When visiting hotmali.com, a typosquatted domain, I was redirected to (1) Notification which is running a malicious advertising campaign for ExpressVPN, as of 8:04 British Summer Time, Mon 29th March 2021.
The domain is using cloudflare for SSL and protection.
The registration is private, with GoDaddy as the provider. No further information has been found at this time.