ht.ly
Open in
urlscan Pro
54.67.120.65
Malicious Activity!
Public Scan
Submission: On September 27 via manual from US — Scanned from DE
Summary
This is the only time ht.ly was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 54.67.120.65 54.67.120.65 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 143.204.98.90 143.204.98.90 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 52.72.49.79 52.72.49.79 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 185.67.122.114 185.67.122.114 | 59674 (AYSIMA) (AYSIMA) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::2003 | 15169 (GOOGLE) (GOOGLE) | |
7 | 104.18.20.25 104.18.20.25 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 158.69.226.152 158.69.226.152 | 16276 (OVH) (OVH) | |
1 | 78.129.237.3 78.129.237.3 | 20860 (IOMART-AS) (IOMART-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 54.243.51.135 54.243.51.135 | 14618 (AMAZON-AES) (AMAZON-AES) | |
24 | 11 |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-90.fra50.r.cloudfront.net
static.ow.ly |
ASN14618 (AMAZON-AES, US)
PTR: visit.rebrand.ly
hua08.cloudns.nz |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-51-135.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
visaprepaidprocessing.com
www.visaprepaidprocessing.com |
74 KB |
3 |
ow.ly
static.ow.ly |
46 KB |
2 |
googleapis.com
fonts.googleapis.com ajax.googleapis.com |
32 KB |
1 |
ipify.org
api.ipify.org |
249 B |
1 |
smtpjs.com
smtpjs.com |
782 B |
1 |
ppllabs.com
ppllabs.com |
97 KB |
1 |
gstatic.com
fonts.gstatic.com |
44 KB |
1 |
bc.vc
mail.bc.vc |
6 KB |
1 |
cloudns.nz
1 redirects
hua08.cloudns.nz |
254 B |
1 |
ht.ly
ht.ly |
2 KB |
24 | 10 |
Domain | Requested by | |
---|---|---|
7 | www.visaprepaidprocessing.com |
mail.bc.vc
www.visaprepaidprocessing.com |
3 | static.ow.ly |
ht.ly
|
1 | api.ipify.org |
ajax.googleapis.com
|
1 | ajax.googleapis.com |
mail.bc.vc
|
1 | smtpjs.com |
mail.bc.vc
|
1 | ppllabs.com |
mail.bc.vc
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | mail.bc.vc |
ht.ly
|
1 | hua08.cloudns.nz | 1 redirects |
1 | fonts.googleapis.com |
ht.ly
|
1 | ht.ly | |
24 | 11 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpanel.bc.vc R3 |
2021-09-14 - 2021-12-13 |
3 months | crt.sh |
www.visaprepaidprocessing.com Cloudflare Inc ECC CA-3 |
2021-06-07 - 2022-06-06 |
a year | crt.sh |
ppllabs.com R3 |
2021-08-09 - 2021-11-07 |
3 months | crt.sh |
smtpjs.com R3 |
2021-09-07 - 2021-12-06 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2021-01-19 - 2022-02-19 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://ht.ly/agDD30rVmK5
Frame ID: 5D94E6323BB2CC10B5A735FBDE0EE155
Requests: 6 HTTP requests in this frame
Frame:
https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
Frame ID: B5929B8236D19C8E2461D4BE603DE2C5
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
http://hua08.cloudns.nz/6f5dbdDetected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Owly
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://hua08.cloudns.nz/6f5dbd HTTP 301
- https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
agDD30rVmK5
ht.ly/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
fonts.googleapis.com/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
htly.245c35bfd1f73b98.gz.css
static.ow.ly/v1/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
avatar_icon.a23259703146ce2f.jpg
static.ow.ly/v1/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.326781fb05402756.gz.js
static.ow.ly/v1/js/ |
108 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
900289207COMPLETE.HTM
mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/ Frame B592 Redirect Chain
|
37 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
www.visaprepaidprocessing.com/bundles/foundation/ Frame B592 |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
www.visaprepaidprocessing.com/bundles/ Frame B592 |
290 KB 48 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preventEarlyClickCss
