ScanMalware.com

Security Scan Report: www.mirplanner.com

Redirected to: https://www.mirplanner.com/auth/sign-in

Site favicon
Submitted: Dec 20, 2025, 5:37:17 PMCompleted: Dec 20, 2025, 5:38:15 PMpubliccompleted
Loading additional data...

Summary

This website contacted 14 IPs in 1 country across 10 domains to perform 65 HTTP transactions. The main domain is mirplanner.com and was registered NaN years ago.

Submitted URL: https://www.mirplanner.com

Effective URL: https://www.mirplanner.com/auth/sign-inRedirected

The Cisco Umbrella rank of the primary domain is #311,415 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

9
Risk Score

High‑risk phishing site impersonating Nationwide; do not enter credentials.

Risk Factors
Brand impersonation of Nationwide on a non‑official domain
Credential harvesting login form
Low ranking for brand claim (suggests typosquatting/phishing)
Domain age information unavailable

Details

Page Title

Sign In | Nationwide

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

education learning

(87%)

Domain Information

The domain 'www.mirplanner.com' uses the commercial generic top-level domain (.com); it also runs on subdomain 'www'. Its registrable label 'mirplanner' stretches across 10 characters split between three vowels and 7 consonants. Segmentation suggests two words: mir, planner. Median word length comes out to 5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://www.mirplanner.com

Page Load Overview

12.00s
Total Load Time
65
HTTP Requests
10
Domains
1.2 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:1,392 chars
Detector Agreement:80%

Website Classification

Primary Category

education learning87% confidence
Type: webapp
Method: ml+structural

All Detected Categories

education learning
87%
finance banking
37%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
13104.16.174.226United States
AS13335CLOUDFLARENET
43.164.206.116United States
AS16509AMAZON-02
4108.156.22.98United States
AS16509AMAZON-02
416.15.4.80San Jose, California, United States
AS16509AMAZON-02
4205.234.175.175United States
AS30081CACHENETWORKS
4104.17.25.14United States
AS13335CLOUDFLARENET
418.165.140.43United States
AS16509AMAZON-02
43.164.206.89United States
AS16509AMAZON-02
418.165.140.41United States
AS16509AMAZON-02
43.164.206.100United States
AS16509AMAZON-02
6514--

Detected Technologies2

PasswordField
100%
Google-AnalyticsvClassic
100%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T13413B7D6509256394A174A56B3CC842D8A39EEE3D9138C9EF1AD10095FC6FF8279333B

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:dMVM6MVM+MVMfMVMnMVMsMVMUMVMvspuolIn+L4+VjcSkeV+4pdR2Rox8ThpDdQ:dMVM6MVM+MVMfMVMnMVMsMVMUMVMvspZ

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:42925:QhgQSCQVPIyIEBCYCcsApbCVG4E4aKhEBEqhEJWBRoEhBsRFFEhgCAMF9IHhJSEPSAswADBCSAFwJAMUDmg4EGKg8gKeaUIN

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:fe005effffffff00
Perceptual Hash:d4564ad4fed4d0c1
Difference Hash:e4e1b696c880e071
Wavelet Hash:3c005e767e7e7e00
Color Hash:#78753a

Other Hashes

Crop Resistant:e4e1b696c880e071,4924d9c4ec6d1225,c9b29684a2e2e831,0000000830323434

Scan History

Scan history not available

Unable to load historical scan data