Security Scan: https://danos.z13.web.core.windows.net/bab.ht

Summary

This website contacted 2 IPs in 1 country across 2 domains to perform 2 HTTP transactions. The main domain is mail26.serverlet.top and was registered NaN years ago.

Submitted URL: https://danos.z13.web.core.windows.net/bab.html#[email protected]

Effective URL: https://mail26.serverlet.top/_andromeda_oxy/[email protected]&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=nullRedirected

The Cisco Umbrella rank of the primary domain is #44 of the top 1 million websitesTop 100 Site

AI Security Verdict

Moderate Risk

Confidence: 78%

Risk Score

The page contains a hidden form and embeds a user email in the URL, indicating credential phishing; classify as high risk.

Risk Factors

Email in URL fragment (phishing lure)

Unknown subdomain age on hosting platform

Hidden form likely used for credential collection

Heavy use of eval() in JavaScript

Redirect to a different domain (mail26.serverlet.top)

Safety Factors

High Cisco Umbrella ranking (top 100)

No Indicators of Compromise matched

No JavaScript YARA malware patterns detected

No network IDS alerts

Low JavaScript obfuscation score (0/100)

No concrete malicious signal (no IoC / YARA / Safe-Browsing / IDS / credential form / brand impersonation) — elevated risk rested on domain age or reputation alone; clamped from 7 to 5

Verdict cited a credential/login form, but DOM analysis found no password field (real or disguised) or payment field, and no other hard signal — credential-phishing framing unsupported; risk adjusted from 5 to 5

Domain age information unavailable

Details

Page Title

N/A

Scan Type

public

Language

🇺🇸

English

(66% confidence)

Screenshot

Page Load Overview

0.74s

Total Load Time

HTTP Requests

Domains

35 KB

Total Size

Language Analysis

Primary Language

🇺🇸English

Code: en

Confidence:66%

Script:Latin

Direction:ltr

Detection Details

Language Code:en

Detection Confidence:66%

Script Type:Latin

Text Length:54 chars

Detector Agreement:100%

Website Classification

Primary Category

documentation technical45% confidence

Type: static

Method: ml+structural

All Detected Categories

documentation technical

45%

news media journalism

45%

phishing scam

40%

healthcare medical

39%

e-commerce shopping

31%

Detected Features

No structural features detected

Domain & IP Information

Requests	IP Address	Location	AS Autonomous System
11	104.21.44.232	United States	AS13335Cloudflare, Inc.
11	57.150.155.68	Washington, Virginia, United States	AS8075Microsoft Corporation
22	2	-	-

Detected Technologies6

JQueryv3.6.3

100%

50%

45%

40%

30%

Google Hosted Libraries

20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T11A4152BA7D19863486125196313AE35D3C32E0257F01848486ECCC395E58FDA08BBEAD

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

48:Ltx8isxZHKWrGLrGWJCSTw2wptI8Id65OS:LGS84Cnx/Iq

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:1879:AAAAEAbABgAABMIBAABBlEAiBIAAABAAACYAAAAAgAAEAAAAAABAAABABoCAAEQAAAAAAACAAAAAQCAIAAUAAAiEAwAAgiiB

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:3f7fffffffffffff

Perceptual Hash:83070707070f1fff

Difference Hash:c080000000000000

Wavelet Hash:30f0f0f0f0f0f0f0

Color Hash:#8e87c5

Other Hashes

Crop Resistant:c080000000000000

Scan History

Scan history not available

Unable to load historical scan data

Security Scan Report: danos.z13.web.core.windows.net