Security Scan Report: refah.online

Submitted: Jul 4, 2026, 5:46:13 AMCompleted: Jul 4, 2026, 5:47:45 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 2 HTTP transactions. The main domain is refah.online and was registered NaN years ago.

Submitted URL: https://refah.online/

AI Security Verdict

Low Risk

Confidence: 70%

3
Risk Score

The site is brand‑self‑identified, has no credential or payment forms, and shows no malicious indicators; moderate risk stems mainly from its extremely new registration and high JS obfuscation.

Risk Factors
Newly registered domain (2‑day age)
High JavaScript obfuscation score
Safety Factors
No forms collecting credentials or payment data
No external links or cross‑origin requests
No Indicators of Compromise or YARA malware detections
No IDS/Suricata alerts
Verdict cited a credential/login form, but DOM analysis found no password field (real or disguised) or payment field, and no other hard signal — credential-phishing framing unsupported; risk adjusted from 5 to 3
Domain age information unavailable

Details

Page Title

refah.online

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(83%)

Domain Information

You're looking at domain 'refah.online' on the modern generic top-level domain (.online) while skipping any subdomain. Its registrable label 'refah' stretches across 5 characters containing 2 vowels alongside 3 consonants. It segments into two words: re, fah. Median word length is 2.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://refah.online/

Page Load Overview

8.11s
Total Load Time
1
HTTP Requests
1
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:732 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software83% confidence
Type: static
Method: ml+structural

All Detected Categories

technology software
83%
documentation technical
62%
adult content
54%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
191.99.56.2Nuremberg, Bavaria, Germany
AS24940Hetzner Online GmbH
0142.251.14.94Google · CDNUnited States
AS15169Google LLC
0142.251.154.119Google · CDNUnited States
AS15169Google LLC
13--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T18A048F77329A063D86558498E45B83099F20B143F506C8BC79BCBAD9BFDED06107BB78

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:W/Qho9PKBb9Js3q9Jzbs6tlg1ySBKwdQ9gcoIsPx2bMy8OldW:XhoC9JSqzzbs6okSjggcpsp2eAg

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:187867:FAJAINhCYFEQMCIgBMCOIMMIRV0hEDSAxBEpNCiNGArALsVO42kCBU0yLGZHCk4ywBGolUKhAmhIAGQgJSCiEGBEdAAABwWC

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffc7c7c3d3ffffff
Perceptual Hash:b1339acccc939365
Difference Hash:0018181616000000
Wavelet Hash:fcdcc4c4c0f0f0f0
Color Hash:#53ac6b

Other Hashes

Crop Resistant:0018181616000000

Scan History

Scan history not available

Unable to load historical scan data