ScanMalware.com

Security Scan Report: cardkd.cn

Redirected to: blob:https://cardkd.cn/fb5e6767-41ac-47e2-8d98-7bf579d7eaca

Submitted: Dec 10, 2025, 4:14:00 AMCompleted: Dec 10, 2025, 4:14:30 AMpubliccompleted
Loading additional data...

Summary

This website contacted 25 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main domain is .

Submitted URL: https://cardkd.cn/wp-admin/cgi-ent/newweeetrade.html

Effective URL: blob:https://cardkd.cn/fb5e6767-41ac-47e2-8d98-7bf579d7eacaRedirected

AI Security Verdict

High Risk

Confidence: 95%

10
Risk Score

Phishing site impersonating E*TRADE with compromised WordPress and credential‑harvesting forms.

Risk Factors
Compromised WordPress URL paths indicating a hacked site
Credential harvesting forms collecting passwords and usernames
Brand impersonation of E*TRADE on a non‑official domain
Unranked domain with brand name (typical of typosquatting/phishing)
New or unknown domain age combined with phishing indicators
Domain age information unavailable

Details

Page Title

Log on to E*TRADE

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

corporate business

(69%)

Domain Information

You're looking at domain 'cardkd.cn' on the Chinese country-code top-level domain (.cn) without a subdomain. The second-level label 'cardkd' is 6 characters long containing one vowel alongside 5 consonants. Tokenizing the label suggests 3 words: card, k, d. Average segment length settles at 1 character. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://cardkd.cn/wp-admin/cgi-ent/newweeetrade.html

Page Load Overview

9.21s
Total Load Time
7
HTTP Requests
4
Domains
104 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:3,372 chars
Detector Agreement:100%

Website Classification

Primary Category

corporate business69% confidence
Type: webapp
Method: ml+structural

All Detected Categories

corporate business
69%
finance banking
44%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7170.74.6.20United States
AS6352ETRADE-AS
065.9.175.4United States
AS16509AMAZON-02
065.9.175.50United States
AS16509AMAZON-02
047.238.131.238Hong Kong, Hong Kong
AS45102Alibaba US Technology Co., Ltd.
0151.101.66.137San Francisco, California, United States
AS54113FASTLY
02600:9000:2096:0:7:2667:2700:93a1United States
AS16509AMAZON-02
02600:9000:2096:e400:7:2667:2700:93a1United States
AS16509AMAZON-02
02a04:4e42:200::649United States
AS54113FASTLY
02a04:4e42::649United States
AS54113FASTLY
02600:9000:2096:2800:7:2667:2700:93a1United States
AS16509AMAZON-02
725--

Detected Technologies3

PasswordField
100%
LiteSpeed
40%
HTTP/3
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1BA23612651E300AAA5A3D1A427E72B4A3EA19C43E445C5613EFC97C84FC7D85C9B73EC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:25wohF8cj6F9q1iOkCC77kCrkCdkC3kC+R5wvDio4Cc1tF/veaFOrfFKH:2wohKYYbshbJfiio4Cc1tF/veaFOrfFY

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:46726:AAaEFBVFUwCAEJcgRAEac1BoFhUIFcOAiACpxCBYABcAiJKYMrEKJAwPCScDgAIAAZKBDMgJwQRITiVCIqCAQDNuQY3KMMQE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:N/A
Perceptual Hash:N/A
Difference Hash:N/A
Wavelet Hash:N/A
Color Hash:N/A

Other Hashes

Crop Resistant:N/A

Scan History

Scan history not available

Unable to load historical scan data