ScanMalware.com

Security Scan Report: lively-beignet-70f8a0.netlify.app

Submitted: Nov 26, 2025, 7:59:42 AMCompleted: Nov 26, 2025, 8:02:56 AMpubliccompleted
Loading additional data...

Summary

This website contacted 12 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main domain is lively-beignet-70f8a0.netlify.app.

Submitted URL: https://lively-beignet-70f8a0.netlify.app/oauth2.roundcube.webmail.client.grant.authorization.code.pkce

AI Security Verdict

Confirmed Scam

Confidence: 95%

9
Risk Score

Phishing page impersonating Roundcube Webmail on a newly created Netlify domain.

Risk Factors
Credential harvesting form on suspicious domain
Brand impersonation of Roundcube Webmail
New/unranked domain (likely <30 days old)
Use of Netlify subdomain for a webmail login page
Domain age information unavailable

Details

Page Title

Roundcube Webmail :: Welcome to Roundcube Webmail

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

legitimate website

(36%)

Domain Information

Within the application-focused generic top-level domain (.app), 'lively-beignet-70f8a0.netlify.app' is registered; it also runs on subdomain 'lively-beignet-70f8a0'. The core label 'netlify' covers 7 characters containing two vowels alongside five consonants. Breaking it apart gives 3 words: net, li, fy. The median word length lands at two characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://lively-beignet-70f8a0.netlify.app/oauth2.roundcube.webmail.client.grant.authorization.code.pkce

Page Load Overview

0.28s
Total Load Time
6
HTTP Requests
3
Domains
219 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:73 chars
Detector Agreement:100%

Website Classification

Primary Category

legitimate website36% confidence
Type: webapp
Method: ml+structural

All Detected Categories

legitimate website
36%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
3104.17.24.14United States
AS13335CLOUDFLARENET
2104.21.89.92United States
AS13335CLOUDFLARENET
135.157.26.135Frankfurt am Main, Hesse, Germany
AS16509AMAZON-02
0172.67.139.137United States
AS13335CLOUDFLARENET
0104.17.25.14United States
AS13335CLOUDFLARENET
02a05:d014:58f:6200::259Frankfurt am Main, Hesse, Germany
AS16509AMAZON-02
02606:4700::6811:180eUnited States
AS13335CLOUDFLARENET
02606:4700:3031::6815:595cUnited States
AS13335CLOUDFLARENET
063.176.8.218Frankfurt am Main, Hesse, Germany
AS16509AMAZON-02
02a05:d014:58f:6200::258Frankfurt am Main, Hesse, Germany
AS16509AMAZON-02
612--

Detected Technologies2

PasswordField
100%
Bootstrapv5.3.2
100%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T171228444D382284232478B72BB17B1E6FC9B444B7C4C0D26B12C7BE46FD6952E5E6B74

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:NrjGmf+zU7FF9aLMaoOJy4LrXn9I9zmvcyHLKKZnibdLscRvVxvNubktROK7crT:NrjJWMFXaoOJy4LrX9I9zFoLKKZibtsd

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:10273:xgBBBMAoRFlIDxAElDughDNUYXCigloUBCC8jAJRARZkMVIJxDAghYJhB0iRBM4nSCFQSQUYkJQBioGAUai2pB4iKSgyRAhv

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffe7e7cfdfc3c3ff
Perceptual Hash:b383ce3c98666393
Difference Hash:000c4c1e10960e00
Wavelet Hash:3f27270303030307
Color Hash:#53a0ac

Other Hashes

Crop Resistant:000c4c1e10960e00

Scan History

Scan history not available

Unable to load historical scan data