ScanMalware.com

Security Scan Report: sofi.mex.com

Submitted: Apr 9, 2026, 10:15:52 AMCompleted: Apr 9, 2026, 10:16:18 AMpubliccompleted
Loading additional data...

Summary

This website contacted 8 IPs in 1 country across 8 domains to perform 1 HTTP transaction. The main domain is sofi.mex.com and was registered NaN years ago.

Submitted URL: https://sofi.mex.com/

AI Security Verdict

High Risk

Confidence: 92%

7
Risk Score

Site impersonates SoFi on a non‑official domain; likely phishing – avoid.

Risk Factors
Brand impersonation: meta tags and title claim SoFi on an unrelated domain
Unranked domain with a major brand claim
Login‑oriented page title on a site lacking legitimate SoFi content
Domain age information unavailable

Details

Page Title

SoFi Online Banking Login | Bank, Loans & Savings Account Access

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(94%)

Domain Information

The domain 'sofi.mex.com' uses the commercial generic top-level domain (.com) and includes subdomain 'sofi'. The core label 'mex' covers 3 characters split between one vowel and two consonants. Segmentation suggests 1 word: mex. Median word length comes out to 3 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://sofi.mex.com/

Page Load Overview

4.65s
Total Load Time
29
HTTP Requests
8
Domains
913 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:5,118 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking94% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

finance banking
94%
corporate
35%

Detected Features

Schema.org

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
8172.67.68.11United States
AS400992
323.172.217.229United States
AS400992ZhouyiSat Communications
3142.251.14.94United States
AS54113
3142.251.37.10United States
AS13335
3104.17.24.14United StatesUnknown
3104.18.0.22United States
AS13335Cloudflare, Inc.
3151.101.2.137United StatesUnknown
3104.16.174.226United StatesUnknown
298--

Detected Technologies8

JQueryv3.7.1
100%
Cloudflare
50%
HSTS
40%
Tailwind CSS
30%
jsDelivr
20%
jQuery CDN
20%
cdnjs
20%
Unpkg
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T15343D71567F0003F1C9382E1F690AF6DFB6AA1C3ED2B85AAB66D01125FC7DA64D53708

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:sLL8u8S9Xhymh2bPnY3s1hnFitUM+WbQPPiC6euJsHyjKaMapmaM5Ffk/bjnT2T2:A8u8fhgsA+yznz

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:60108:J6DM6IKeEACALEmJXAKdKWVOIRHASFEQ0kINCECINAxNI5IcEiARBggEUDKBxx3ogygJbuJM+ANkmbEQNSEAhEkyHusEMhDI

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00fffbfbfbfbff00
Perceptual Hash:ede712f641b61861
Difference Hash:4902323212332391
Wavelet Hash:00fb8b9bf391fb00
Color Hash:#88bf40

Other Hashes

Crop Resistant:4902323212332391,0111c4c6c6410100,0337b4c712925211

Scan History

Scan history not available

Unable to load historical scan data