ScanMalware.com

Security Scan Report: app-avisosegurossl1.hotmart.host

Redirected to:
http://tsoule.mooo.com/CONF/
Site favicon
Submitted: Nov 24, 2025, 12:38:27 AMCompleted: Nov 24, 2025, 12:41:16 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main domain is tsoule.mooo.com and was registered NaN years ago.

Submitted URL: https://app-avisosegurossl1.hotmart.host/kr/2025login?milu

Effective URL: http://tsoule.mooo.com/CONF/Redirected

AI Security Verdict

Confirmed Scam

Confidence: 98%

10
Risk Score

Confirmed phishing site harvesting credentials via brand impersonation and malicious redirects.

Risk Factors
Malicious Indicators of Compromise on primary domain
Login form collecting passwords on an untrusted domain
Impersonation of Itau Card brand
Circular redirect loop indicating URL manipulation
Use of a dynamic, unranked domain (mooo.com) for credential capture
Domain age information unavailable

Details

Page Title

Itau Card

Scan Type

public

Language

🇵🇹

Portuguese

(52% confidence)

Category

cryptocurrency blockchain

(57%)

Domain Information

Within the .host top-level domain, 'app-avisosegurossl1.hotmart.host' is registered; it also runs on subdomain 'app-avisosegurossl1'. Its registrable label 'hotmart' stretches across 7 characters split between two vowels and five consonants. Breaking it apart gives 2 words: hot, mart. Average segment length settles at 3.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://app-avisosegurossl1.hotmart.host/kr/2025login?milu

Page Load Overview

1.25s
Total Load Time
15
HTTP Requests
2
Domains
223 KB
Total Size

Language Analysis

Primary Language

🇵🇹Portuguese
Code: pt
Confidence:52%
Script:Latin
Direction:ltr

Detection Details

Language Code:pt
Detection Confidence:52%
Script Type:Latin
Text Length:68 chars
Detector Agreement:100%

Website Classification

Primary Category

cryptocurrency blockchain57% confidence
Type: static
Method: ml+structural

All Detected Categories

cryptocurrency blockchain
57%
finance banking
50%
documentation technical
46%
technology software
42%
adult content
27%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
12109.193.132.146Dortmund, North Rhine-Westphalia, Germany
AS3209Vodafone GmbH
52600:1901:0:3825::Kansas City, Missouri, United States
AS396982GOOGLE-CLOUD-PLATFORM
134.117.59.36Kansas City, Missouri, United States
AS396982GOOGLE-CLOUD-PLATFORM
153--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1B6410F06598EFC2B912222C894D6FE485C9F9F14D314CA90A0FF59757FC2E8458295F8

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

48:1+8T9ZywJmeyQ1NE64ZsHMHLH2H/TAHtUrC5yx/:1+8TTyW27czL/

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:1956:AAAAgQAAAAAAEMAACAAAAQAAAQDACiMQAAACAQAAgAAAACAAAACAIAECAIgEJAAABwEABRIEAIAAACIEAQgAAACAAREEAAAA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:9f1b198041fffcfc
Perceptual Hash:d82d96b0327e8d59
Difference Hash:3733733393a808b8
Wavelet Hash:1f1b188041fff0fc
Color Hash:#c1d279

Other Hashes

Crop Resistant:b1edcfaeb4868686,0e2c24410819d15e,731393bf81089cf8,3f373233731393be,01080c0c9cb8f8f8

Scan History

Scan history not available

Unable to load historical scan data