Security Scan Report: vanatus.surge.sh

Submitted: Nov 3, 2025, 12:32:48 PMCompleted: Nov 3, 2025, 12:33:41 PMpubliccompleted
Loading additional data...

Summary

This website contacted 19 IPs in 2 countries across 6 domains to perform 10 HTTP transactions. The main domain is vanatus.surge.sh.

Submitted URL: https://vanatus.surge.sh/[email protected]

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

Phishing login page likely harvesting credentials; do not use.

Risk Factors
Credential harvesting form on a brand‑impersonating page
New/unranked domain hosting a password field
Use of a corporate‑style email address to lure victims
Absence of security/anti‑phishing indicators (e.g., noindex, trusted certificates)
Domain age information unavailable

Details

Page Title

Login Verify Bot

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

news media journalism

(35%)

Domain Information

The domain name 'vanatus.surge.sh' uses the .sh country-code top-level domain with subdomain 'vanatus'. The core label 'surge' covers 5 characters containing two vowels alongside three consonants. Segmentation suggests one word: surge. Median word length is 5 characters. 'surge' is most common in Portuguese usage. You may catch it in Portuguese (Brazil) and English as well.

Screenshot

Security scan screenshot of https://vanatus.surge.sh/?admin=ckennedy@infomanagerinc.com

Page Load Overview

10.30s
Total Load Time
10
HTTP Requests
6
Domains
88 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:151 chars
Detector Agreement:100%

Website Classification

Primary Category

news media journalism35% confidence
Type: static
Method: ml+structural

All Detected Categories

news media journalism
35%
government public service
34%
finance banking
32%
phishing scam
31%
documentation technical
31%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
10104.21.39.75United States
AS13335CLOUDFLARENET
0138.68.112.220Frankfurt am Main, Hesse, Germany
AS14061DIGITALOCEAN-ASN
0142.250.185.99United States
AS15169GOOGLE
0104.20.44.30United States
AS13335CLOUDFLARENET
065.9.175.126United States
AS16509AMAZON-02
0216.58.206.42United States
AS15169GOOGLE
02a00:1450:4001:830::2003Frankfurt am Main, Hesse, Germany
AS15169GOOGLE
02606:4700:3035::ac43:8fa9United States
AS13335CLOUDFLARENET
065.9.175.49United States
AS16509AMAZON-02
0142.250.185.74United States
AS15169GOOGLE
1019--

Detected Technologies1

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T195149E14D7F39E3E04824AAB595677C1A57CB7F0C7EC81F731A6AE63F5639A1C219200

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:JpBM773he5CcvvDQZOkEx0fXuj2oqckzI9XT6RAafYIKnnZ09nBqUXs8:FMZe5C+vDQZXEMXPf2jyYIKnKn28

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:196140:iUSFA/FgIJAQFRGnEM8mgAFVnQCUoAyJJDIQAGTsQkqEOGaFRDDR4EzFjACEEdJRAEaXAASaSBOliwbCAUIg4SsjyBGKTQKC

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffe3fbe3e7ffffff
Perceptual Hash:e666999b32319999
Difference Hash:000e164d4c300000
Wavelet Hash:e4e0e0e0e0e0f0f0
Color Hash:#bad22d

Other Hashes

Crop Resistant:000e164d4c300000

Scan History

Scan history not available

Unable to load historical scan data