ScanMalware.com

Security Scan Report: kvjko.marrvelousgirl.net

Redirected to: https://www.citasbonitas.com/aff.php?_disAL=true&btUrl=aHR0cHM6Ly9jZC10by1naC5jb20vdGRzL2FlL2NiL3MvZjNlNzQwOTRjZmUxZDdlY2U2NmZlN2U3Y2U0OTBiZmI%2FX190PTE3NzM5NDcyNzUxMzMmX19sPTM2MDAmX19jPWVlNTUyZGFjNzNhOGZkOGMzNjg2MzdiNDIxNjY5NzhlNmYyYzRlMzY%3D&data2=myvev69bc498a0002a581&data3=%7Bdata3%7D&dci=f127dff8c83f256e6bb62fba70c37b362bdd328c&dynamicpage=all_alp_7st_violet_v3_a&gf=2107&p_tds_cid=&s1=int&s3=2023677&tdsId=b6623koz_lp_b_1772708384739_cb&tds_ac_id=s5679yal&tds_ao=1&tds_campaign=b6623koz&tds_cid=ee552dac73a8fd8c368637b42166978e6f2c4e36&tds_host=cd-to-gh.com&tds_id=b6623koz_lp_b_1772708384739_cb&tds_oid=33343564&tds_path=%2Ftds%2Fae&tds_ps=b&tds_reason=direct&utm_campaign=cf29322b&utm_content=18151&utm_ex=b&utm_funnel=tds&utm_source=int&utm_term=2

Submitted: Mar 19, 2026, 7:07:52 PMCompleted: Mar 19, 2026, 7:09:06 PMpubliccompleted
Loading additional data...

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 39 HTTP transactions. The main domain is citasbonitas.com and was registered NaN years ago.

Submitted URL: https://kvjko.marrvelousgirl.net/?utm_source=da57dc555e50572d&s1=18151&s2=2023677&s3=un_ledre&s5=un_ledre&click_id=un_ledre&ban=tg&j1=1&j2=1&j5=1&j6=1

Effective URL: https://www.citasbonitas.com/aff.php?_disAL=true&btUrl=aHR0cHM6Ly9jZC10by1naC5jb20vdGRzL2FlL2NiL3MvZjNlNzQwOTRjZmUxZDdlY2U2NmZlN2U3Y2U0OTBiZmI%2FX190PTE3NzM5NDcyNzUxMzMmX19sPTM2MDAmX19jPWVlNTUyZGFjNzNhOGZkOGMzNjg2MzdiNDIxNjY5NzhlNmYyYzRlMzY%3D&data2=myvev69bc498a0002a581&data3=%7Bdata3%7D&dci=f127dff8c83f256e6bb62fba70c37b362bdd328c&dynamicpage=all_alp_7st_violet_v3_a&gf=2107&p_tds_cid=&s1=int&s3=2023677&tdsId=b6623koz_lp_b_1772708384739_cb&tds_ac_id=s5679yal&tds_ao=1&tds_campaign=b6623koz&tds_cid=ee552dac73a8fd8c368637b42166978e6f2c4e36&tds_host=cd-to-gh.com&tds_id=b6623koz_lp_b_1772708384739_cb&tds_oid=33343564&tds_path=%2Ftds%2Fae&tds_ps=b&tds_reason=direct&utm_campaign=cf29322b&utm_content=18151&utm_ex=b&utm_funnel=tds&utm_source=int&utm_term=2Redirected

AI Security Verdict

High Risk

Confidence: 82%

8
Risk Score

The page harvests login credentials via hidden/disguised fields and cross‑origin submission; treat as high‑risk phishing.

Risk Factors
Disguised password field
Hidden password fields
Unicode evasion in form inputs
Cross‑origin credential submission to a different domain
Domain age information unavailable

Details

Page Title

CitasBonitas

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

adult content

(93%)

Domain Information

The domain name 'kvjko.marrvelousgirl.net' uses the network infrastructure generic top-level domain (.net); it also runs on subdomain 'kvjko'. The core label 'marrvelousgirl' covers 14 characters with 5 vowels and nine consonants. Segmentation suggests 4 words: marr, velo, us, girl. Average segment length settles at four characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://kvjko.marrvelousgirl.net/?utm_source=da57dc555e50572d&s1=18151&s2=2023677&s3=un_ledre&s5=un_ledre&click_id=un_ledre&ban=tg&j1=1&j2=1&j5=1&j6=1

Page Load Overview

2.90s
Total Load Time
39
HTTP Requests
4
Domains
366 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:5,011 chars
Detector Agreement:100%

Website Classification

Primary Category

adult content93% confidence
Type: webapp
Method: ml+structural

All Detected Categories

adult content
93%
government public service
61%
entertainment media
50%
documentation technical
47%
blog personal website
44%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
123.174.46.17United States
AS16509Amazon.com, Inc.
952.19.138.177Dublin, Leinster, Ireland
AS16509Amazon.com, Inc.
9172.67.198.35United States
AS13335Cloudflare, Inc.
9104.21.60.163United States
AS13335Cloudflare, Inc.
394--

Detected Technologies1

PasswordField
100%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T12223F1607DB1D83300AB9DC19DA94B2B3FE5A316C9170544B3BC47E81FEAE41EE2B255

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:jRzZlftwiy0Uyw2gJ/i6YxD/Jd5d9cSdMyq:1zZlftwiy0Uyw2gJ/i6YxD/Jd5d9cSdG

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:48377:CCQFwBIBHQMCGtEAA6ERWoigQII2oEZoACknQoAw8BAL0lIAqgCgYDw7BACIHpFqZcOchoIGiAkQBCCghjoGQjSmgQIgIKQR

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:002020387c707333
Perceptual Hash:c77a26d89826678d
Difference Hash:104c40d0f0c0c6c6
Wavelet Hash:3a20307c7e787373
Color Hash:#5dbf40

Other Hashes

Crop Resistant:a2a9c96c68a1aaa2,104c40d0f0c0c6c6

Scan History

Scan history not available

Unable to load historical scan data