ScanMalware.com

Security Scan Report: sanantonio.roomredux.org

Redirected to: https://lemonfresh.com.pl/wp-content/plugins/cmb2/images/mycss-ch/mycss-ch/

Submitted: Oct 11, 2025, 4:14:44 PMCompleted: Oct 11, 2025, 4:15:21 PMpubliccompleted
Loading additional data...

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main domain is lemonfresh.com.pl.

Submitted URL: https://sanantonio.roomredux.org/wp-content/cache/Redi.php

Effective URL: https://lemonfresh.com.pl/wp-content/plugins/cmb2/images/mycss-ch/mycss-ch/Redirected

AI Security Verdict

High Risk

Confidence: 92%

9
Risk Score

High‑risk phishing site harvesting credentials via a compromised WordPress installation.

Risk Factors
Compromised WordPress site used for phishing
Credential harvesting form on a low‑reputation domain
Unranked domain with no established reputation
Health‑themed social engineering on a suspicious site
Potentially newly registered domain
Domain age information unavailable

Details

Page Title

Einloggen - myCSS

Scan Type

public

Language

🇩🇪

German

(80% confidence)

Category

social media network

(98%)

Domain Information

Domain 'sanantonio.roomredux.org' uses the non-profit oriented generic top-level domain (.org); it also runs on subdomain 'sanantonio'. Its registrable label 'roomredux' stretches across 9 characters split between 4 vowels and five consonants. Splitting it apart reveals 3 words: room, red, ux. Expect 3 characters per word on average. 'room' most strongly signals English. Secondary signals appear in Chinese (Pinyin) and Afrikaans.

Screenshot

Security scan screenshot of https://sanantonio.roomredux.org/wp-content/cache/Redi.php

Page Load Overview

21.28s
Total Load Time
4
HTTP Requests
3
Domains
92 KB
Total Size

Language Analysis

Primary Language

🇩🇪German
Code: de
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:de
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:de
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

social media network98% confidence
Type: webapp
Method: ml+structural

All Detected Categories

social media network
98%
technology software
29%
government public service
27%
documentation technical
26%
news media journalism
26%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1185.15.59.240United States
AS14907WIKIMEDIA
1209.87.159.167United States
AS36444NEXCESS-NET
1188.128.239.32Poland
AS12824home.pl S.A.
12a02:ec80:300:ed1a::2:bUnited States
AS14907WIKIMEDIA
44--

Detected Technologies1

PasswordField
100%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1BFF1534259F708B62953E17827EB52447270E0138C0ADE293FEC639C8F85FE969627CC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:KDa5BTdwM69SBnfaQ9oPLK9+1Ci7tgHJo4xVsSsHSloWnA3i/ikpG:nBZwM69SBnfaQ9gi+15h2Jo/0LnA3wpG

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:8046:JAEg4IkByAIElOTBRNIAkgSASZUsDlIpMCmFGCJgUAVBgURNyKElYIWIezxcCgAChXQAIQiEnCgAQMEzA8QEKCBdg4CEASSp

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0018181818181800
Perceptual Hash:cccc33333399cc66
Difference Hash:0c32b2b228b2320c
Wavelet Hash:201818181b1b1b1f
Color Hash:#79d294

Other Hashes

Crop Resistant:0c32b2b228b2320c

Scan History

Scan history not available

Unable to load historical scan data