
AS54113FASTLY
888.212.201.198France
AS16276
8176.9.123.212Unknown
AS13238
8172.217.18.3United States
AS15169GOOGLE
889.42.231.251Unknown
AS42745
8142.250.184.202United States
AS15169GOOGLE
8193.233.15.8Russia
AS42745Safe Value Limited
789--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A1332132018D0DAF019F63C69564675D39EB8E7DEE5B86A2B3FF066E13D3C50E90A106

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:SPa7HeIQ/w6VYmYiY/YOYP5u0WJDPc/OM0BMCXlNQ/eep:RSX/OMMMuVs

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:50379:QYCHOSpIbQJERCAzoaQH/0AKxCFcqDgIoxhd4QghyRgAh1BKABCLEMYKAhBQ0AQBkAhQKGgmsgOEDUHAEMAGiApCIgJLC/2B

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00087c3c083c3c18
Perceptual Hash:924b3c397996c6b1
Difference Hash:7159e8f0d9e4f4f4
Wavelet Hash:08087e7e7c7c3e1c
Color Hash:#6f783a

Other Hashes

Crop Resistant:38c6283831cb7371,7159e8f0d8e4f4f4

Scan History

Scan history not available

Unable to load historical scan data