ScanMalware.com

Security Scan Report: c158.whatcar.com

Redirected to:
https://haymarket.sb.blueconic.net/blueconic/static/index.html
Submitted: Apr 19, 2026, 5:07:26 AMCompleted: Apr 19, 2026, 5:08:35 AMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main domain is haymarket.sb.blueconic.net and was registered NaN years ago.

Submitted URL: https://c158.whatcar.com

Effective URL: https://haymarket.sb.blueconic.net/blueconic/static/index.htmlRedirected

The Cisco Umbrella rank of the primary domain is #309,555 of the top 1 million websites

AI Security Verdict

Moderate Risk

Confidence: 85%

5
Risk Score

The site pretends to be BlueConic login, collects credentials on an unrelated, low‑ranked domain, and uses heavily obfuscated JavaScript – likely a phishing page.

Risk Factors
Brand impersonation
Credential collection form on unrelated domain
Low domain reputation ranking
Highly obfuscated JavaScript
Possible hidden login form not detected by automated form parser
Safety Factors
Domain is well‑established (over 28 years old)
No Indicators of Compromise matched in threat intelligence
No malicious YARA patterns detected
No network IDS alerts
Established domain (10216 days old) with no strong malicious indicators — risk clamped from 8 to 5
Domain age information unavailable

Details

Page Title

haymarket.sb.blueconic.net

Scan Type

public

Language

🇺🇸

English

(41% confidence)

Category

technology software

(28%)

Domain Information

Domain 'c158.whatcar.com' uses the commercial generic top-level domain (.com) and includes subdomain 'c158'. Count 7 characters in 'whatcar' split between two vowels and 5 consonants. Word splitting yields 2 words: what, car. Expect 3.5 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://c158.whatcar.com

Page Load Overview

2.07s
Total Load Time
31
HTTP Requests
3
Domains
452 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:41%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:41%
Script Type:Latin
Text Length:813 chars
Detector Agreement:67%

Website Classification

Primary Category

technology software28% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

technology software
28%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1654.72.73.104Dublin, Leinster, Ireland
AS16509Amazon.com, Inc.
1518.66.122.43United States
AS16509
312--

Detected Technologies4

Amazon Web Services
50%
HTTP/3
40%
HSTS
40%
Amazon CloudFront
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T180048E77329A063986558498E05B430D9F20B143F506C9BCB9BCBAD9BFDED06107BB78

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:3fQho9PKBb9Js3q9Jzbs6tlg3SBKwdQWgceIszm2bMy8Old9:IhoC9JSqzzbs6o3Sj3gcrsS2eAj

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:184602:EqCVTUBBjAAEIKUM0iggIBkFRSQ5OMUgH4AoShAAkESkBJS4CkukcQw9A3ACYBpkBAQCbVBYmCBQKz8AghgBzEBonSBRAAQy

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffcfc3c7ffffffff
Perceptual Hash:b131cccccc733333
Difference Hash:00181c1c00000000
Wavelet Hash:fcdcc0c0f0f0f0f0
Color Hash:#53ac81

Other Hashes

Crop Resistant:00181c1c00000000

Scan History

Scan history not available

Unable to load historical scan data