Security Scan Report: cr738267-wordpress-98tnq.tw1.ru

Redirected to:
https://cr738267-wordpress-98tnq.tw1.ru/wp-content/plugins/fddac-lcl-s...
Site favicon
Submitted: Oct 15, 2025, 8:48:57 AMCompleted: Oct 15, 2025, 8:49:30 AMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 1 country across 1 domain to perform 16 HTTP transactions. The main domain is cr738267-wordpress-98tnq.tw1.ru.

Submitted URL: https://cr738267-wordpress-98tnq.tw1.ru/wp-content/plugins/fddac-lcl-sar/fddac-lcl-sar/pages/login.php?lcl#e0684aeb7467c1f0e

Effective URL: https://cr738267-wordpress-98tnq.tw1.ru/wp-content/plugins/fddac-lcl-sar/fddac-lcl-sar/pages/login.php?lclRedirected

AI Security Verdict

High Risk

Confidence: 95%

10
Risk Score

Site impersonates LCL bank, uses URL spoofing and a hacked WordPress host to harvest credentials – high‑risk phishing.

Risk Factors
URL manipulation (phishing technique)
Hacked WordPress site used for phishing
Impersonation of a well‑known bank (LCL) on an unranked domain
Credential collection form on suspicious domain
Likely newly registered domain
Domain age information unavailable

Details

Page Title

LCL - Mon espace

Scan Type

public

Language

🇫🇷

French

(80% confidence)

Category

finance banking

(84%)

Domain Information

The domain 'cr738267-wordpress-98tnq.tw1.ru' uses the Russian country-code top-level domain (.ru) with subdomain 'cr738267-wordpress-98tnq'. The core label 'tw1' covers 3 characters split between 0 vowels and 2 consonants; it also includes one digit. Word splitting yields 2 words: tw, 1. Average segment length settles at 1.5 characters. The linguistic tilt is Albanian for 'tw'.

Screenshot

Security scan screenshot of https://cr738267-wordpress-98tnq.tw1.ru/wp-content/plugins/fddac-lcl-sar/fddac-lcl-sar/pages/login.php?lcl#e0684aeb7467c1f0e

Page Load Overview

15.79s
Total Load Time
16
HTTP Requests
1
Domains
448 KB
Total Size

Language Analysis

Primary Language

🇫🇷French
Code: fr
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:fr
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:fr-FR
Text Length:1,055 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking84% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

finance banking
84%
technology software
72%
education learning
68%
documentation technical
67%
government public service
57%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
892.53.96.105Russia
AS9123Jsc timeweb
82a03:6f00:1::5c35:6069St Petersburg, St.-Petersburg, Russia
AS9123Jsc timeweb
162--

Detected Technologies2

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T103638372B70020BDEE834D895DC37A0F20756A79E35DDEA89138082589D5FFAE4E1376

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:3Lkg81jFhqtQLmQpotm2ekXaYvWvnXbg0tCmPelpyL9iPnI0TXRqXp:300mEXarnXbltCmGnysw5

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:71266:QAHaxOAGilAUJwMAIMsGAoCERDAIwN2YgE4koMQJEICJGDGhAyGClCcBEhGQIDEgS4PEIsQgUYASsImDCVUjOk4WKED2DQcG

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:fffcf8f8f8e4c4c0
Perceptual Hash:d38c31b4ad74cab1
Difference Hash:4859514109889899
Wavelet Hash:fcfcf8f0e0c4c4c0
Color Hash:#53ac8d

Scan History

Scan history not available

Unable to load historical scan data