ht.ly Open in urlscan Pro
54.67.120.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ht.ly/agDD30rVmK5
Submission: On September 27 via manual (September 27th 2021, 7:30:47 pm UTC) from US — Scanned from DE

Summary HTTP 24 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 11 IPs in 6 countries across 10 domains to perform 24 HTTP transactions. The main IP is 54.67.120.65, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is ht.ly.

This is the only time ht.ly was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	54.67.120.65 54.67.120.65	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
3	143.204.98.90 143.204.98.90	16509 (AMAZON-02) (AMAZON-02)
1 1	52.72.49.79 52.72.49.79	14618 (AMAZON-AES) (AMAZON-AES)
1	185.67.122.114 185.67.122.114	59674 (AYSIMA) (AYSIMA)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
7	104.18.20.25 104.18.20.25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	158.69.226.152 158.69.226.152	16276 (OVH) (OVH)
1	78.129.237.3 78.129.237.3	20860 (IOMART-AS) (IOMART-AS)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	54.243.51.135 54.243.51.135	14618 (AMAZON-AES) (AMAZON-AES)
24	11

1 54.67.120.65 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ow.ly

ht.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-90.fra50.r.cloudfront.net

static.ow.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.49.79 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: visit.rebrand.ly

hua08.cloudns.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.67.122.114 (Turkey)

ASN59674 (AYSIMA, TR)
PTR: hosted.by.aysima.net

mail.bc.vc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.20.25 (None, )

ASN13335 (CLOUDFLARENET, US)

www.visaprepaidprocessing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.69.226.152 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: pod-300-1.jumbowp.com

ppllabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.129.237.3 (Southend-on-Sea, United Kingdom)

ASN20860 (IOMART-AS, GB)

smtpjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.243.51.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-51-135.compute-1.amazonaws.com

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	visaprepaidprocessing.com www.visaprepaidprocessing.com	74 KB
3	ow.ly static.ow.ly	46 KB
2	googleapis.com fonts.googleapis.com ajax.googleapis.com	32 KB
1	ipify.org api.ipify.org	249 B
1	smtpjs.com smtpjs.com	782 B
1	ppllabs.com ppllabs.com	97 KB
1	gstatic.com fonts.gstatic.com	44 KB
1	bc.vc mail.bc.vc	6 KB
1	cloudns.nz 1 redirects hua08.cloudns.nz	254 B
1	ht.ly ht.ly	2 KB
24	10

	Domain	Requested by
7	www.visaprepaidprocessing.com	mail.bc.vc www.visaprepaidprocessing.com
3	static.ow.ly	ht.ly
1	api.ipify.org	ajax.googleapis.com
1	ajax.googleapis.com	mail.bc.vc
1	smtpjs.com	mail.bc.vc
1	ppllabs.com	mail.bc.vc
1	fonts.gstatic.com	fonts.googleapis.com
1	mail.bc.vc	ht.ly
1	hua08.cloudns.nz	1 redirects
1	fonts.googleapis.com	ht.ly
1	ht.ly
24	11

This site contains links to these domains. Also see Links.

Domain
ow.ly

Subject Issuer	Validity	Valid
cpanel.bc.vc R3	`2021-09-14` - `2021-12-13`	3 months	crt.sh
www.visaprepaidprocessing.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
ppllabs.com R3	`2021-08-09` - `2021-11-07`	3 months	crt.sh
smtpjs.com R3	`2021-09-07` - `2021-12-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2021-01-19` - `2022-02-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://ht.ly/agDD30rVmK5
Frame ID: 5D94E6323BB2CC10B5A735FBDE0EE155
Requests: 6 HTTP requests in this frame

Frame: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
Frame ID: B5929B8236D19C8E2461D4BE603DE2C5
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

http://hua08.cloudns.nz/6f5dbd

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

50 %
HTTPS

27 %
IPv6

10
Domains

11
Subdomains

11
IPs

6
Countries

301 kB
Transfer

750 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://ow.ly/
Title: Owly

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://hua08.cloudns.nz/6f5dbd HTTP 301
https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request agDD30rVmK5 Show response
ht.ly/ 1 KB
2 KB 362ms
333ms Document
text/html 54.67.120.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://ht.ly/agDD30rVmK5

Protocol

HTTP/1.1

Server

54.67.120.65 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ow.ly

Software

Resource Hash

8c1e68071392d6257c87ff6df35bd6ef0945fcceebcb0fdc2317b25642f1cd35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Host: ht.ly
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Mon, 27 Sep 2021 19:30:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1524
X-Pool: owly_web

GET
H/1.1 200
OK css
fonts.googleapis.com/ 5 KB
1 KB 36ms
30ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,latin-ext,cyrillic

