ScanMalware.com

Security Scan Report: theater.xyz

Submitted: Dec 31, 2025, 5:31:21 PMCompleted: Dec 31, 2025, 5:33:19 PMpubliccompleted
Loading additional data...

Summary

This website contacted 62 IPs in 5 countries across 50 domains to perform 351 HTTP transactions. The main domain is theater.xyz and was registered NaN years ago.

Submitted URL: https://theater.xyz/?srsltid=AfmBOoq49fxF-1ejHcMeiJongfWxsbTHx0gTbRVacmOodaK5Q92Rb-oJ

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

Site likely harvests credentials; treat as high‑risk phishing

Risk Factors
Credential harvesting form with hidden password field
Login form collecting email/username and password on non‑brand domain
Excessive redirects (8) indicating possible URL manipulation
Unranked domain with no established reputation
Domain age information unavailable

Details

Page Title

Theater - High Fashion – Theater.xyz

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

entertainment media

(74%)

Domain Information

The domain 'theater.xyz' uses the open generic top-level domain (.xyz) with no subdomain. The core label 'theater' covers 7 characters containing 3 vowels alongside 4 consonants. Splitting it apart reveals one word: theater. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://theater.xyz/?srsltid=AfmBOoq49fxF-1ejHcMeiJongfWxsbTHx0gTbRVacmOodaK5Q92Rb-oJ

Page Load Overview

22.80s
Total Load Time
351
HTTP Requests
50
Domains
6.1 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:8,092 chars
Detector Agreement:100%

Website Classification

Primary Category

entertainment media74% confidence
Type: webapp
Method: ml+structural

All Detected Categories

entertainment media
74%
adult content
58%
e-commerce shopping
48%
documentation technical
45%
social_media
25%

Detected Features

Login Form
Products
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
46216.150.1.129United States
AS16509AMAZON-02
518.244.18.25United States
AS16509AMAZON-02
5157.240.0.35Frankfurt am Main, Hesse, Germany
AS32934FACEBOOK
574.125.133.156United States
AS15169GOOGLE
5104.26.10.11United States
AS13335CLOUDFLARENET
5172.67.168.26United States
AS13335CLOUDFLARENET
5104.16.124.96United States
AS13335CLOUDFLARENET
5100.29.135.119Ashburn, Virginia, United States
AS14618AMAZON-AES
5142.250.185.168United States
AS15169GOOGLE
5142.250.184.238United States
AS15169GOOGLE
35162--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T13EB42CF0B29831B5800793F5E2769A25F5B271F2DF230184B2FD4BA0A7D2E685C5E49D

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:TIp+ubFAshQQpA97Hb4UNtrkvvKvDMFgh:TIp+oFAshQQpA97Hb4UNtrkvvKvPh

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:500099:gBQWACggp4BQqgEYgAKAozKAZBSJ6AoAOEDoRClySaU9EQnFJi1aTLI2IJQwSgS6AhIdkBBhXgIgdAIQRE4AoWxLMAAUAMV1

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ff0018181818ffff
Perceptual Hash:9818f325cce6ccf8
Difference Hash:3131b1b1b3313119
Wavelet Hash:ff0018181818ffff
Color Hash:#2dd23d

Other Hashes

Crop Resistant:5b1b585b5a1a5a5b,b08c8cd19ba3c0c3,4541000000000000,3131b1b1b3311119

Scan History

Scan history not available

Unable to load historical scan data