ScanMalware.com

Security Scan Report: posthog.consumer.worldcoin.org

Redirected to:
https://us.posthog.com/login
Site favicon
Submitted: May 8, 2026, 12:34:28 AMCompleted: May 8, 2026, 12:35:45 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 3 domains to perform 53 HTTP transactions. The main domain is us.posthog.com and was registered NaN years ago.

Submitted URL: https://posthog.consumer.worldcoin.org

Effective URL: https://us.posthog.com/loginRedirected

The Cisco Umbrella rank of the primary domain is #107,503 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

The site pretends to be PostHog login, collects credentials, and triggers critical malware alerts – confirmed phishing scam.

Risk Factors
Brand impersonation
Credential collection on unrelated domain
Critical IDS alerts for malware C2 and data exfiltration
Low domain reputation
Hidden password field
Domain age information unavailable

Details

Page Title

PostHog

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

adult content

(32%)

Domain Information

Domain 'posthog.consumer.worldcoin.org' uses the non-profit oriented generic top-level domain (.org) with subdomain 'posthog.consumer'. Count 9 characters in 'worldcoin' containing three vowels alongside 6 consonants. Word splitting yields two words: world, coin. Median word length comes out to 4.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://posthog.consumer.worldcoin.org

Page Load Overview

1.33s
Total Load Time
52
HTTP Requests
3
Domains
10 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:206 chars
Detector Agreement:50%

Website Classification

Primary Category

adult content32% confidence
Type: webapp
Method: ml+structural

All Detected Categories

adult content
32%
technology software
30%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1818.245.46.48United States
AS16509Amazon.com, Inc.
1752.70.143.75Ashburn, Virginia, United States
AS14618Amazon.com, Inc.
1718.66.102.40United States
AS16509Amazon.com, Inc.
523--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T13453213242BAF4340A06E1471F19DE959D2B8187504F9836343D3F96FB162EA2E7FC86

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:8GzWj6PXES5gi/C45umPfnQCL79SrSCpsWtfTid8Dfy:ng6PXl5gi/C45umPfQCL742C2WNTe8D6

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:63423:TAUYAQBggFIAJo8YEaoUl/oNgAjEELwQUYDEOigxaQwCAEJcyEBWRGQ4BShAVcAUEgJEZsQhwQwqIBhQwAAiAAyfMaJAuwXR

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000000000000000
Perceptual Hash:8000000000000000
Difference Hash:0000000000000000
Wavelet Hash:0000000000000000
Color Hash:#931f5f

Other Hashes

Crop Resistant:0000000000000000

Scan History

Scan history not available

Unable to load historical scan data