ScanMalware.com

Security Scan Report: href.li

Redirected to: https://delivery-pack.hopto.org/

Site favicon
Submitted: Jan 17, 2026, 3:29:56 AMCompleted: Jan 17, 2026, 3:31:05 AMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 19 HTTP transactions. The main domain is delivery-pack.hopto.org and was registered NaN years ago.

Submitted URL: https://href.li/?https://delivery-pack.hopto.org/

Effective URL: https://delivery-pack.hopto.org/Redirected

The Cisco Umbrella rank of the primary domain is #129,868 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 98%

10
Risk Score

Confirmed phishing site harvesting PayPal credentials; avoid interaction.

Risk Factors
Malicious primary domain hopto.org
Brand impersonation of PayPal on an unrelated domain
Disguised password fields (type='text' with password placeholder)
Hidden password field in HTML
Unicode evasion technique in form inputs
Domain age information unavailable

Details

Page Title

Order Summary - PayPal

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(43%)

Domain Information

The domain 'href.li' uses the .li country-code top-level domain without a subdomain. The second-level label 'href' is 4 characters long with one vowel and 3 consonants. It segments into 1 word: href. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://href.li/?https://delivery-pack.hopto.org/

Page Load Overview

1.15s
Total Load Time
19
HTTP Requests
4
Domains
28 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:1,768 chars
Detector Agreement:75%

Website Classification

Primary Category

technology software43% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

technology software
43%
e-commerce shopping
37%
finance banking
35%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7192.0.78.26San Francisco, California, United States
AS2635AUTOMATTIC
3104.21.31.228United States
AS13335CLOUDFLARENET
3172.64.153.163United States
AS13335CLOUDFLARENET
3104.18.34.93United States
AS13335CLOUDFLARENET
391.149.219.45Helsinki, Uusimaa, Finland
AS26383ASNET
195--

Detected Technologies2

HTTP/3
40%
HSTS
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1CF82E92040F845B7619381E1AAE6AE0B3FC9D603CB0A45507ABC4BE55FC7D87CE2706D

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:nqSMR+teX1D2qz+UkSJpnsnsaf4qqBTkt2kOcT94q9n+SnNJJJJJ5JnS+AHxDBDh:qhRGel2OJ2lfqBOflrJJJJJPN2Ddtf1z

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:19142:cJFQRzCkblyAESAjCWMCiIETKQBAqDC9EXJoFIiE3AKIDBIEYkBwAQnhAhEEBlAZuAkRyoyNEvEg4QxUSMy4IgNACFLGBALI

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:bfcfcbf1f3ffffff
Perceptual Hash:e93992866d4f92b2
Difference Hash:6394925216240000
Wavelet Hash:184e400000020f0f
Color Hash:#86502d

Other Hashes

Crop Resistant:6394925216240000

Scan History

Scan history not available

Unable to load historical scan data