Requested by

Host: ht.ly
URL: http://ht.ly/agDD30rVmK5

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e08db6b6668c06f87338aa7a1a3399faebf0d92fd2e293e2dcf7fd6ecb09ab14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://ht.ly/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 19:30:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Sep 2021 19:30:42 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 0
Expires: Mon, 27 Sep 2021 19:30:42 GMT

GET
H/1.1 200
OK htly.245c35bfd1f73b98.gz.css
static.ow.ly/v1/css/ 2 KB
1 KB 73ms
13ms Stylesheet
text/css 143.204.98.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://static.ow.ly/v1/css/htly.245c35bfd1f73b98.gz.css
Requested by: Host: ht.ly
URL: http://ht.ly/agDD30rVmK5
Protocol: HTTP/1.1
Server: 143.204.98.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-90.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6de8898a27fbfaa5626f0a0ab22ac3a0d9fcfccf1be6536283b77e2bb106430

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://ht.ly/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 09:56:36 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 13 Apr 2021 22:47:39 GMT
Server: AmazonS3
Age: 14204047
ETag: "798593d97db4fd25adbd7a2a3b920830"
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
Cache-Control: public,max-age=15552000
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 897
X-Amz-Cf-Id: NP0uyAPCQN69h0dTTrV2CEJiR-fXu5_otRKtj4qC5Tl-q-buFOX4nw==

GET
H/1.1 200
OK avatar_icon.a23259703146ce2f.jpg
static.ow.ly/v1/images/ 1 KB
2 KB 78ms
19ms Image
image/jpeg 143.204.98.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.ow.ly/v1/images/avatar_icon.a23259703146ce2f.jpg
Requested by: Host: ht.ly
URL: http://ht.ly/agDD30rVmK5
Protocol: HTTP/1.1
Server: 143.204.98.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-90.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f27510028dcabad0ffbcfcf9d664bd59ceba6b381c62acbf49a9c8395d0b48d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://ht.ly/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 08:08:08 GMT
Via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
Last-Modified: Sun, 26 Sep 2021 13:12:58 GMT
Server: AmazonS3
Age: 40955
ETag: "6ef6ee8421d282ab14cb034d57718a7d"
X-Edge-Origin-Shield-Skipped: 0
Content-Type: image/jpeg
Connection: keep-alive
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 1085
X-Amz-Cf-Id: -yUs1nTB-8T5rM4G_Dj9nDTKf0ACG0etvYlt1NN_W_YViqr1AUAidg==

GET
H/1.1 200
OK app.326781fb05402756.gz.js Show response
static.ow.ly/v1/js/ 108 KB
43 KB 91ms
31ms Script
application/javascript 143.204.98.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://static.ow.ly/v1/js/app.326781fb05402756.gz.js
Requested by: Host: ht.ly
URL: http://ht.ly/agDD30rVmK5
Protocol: HTTP/1.1
Server: 143.204.98.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-90.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e03e7c11bd6d9c2775ebac2962f1573cd9c163e95df2a73ef351117bc32d515

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://ht.ly/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 14 Apr 2021 14:31:29 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 13 Apr 2021 22:47:38 GMT
Server: AmazonS3
Age: 14360354
ETag: "00c83d25cb4e14c8d4137842d7cd9c6e"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
Cache-Control: public,max-age=15552000
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 43801
X-Amz-Cf-Id: ohBtqD3kq7af0rrdVT2gRwPiJ9KBIq1Hh3KZ-uRGlOvPKWQuS6fJVA==

GET
H2

200

900289207COMPLETE.HTM Show response
mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/ Frame B592
Redirect Chain

http://hua08.cloudns.nz/6f5dbd
https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

37 KB
6 KB

202ms
47ms

Document
text/html

185.67.122.114
AYSIMA

General

Check archive.org

Show headers Download Go to

Full URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
Requested by: Host: ht.ly
URL: http://ht.ly/agDD30rVmK5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.67.122.114 , Turkey, ASN59674 (AYSIMA, TR),
Reverse DNS: hosted.by.aysima.net
Software: LiteSpeed /
Resource Hash: a09e8aa8ff9b53f243b934c2f0a65bb4bd0f40ea70f648126e1c066e53c70113

Request headers

:method: GET
:authority: mail.bc.vc
:scheme: https
:path: /ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://ht.ly/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://ht.ly/

Response headers

etag: "95ce-613a5fb8-a74c10211b07f446;br"
last-modified: Thu, 09 Sep 2021 19:25:44 GMT
content-type: text/html
content-length: 5621
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Sep 2021 19:30:38 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"

Redirect headers

Date: Mon, 27 Sep 2021 19:30:42 GMT
Content-Length: 0
Cache-Control: no-cache, no-store
Expires: -1
Location: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
Engine: Rebrandly.redirect, version 2.1

