Security Scan Report: lh1ondemand.com

Redirected to:
https://lh1ondemand.com/LoginGeneric.aspx
Submitted: Feb 7, 2026, 9:36:58 PMCompleted: Feb 7, 2026, 9:38:46 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 3 HTTP transactions. The main domain is lh1ondemand.com and was registered NaN years ago.

Submitted URL: https://lh1ondemand.com

Effective URL: https://lh1ondemand.com/LoginGeneric.aspxRedirected

The Cisco Umbrella rank of the primary domain is #43,811 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

High‑risk phishing site impersonating WEX Benefits login; do not submit credentials.

Risk Factors
Credential harvesting form (password-only field)
Brand impersonation of WEX Benefits on a non‑official domain
Domain age information unavailable

Details

Primary Scan Blocked — Fallback Capture Shown

The primary scanner could not load this page (possible bot protection). The screenshot and page details shown were captured by a fallback browser that loaded the page successfully.

Page Title

lh1ondemand.com

Scan Type

public

Language

🇩🇪

German

(50% confidence)

Category

unknown

(0%)

Domain Information

You're looking at domain 'lh1ondemand.com' on the commercial generic top-level domain (.com). The second-level label 'lh1ondemand' is 11 characters long split between 3 vowels and seven consonants; it also includes 1 digit. Breaking it apart gives 4 words: lh, 1, on, demand. Median word length is two characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://lh1ondemand.com

Page Load Overview

22.22s
Total Load Time
32
HTTP Requests
1
Domains
409 KB
Total Size

Language Analysis

Primary Language

🇩🇪German
Code: de
Confidence:50%
Script:Latin
Direction:ltr

Detection Details

Language Code:de
Detection Confidence:50%
Script Type:Latin
HTML Lang Attribute:en
Text Length:28 chars
Detector Agreement:100%
Language mismatch: Declared as en but detected as de

Website Classification

Primary Category

unknown0% confidence
Type: static
Method: structural

All Detected Categories

No categories detected

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
3245.223.181.93United States
AS19551Incapsula Inc
321--

Detected Technologies4

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1DE048E77329A063986558498F05B43099F20B143F506C9BCB9BCBAD9BFDED06107BB78

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:9fQho9PKBb9Js3q9Jzbs6tlg3SBKwdQWgceIszC2bMy8Oldq:qhoC9JSqzzbs6o3Sj3gcrsu2eAQ

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:184466:IYLQOwQ8GEimIAyxFIBF0QFARgCCoDghCFHmEUBYfsUGS0kiFgEggCg80oFFwDFQQBJAAQgAAFQFgUQMKCCQTEEUYilCi6JD

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffcfc3cfffffffff
Perceptual Hash:b3318ccccc673333
Difference Hash:00180c1800000000
Wavelet Hash:ffdfc3cf00000000
Color Hash:#c5ae87

Other Hashes

Crop Resistant:00180c1800000000

Scan History

Scan history not available

Unable to load historical scan data