mass.report
Scan Intelligence Report0/100
high Risk
scamminder.com
https://scamminder.com/login
IP
172.66.43.50 · Cloudflare, Inc.
Location
Toronto, Canada
Domain Age
920 days
HTTP
200 · 30.4s
SSL
Valid· WE1, Google Trust Services, US
Status
COMPLETED
KB/IOK Matches (0)—
No KB/IOK detections were recorded for this scan.
ScamMinder
Credential Phishingfinance | technology | ecommerce | healthcare | government | social_media | cryptocurrency | telecommunications | education | other · 4/5/2026
Summary
This page at scamminder.com presents a login form and branding that visually mimics a legitimate login experience, but the domain scamminder.com does not correspond to a widely recognized brand name shown in the UI. The page title and assets indicate the brand is ScamMinder, but the presence of a login form and password field on a domain not associated with a known consumer brand signals credential collection. The site loads multiple external ad/analytics scripts and fonts, and employs a Cloudflare-backed hosting environment with an active SSL cert recently issued, which aligns with common phishing setups designed to harvest credentials while appearing legitimate.
Attack Techniques (5)
Domain impersonation of a brand (scamminder.com hosting a login page branded as ScamMinder) despite unclear real-world brand affiliationCloned login UI with password field and sign-in button designed to capture credentialsExternal script loading from ad networks and analytics (adsense, googletagmanager, gtag) to resemble legitimate traffic and track victimsSPA-like asset loading with multiple JS bundles and a single static login form in HTML (possible JS-rendered login flow)SSL certificate recently issued (valid from Feb 26 2026 to May 27 2026) on a brand-new domain, increasing trust for victims while hosting credential capture
Indicators of Compromise (6)
▸Domain: scamminder.com (IOC)
▸Page title: ScamMinder (brand signal)
▸Network requests loading assets named like logo-dark.svg, logo-light.svg, and various vendor JS files from scamminder.com
▸External scripts referencing ads networks and Google Analytics (adsense, gtag, analytics)
▸HTTPS login form in static HTML with POST interactions to general Google analytics endpoints and a login form payload
▸SSL cert issued 1 day ago (Feb 26 2026) for scamminder.com (subject CN scamminder.com)
Risk AssessmentUsed in abuse reports
The page at scamminder.com/login uses a login form and password field under the ScamMinder branding, with multiple external script loads from advertising and analytics services. The domain age is 920 days, but the SSL certificate is new (issued within the last day), and the site appears designed to collect credentials under the ScamMinder branding without clear association to an established, widely recognized authentication provider. Visual cues from the screenshot show a prominent login UI that mimics legitimate sign-in flows, increasing risk of credential harvesting. This combination—domain-brand mismatch risk, active credential form, and WAF-eviction indicators via ad-network scripts—constitutes a strong phishing signal warranting immediate takedown action and registrar/hosting provider notification.
Recommended Action
Suspend Domain
Cross-Reference8
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API