GET
H/1.1 200
OK memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ 44 KB
44 KB 29ms
23ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,latin-ext,cyrillic

Protocol

HTTP/1.1

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://ht.ly
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 18:00:29 GMT
X-Content-Type-Options: nosniff
Age: 351013
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 44760
X-XSS-Protection: 0
Last-Modified: Thu, 23 Sep 2021 16:50:17 GMT
Server: sffe
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="apps-themes"
Expires: Fri, 23 Sep 2022 18:00:29 GMT

GET
H2 200 css
www.visaprepaidprocessing.com/bundles/foundation/ Frame B592 2 KB
1 KB 274ms
182ms Stylesheet
text/css 104.18.20.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.visaprepaidprocessing.com/bundles/foundation/css?v=TgYukCV0BSpb98GObtBe6i9KeBqBppGV5EzParDKRD01

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.18.20.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9125b08d73099fe6cc8ec181f39edc63439b48442010ec2635791578f9e3b4ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:30:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 27 Sep 2021 19:30:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
x-opnet-transaction-trace: a2_fea2abb3-9228-4a08-8565-b425913d6877-6364-1694720
vary: User-Agent
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/css; charset=utf-8
cache-control: public
strict-transport-security: max-age=3153600; includeSubDomains
cf-ray: 695725ed8e5a3afb-CDG
expires: Tue, 27 Sep 2022 19:30:43 GMT

GET
H2 200 css
www.visaprepaidprocessing.com/bundles/ Frame B592 290 KB
48 KB 279ms
187ms Stylesheet
text/css 104.18.20.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.visaprepaidprocessing.com/bundles/css?v=wAZASNxRNEHvELh5VVy5mcxHM2kaP7CFlrsQ-TKMrzc1

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.18.20.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6106a5d04404e7c055aba2aa6ebd2d1d29936fcc28799f4f0082abd99a46035f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 19:30:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-opnet-transaction-trace: a2_e5789c4d-8ff1-4d41-b0b9-058118a60770-2572-1662921
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/css; charset=utf-8
cache-control: no-cache
strict-transport-security: max-age=3153600; includeSubDomains
cf-ray: 695725ed8e653afb-CDG
expires: -1

GET
H2 200 preventEarlyClickCss
www.visaprepaidprocessing.com/bundles/ Frame B592 45 B
148 B 282ms
190ms Stylesheet
text/css 104.18.20.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.visaprepaidprocessing.com/bundles/preventEarlyClickCss?v=AjE3qz4xe4LPPh9UwnSuF7YqcFXF2UG5PMA-GpfTe5c1

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.18.20.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42a0994f945e96989c7b09cd6d4c08fced929ce73f63396a83b3f071720c3c49

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:30:43 GMT
vary: User-Agent
cf-cache-status: DYNAMIC
last-modified: Mon, 27 Sep 2021 19:30:43 GMT
server: cloudflare
x-opnet-transaction-trace: a2_109ba332-07b3-4a86-a241-20bc8cb17f3b-11904-1248288
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/css; charset=utf-8
cache-control: public
strict-transport-security: max-age=3153600; includeSubDomains
cf-ray: 695725ed8e623afb-CDG
content-length: 45
expires: Tue, 27 Sep 2022 19:30:43 GMT

GET
H2 200 site.css
www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Styles/ Frame B592 65 KB
12 KB 153ms
61ms Stylesheet
text/css 104.18.20.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Styles/site.css

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.18.20.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ac51812f3c5052b6c14281e132a55b2c5603b4170e8440cca32ebbff26fe866

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:30:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 11 May 2020 16:57:38 GMT
server: cloudflare
age: 2550
etag: W/"456f1a47b527d61:0"
x-opnet-transaction-trace: a2_ad3b261e-741e-44a2-a811-d3e454e6417a-4004-225902
vary: Accept-Encoding
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/css
cache-control: public, max-age=14400
strict-transport-security: max-age=3153600; includeSubDomains
cf-ray: 695725ed8e5f3afb-CDG
expires: Mon, 27 Sep 2021 23:30:43 GMT

GET
H2 200 logo.png
www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Images/ Frame B592 8 KB
8 KB 140ms
49ms Image
image/png 104.18.20.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Images/logo.png

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.18.20.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad62eb85667532488d032273c196c7ea1c10e0897223c4b66cd38b8c5e5215a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:30:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 399
x-opnet-transaction-trace: a2_ac191ca6-824f-48ed-9e49-c94fde632013-14656-251254
content-length: 7719
last-modified: Tue, 15 Oct 2019 14:27:22 GMT
server: cloudflare
etag: "d8d87ca86483d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=3153600; includeSubDomains
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 695725ed8e693afb-CDG
expires: Mon, 27 Sep 2021 23:30:43 GMT

