ScanMalware.com

Security Scan Report: s1096590.ha011.t.mydomain.zone

Redirected to: https://s1096590.ha011.t.mydomain.zone/

Site favicon
Submitted: Jan 17, 2026, 3:51:56 PMCompleted: Jan 17, 2026, 3:53:03 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main domain is s1096590.ha011.t.mydomain.zone and was registered NaN years ago.

Submitted URL: http://s1096590.ha011.t.mydomain.zone/

Effective URL: https://s1096590.ha011.t.mydomain.zone/Redirected

The Cisco Umbrella rank of the primary domain is #908,447 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

9
Risk Score

High‑risk phishing site impersonating PayPal; do not enter credentials.

Risk Factors
Brand impersonation of PayPal on a low‑ranking, unrelated domain
Disguised password fields (type='text' with password placeholder)
Hidden password field in the page source
Unicode character evasion in form inputs
Multiple password fields without a clear legitimate purpose
Domain age information unavailable

Details

Page Title

Order Summary - PayPal

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

e-commerce shopping

(37%)

Domain Information

Domain 's1096590.ha011.t.mydomain.zone' uses the .zone top-level domain with subdomain 's1096590.ha011.t'. The second-level label 'mydomain' is 8 characters long holding 3 vowels versus five consonants. Segmentation suggests 2 words: my, domain. Median word length is 4 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://s1096590.ha011.t.mydomain.zone/

Page Load Overview

0.96s
Total Load Time
19
HTTP Requests
3
Domains
32 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:1,756 chars
Detector Agreement:75%

Website Classification

Primary Category

e-commerce shopping37% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

e-commerce shopping
37%
finance banking
34%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
791.149.219.45Helsinki, Uusimaa, Finland
AS26383ASNET
6172.67.180.104United States
AS13335CLOUDFLARENET
6172.64.153.163United States
AS13335CLOUDFLARENET
193--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1AF82FA6040F845B7619381E1AAE6AE0B3EC9D603CF0A45507ABC4BE55FDBD83CE2716D

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:TqIcR+teX1D2qz+UkSJpnsnsaf4qqBTkt2kOcT94q9n+SnNJJJJJ5JnS+AHxDBDh:2bRGel2OJ2lfqBOflrJJJJJPN2Ddtf1z

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:19151:IRBBAIHGJwykJBP4UgDRgYCpk5SgFEUACwBgDhhAGgACJJIZDAAAQQAHiiIHaawCgMEYKhCCgUMowpIAjMcYSEgG8KUBoAcB

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:bfcfcbd1f3ffffff
Perceptual Hash:e93992c66c4e9693
Difference Hash:2394921216240000
Wavelet Hash:99cfc18101030303
Color Hash:#53aca8

Other Hashes

Crop Resistant:2394921216240000,011756684aa6270f

Scan History

Scan history not available

Unable to load historical scan data