ScanMalware.com

Security Scan Report: ronmazthlop-od80zwn13n.edgeone.dev

Submitted: Mar 28, 2026, 12:56:07 AMCompleted: Mar 28, 2026, 12:57:19 AMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 1 country across 6 domains to perform 13 HTTP transactions. The main domain is ronmazthlop-od80zwn13n.edgeone.dev and was registered NaN years ago.

Submitted URL: https://ronmazthlop-od80zwn13n.edgeone.dev/hemalmbaxcamtic.html

AI Security Verdict

High Risk

Confidence: 88%

8
Risk Score

Phishing login page harvesting email credentials on a newly created, low‑reputation subdomain.

Risk Factors
New/unknown subdomain age
Credential harvesting form on low‑reputation domain
Impersonates a generic webmail login page
Unranked domain (not in top 1 M)
Highly obfuscated JavaScript
Domain age information unavailable

Details

Page Title

Webmail Login

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(25%)

Domain Information

Within the developer-focused generic top-level domain (.dev), 'ronmazthlop-od80zwn13n.edgeone.dev' is registered and includes subdomain 'ronmazthlop-od80zwn13n'. Count 7 characters in 'edgeone' with 4 vowels and 3 consonants. Segmentation suggests 2 words: edge, one. Expect 3.5 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://ronmazthlop-od80zwn13n.edgeone.dev/hemalmbaxcamtic.html

Page Load Overview

1.78s
Total Load Time
11
HTTP Requests
6
Domains
2.1 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:205 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software25% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
25%
social_media
25%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
343.174.246.29United States
AS15169
2104.18.50.34United States
AS13335Cloudflare, Inc.
2142.250.201.170United States
AS15169Google LLC
2142.250.154.94United States
AS15169Google LLC
2142.250.201.74United States
AS15169Google LLC
115--

Detected Technologies3

PasswordField
100%
JQueryv3.5.1
100%
Google Hosted Libraries
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1E254F26AA5BB00455B47F169276B6240A736F22FD80BCC58FA8DB78DCFC564548E23CC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

6144:2HafiZHnoKKxA7fNamw2MYc+8/cT9dSdXdAk3DOA5ZE/VpZdZUD82O17:2HafiZHnoKKxA7fNamzHc+8/cT9dSdXU

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:279159:iQBRAGAA4IBgguhpAAAFgCUDEGMUC8QRBRBCAAE4s5RoFMtBa6VgSsiIRQTFQSDQArlxgALAKhUVIgBCAKhtwUTV1wAQCyAL

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:e7e7e7e7c3e7ffff
Perceptual Hash:b333dccc64329999
Difference Hash:0c0c0c0c16080000
Wavelet Hash:3c24242403273f3f
Color Hash:#1f9359

Other Hashes

Crop Resistant:0c0c0c0c16080000

Scan History

Scan history not available

Unable to load historical scan data