ScanMalware.com

Security Scan Report: update.www.update.cfztarcnr.100.22.198.15.nip.io

Redirected to: https://update.www.update.cfztarcnr.100.22.198.15.nip.io/

Submitted: Mar 16, 2026, 12:30:26 PMCompleted: Mar 16, 2026, 12:32:14 PMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 1 country across 5 domains to perform 1 HTTP transaction. The main domain is update.www.update.cfztarcnr.100.22.198.15.nip.io and was registered NaN years ago.

Submitted URL: http://update.www.update.cfztarcnr.100.22.198.15.nip.io/

Effective URL: https://update.www.update.cfztarcnr.100.22.198.15.nip.io/Redirected

The Cisco Umbrella rank of the primary domain is #376,334 of the top 1 million websites

AI Security Verdict

Low Risk

Confidence: 92%

3
Risk Score

Low‑risk proxy site; no malicious indicators detected, though JavaScript is heavily obfuscated.

Risk Factors
Highly obfuscated JavaScript (score 100/100) – could conceal malicious behavior despite no current detection
Safety Factors
Well‑established domain (registered 2012)
HTTPS connection
No forms collecting passwords, emails, or payment data
No malicious Indicators of Compromise
No JavaScript YARA malware matches
Standard external resources (cdn.jsdelivr.net, Google Analytics, Google Fonts)
Domain age information unavailable

Details

Page Title

${cloakTitle}

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

phishing/scam

(40%)

Domain Information

Within the British Indian Ocean Territory country-code top-level domain (.io), 'update.www.update.cfztarcnr.100.22.198.15.nip.io' is registered, featuring subdomain 'update.www.update.cfztarcnr.100.22.198.15'. Its registrable label 'nip' stretches across 3 characters containing one vowel alongside two consonants. Segmentation suggests one word: nip. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://update.www.update.cfztarcnr.100.22.198.15.nip.io/

Page Load Overview

2.63s
Total Load Time
30
HTTP Requests
6
Domains
1.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:39 chars
Detector Agreement:100%

Website Classification

Primary Category

phishing/scam40% confidence
Type: dynamic
Method: structural

All Detected Categories

phishing/scam
40%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
6100.22.198.15Boardman, Oregon, United States
AS16509Amazon.com, Inc.
6142.250.186.72United States
AS15169Google LLC
6172.240.127.234United States
AS7979Servers.com, Inc.
6142.251.141.106United States
AS13335
6104.16.174.226United StatesUnknown
305--

Detected Technologies3

Google-AnalyticsvUniversal
100%
Google Analytics
35%
jsDelivr
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T19022D765574D0E1A520A8088B5A1B68C622FC533FBD58CF9BCE79994D7DC388836EDB0

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:0o3NZfLVWCymks/IsPfPXZXviy4S5xvbjqD:V9ZfLVWCLIKKQ/DjqD

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:10839:TAkA8KEDaCVJuIBMExQidSY8QUGAAgCCHQIgICSHkuEQLgAJEAVDMcYESSAAgKAAgsC6pSUYG4kKAKBDNdACkjFJ2QYIRPhI

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:181818181800183c
Perceptual Hash:cc39cc33cc333333
Difference Hash:10323032300c3032
Wavelet Hash:3c3c3c3c3c3c3c3c
Color Hash:#79c8d2

Other Hashes

Crop Resistant:10323032300c3032

Scan History

Scan history not available

Unable to load historical scan data