www.visaprepaidprocessing.com/bundles/ Frame B592 |
45 B 148 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site.css
www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Styles/ Frame B592 |
65 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Images/ Frame B592 |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load.gif
ppllabs.com/wp-content/uploads/2018/10/ Frame B592 |
97 KB 97 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EmailLogo.png
www.visaprepaidprocessing.com/content/PRC384/_images/ Frame B592 |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
smtp.js
smtpjs.com/v3/ Frame B592 |
871 B 782 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ Frame B592 |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print
www.visaprepaidprocessing.com/bundles/css/ Frame B592 |
2 KB 712 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ Frame B592 |
22 B 249 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular-webfont.woff
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Connections.woff
www.visaprepaidprocessing.com/content/PRC384/_Fonts/ Frame B592 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold-webfont.woff
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold-webfont.ttf
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Connections.ttf
www.visaprepaidprocessing.com/content/PRC384/_Fonts/ Frame B592 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular-webfont.ttf
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.visaprepaidprocessing.com
- URL
- https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.woff
- Domain
- www.visaprepaidprocessing.com
- URL
- https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.woff
- Domain
- www.visaprepaidprocessing.com
- URL
- https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.woff
- Domain
- www.visaprepaidprocessing.com
- URL
- https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.ttf
- Domain
- www.visaprepaidprocessing.com
- URL
- https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.ttf
- Domain
- www.visaprepaidprocessing.com
- URL
- https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.visaprepaidprocessing.com/ | Name: __cfruid Value: a4ff8f3e2541c02d03a988b5c05dfb73f8196250-1632771043 |
|
www.visaprepaidprocessing.com/ | Name: __cflb Value: 0H28uxchcBYFcUJ7agzKikmQw5nqRP4nvFcGgBRG3Qp |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.ipify.org
fonts.googleapis.com
fonts.gstatic.com
ht.ly
hua08.cloudns.nz
mail.bc.vc
ppllabs.com
smtpjs.com
static.ow.ly
www.visaprepaidprocessing.com
www.visaprepaidprocessing.com
104.18.20.25
143.204.98.90
158.69.226.152
185.67.122.114
2a00:1450:4001:813::200a
2a00:1450:4001:827::2003
2a00:1450:4001:82f::200a
52.72.49.79
54.243.51.135
54.67.120.65
78.129.237.3
1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776
288bac51a5a5725a1ea45e79d2a3b66494ef9df4029b93eeae587c6ebbc95468
2e03e7c11bd6d9c2775ebac2962f1573cd9c163e95df2a73ef351117bc32d515
42a0994f945e96989c7b09cd6d4c08fced929ce73f63396a83b3f071720c3c49
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
5e2aabe93299c82250d8d6952e7eec0d120c95b45ddc24175f187dd530543205
6106a5d04404e7c055aba2aa6ebd2d1d29936fcc28799f4f0082abd99a46035f
7a044d149bbcff78f26f8d32076a5a93781917e47c0f606c1db441d460f25c39
7f27510028dcabad0ffbcfcf9d664bd59ceba6b381c62acbf49a9c8395d0b48d
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c1e68071392d6257c87ff6df35bd6ef0945fcceebcb0fdc2317b25642f1cd35
9125b08d73099fe6cc8ec181f39edc63439b48442010ec2635791578f9e3b4ed
9ac51812f3c5052b6c14281e132a55b2c5603b4170e8440cca32ebbff26fe866
a09e8aa8ff9b53f243b934c2f0a65bb4bd0f40ea70f648126e1c066e53c70113
ad62eb85667532488d032273c196c7ea1c10e0897223c4b66cd38b8c5e5215a4
c6de8898a27fbfaa5626f0a0ab22ac3a0d9fcfccf1be6536283b77e2bb106430
db86fe978fad3c304c1c8b6ab1f65f409c16137076caec52fdfba3a18fbeebdb
e08db6b6668c06f87338aa7a1a3399faebf0d92fd2e293e2dcf7fd6ecb09ab14