ScanMalware.com

Security Scan Report: hostinger-mail-ewgjnwrkgnkrw-uzykxbltblreflrwdeohjtok.pages.dev

Redirected to:
https://mail.hostinger.com/auth/login?redirect=%2F%3F_task%3Dmail%26_m...
Site favicon
Submitted: May 8, 2026, 8:43:49 AMCompleted: May 8, 2026, 8:45:08 AMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 1 country across 5 domains to perform 25 HTTP transactions. The main domain is mail.hostinger.com and was registered NaN years ago.

Submitted URL: https://hostinger-mail-ewgjnwrkgnkrw-uzykxbltblreflrwdeohjtok.pages.dev/

Effective URL: https://mail.hostinger.com/auth/login?redirect=%2F%3F_task%3Dmail%26_mbox%3DINBOXRedirected

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

The page impersonates Hostinger login on an unranked pages.dev subdomain, contains a password‑only field and triggers multiple critical IDS alerts, confirming a phishing and malware campaign.

Risk Factors
Unranked domain with brand mismatch
Credential harvesting pattern (password‑only field)
Critical network IDS malware alerts
Highly obfuscated JavaScript with dynamic eval execution
Unknown subdomain age on hosting platform
Domain age information unavailable

Details

Website Access Blocked

This website blocked our scanner, likely using AWS WAF, Cloudflare, or similar bot protection. The page may show differently for regular users.

Page Title

Just a moment...

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 'hostinger-mail-ewgjnwrkgnkrw-uzykxbltblreflrwdeohjtok.pages.dev' uses the developer-focused generic top-level domain (.dev) and includes subdomain 'hostinger-mail-ewgjnwrkgnkrw-uzykxbltblreflrwdeohjtok'. The second-level label 'pages' is 5 characters long with 2 vowels and 3 consonants. Segmentation suggests 1 word: pages. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://hostinger-mail-ewgjnwrkgnkrw-uzykxbltblreflrwdeohjtok.pages.dev/

Page Load Overview

2.96s
Total Load Time
149
HTTP Requests
13
Domains
629 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:14 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: static
Method: structural

All Detected Categories

No categories detected

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
33172.66.44.235United States
AS13335Cloudflare, Inc.
29104.17.133.104United States
AS13335Cloudflare, Inc.
29104.18.95.41United States
AS13335Cloudflare, Inc.
29142.250.154.95United States
AS15169Google LLC
29104.16.210.83United States
AS13335Cloudflare, Inc.
1495--

Detected Technologies3

Cloudflare Bot Management
55%
HTTP/3
40%
Cloudflare
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T183E2D833AE54122F3113C79D7391F585A3316A018F1AB3B7F56553B49F8D16E2A2338A

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:6wDmsSaKObveaIFEmLJkxZCJwvijLqWVVUY:NAaKObOJk/efjLqW4Y

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:34031:FLHkNCDAGSGpCABxuUCBwEhhQGcCKgsyJTgiBESEcDuABHHWEEEB0xGEKBCICgCpVijQAJwNBQlimSkAADMBcJEA4uADAoDT

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffcfc3c7c3c3c7ff
Perceptual Hash:b139cbc4c3cc64ce
Difference Hash:181c161e1e161608
Wavelet Hash:fec6c2c6c2c2c2e6
Color Hash:#406cbf

Other Hashes

Crop Resistant:181c161e1e161608

Scan History

Scan history not available

Unable to load historical scan data