ScanMalware.com

Security Scan Report: xiaosao.pages.dev

Site favicon
Submitted: Jan 2, 2026, 6:14:26 AMCompleted: Jan 2, 2026, 6:16:12 AMpubliccompleted
Loading additional data...

Summary

This website contacted 25 IPs in 3 countries across 15 domains to perform 53 HTTP transactions. The main domain is xiaosao.pages.dev and was registered NaN years ago.

Submitted URL: https://xiaosao.pages.dev/ru

AI Security Verdict

High Risk

Confidence: 95%

8
Risk Score

Site uses a malicious primary domain and impersonates Ookla Speedtest, posing a high‑risk phishing threat.

Risk Factors
Malicious primary domain (pages.dev) flagged as ek clearfake
Brand impersonation of Ookla Speedtest on an unrelated domain
Unranked domain used to mimic a well‑known service
Domain age information unavailable

Details

Page Title

Speedtest от Ookla - Глобальный тест скорости широкополосного доступа

Scan Type

public

Language

🇷🇺

Russian

(80% confidence)

Category

technology software

(73%)

Domain Information

The domain name 'xiaosao.pages.dev' uses the developer-focused generic top-level domain (.dev) with subdomain 'xiaosao'. The core label 'pages' covers 5 characters containing two vowels alongside 3 consonants. Segmentation suggests 1 word: pages. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://xiaosao.pages.dev/ru

Page Load Overview

48.11s
Total Load Time
55
HTTP Requests
18
Domains
2.7 MB
Total Size

Language Analysis

Primary Language

🇷🇺Russian
Code: ru
Confidence:80%
Script:Cyrillic
Direction:ltr

Detection Details

Language Code:ru
Detection Confidence:80%
Script Type:Cyrillic
HTML Lang Attribute:ru
Text Length:2,461 chars
Detector Agreement:50%

Website Classification

Primary Category

technology software73% confidence
Type: spa
Method: ml+structural

All Detected Categories

technology software
73%
government public service
48%
documentation technical
43%
corporate business
37%
corporate
25%

Detected Features

OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7188.114.97.3United States
AS13335CLOUDFLARENET
223.36.162.25Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
2108.177.15.84United States
AS15169GOOGLE
2142.250.110.84Unknown
AS16625
254.235.246.67Ashburn, Virginia, United States
AS14618AMAZON-AES
244.219.128.126Unknown
AS44788
213.226.244.99Unknown
AS396982
213.226.244.7Unknown
AS13335
2104.18.87.42United States
AS13335CLOUDFLARENET
252.45.51.250Unknown
AS16509
5525--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1081408F162B8536D908B979DEF36AA08770FE0B7F99649D5BB9D4B644B83CD0E803404

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:/lkbcxh4yves0xE6J/CgbcVKzoKeMXKLnpI6dDcPXE+ymj6aslNzlbsjq0Aok3W7:W6bebagbcVMaWUZD+3UbwnZC4Qp29p

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:197951:eYD4kA0RGAAGERg7IcGREAhXGEkQksanhjnFASUhEYAAACOAAIioZ1BFDBAFDCwlCFFJWpAoKPMAoCEasjQACAIxZGQCA2UF

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:7fb9ddfdfdfd1101
Perceptual Hash:aad532f30bd522d1
Difference Hash:99313531312521a1
Wavelet Hash:6f3b3b3b39390101
Color Hash:#d2ca2d

Other Hashes

Crop Resistant:2d2d2d2d2c2d2ded,99313531312521a1

Scan History

Scan history not available

Unable to load historical scan data