GET
H2 200 load.gif
ppllabs.com/wp-content/uploads/2018/10/ Frame B592 97 KB
97 KB 312ms
96ms Image
image/gif 158.69.226.152
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ppllabs.com/wp-content/uploads/2018/10/load.gif
Requested by: Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.226.152 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: pod-300-1.jumbowp.com
Software: nginx /
Resource Hash: 7a044d149bbcff78f26f8d32076a5a93781917e47c0f606c1db441d460f25c39

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:30:43 GMT
last-modified: Fri, 26 Oct 2018 09:13:05 GMT
server: nginx
etag: "5bd2daa1-18207"
content-type: image/gif
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 98823
expires: Tue, 27 Sep 2022 19:30:43 GMT

GET
H2 200 EmailLogo.png
www.visaprepaidprocessing.com/content/PRC384/_images/ Frame B592 4 KB
4 KB 142ms
51ms Image
image/png 104.18.20.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.visaprepaidprocessing.com/content/PRC384/_images/EmailLogo.png

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.18.20.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db86fe978fad3c304c1c8b6ab1f65f409c16137076caec52fdfba3a18fbeebdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:30:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 367
x-opnet-transaction-trace: a2_41181dad-425f-47b2-b2f8-7ba718ac3d76-9592-59656
content-length: 3908
last-modified: Thu, 27 Aug 2020 16:15:23 GMT
server: cloudflare
etag: "805f2c448d7cd61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=3153600; includeSubDomains
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 695725ed8e6e3afb-CDG
expires: Mon, 27 Sep 2021 23:30:43 GMT

GET
H2 200 smtp.js Show response
smtpjs.com/v3/ Frame B592 871 B
782 B 94ms
24ms Script
application/javascript 78.129.237.3
IOMART-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://smtpjs.com/v3/smtp.js
Requested by: Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 78.129.237.3 Southend-on-Sea, United Kingdom, ASN20860 (IOMART-AS, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:30:42 GMT
content-encoding: gzip
last-modified: Tue, 10 Nov 2020 17:17:51 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "162f436b85b7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 603

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ Frame B592 85 KB
30 KB 52ms
14ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 05:33:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30306
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Tue, 27 Sep 2022 05:33:24 GMT

GET
H2 200 print
www.visaprepaidprocessing.com/bundles/css/ Frame B592 2 KB
712 B 183ms
183ms Stylesheet
text/css 104.18.20.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.visaprepaidprocessing.com/bundles/css/print?v=JPgM1hk5e3sLqXHZFVWtkkRA7MMTcH6t30yiIk5dBDo1

Requested by

Host: mail.bc.vc
URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.18.20.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e2aabe93299c82250d8d6952e7eec0d120c95b45ddc24175f187dd530543205

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.bc.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 19:30:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-opnet-transaction-trace: a2_a698081f-c438-4c7d-acf2-3aae7c09f965-11648-1649277
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/css; charset=utf-8
cache-control: no-cache
strict-transport-security: max-age=3153600; includeSubDomains
cf-ray: 695725ed9e7f3afb-CDG
expires: -1

GET
H/1.1 200
OK / Show response
api.ipify.org/ Frame B592 22 B
249 B 432ms
107ms XHR
application/json 54.243.51.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.51.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-51-135.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 288bac51a5a5725a1ea45e79d2a3b66494ef9df4029b93eeae587c6ebbc95468

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://mail.bc.vc/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 19:30:44 GMT
Via: 1.1 vegur
Server: Cowboy
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://mail.bc.vc
Connection: keep-alive
Content-Length: 22

GET OpenSans-Regular-webfont.woff
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 0
0

GET Connections.woff
www.visaprepaidprocessing.com/content/PRC384/_Fonts/ Frame B592 0
0

GET OpenSans-Bold-webfont.woff
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 0
0

GET OpenSans-Bold-webfont.ttf
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 0
0

GET Connections.ttf
www.visaprepaidprocessing.com/content/PRC384/_Fonts/ Frame B592 0
0

GET OpenSans-Regular-webfont.ttf
www.visaprepaidprocessing.com/Content/_Fonts/ Frame B592 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.visaprepaidprocessing.com
URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.woff

Domain: www.visaprepaidprocessing.com
URL: https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.woff

Domain: www.visaprepaidprocessing.com
URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.woff

Domain: www.visaprepaidprocessing.com
URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.ttf

Domain: www.visaprepaidprocessing.com
URL: https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.ttf

Domain: www.visaprepaidprocessing.com
URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.visaprepaidprocessing.com/	1969-12-31 23:59:59	Name: __cfruid Value: a4ff8f3e2541c02d03a988b5c05dfb73f8196250-1632771043
			www.visaprepaidprocessing.com/	1970-01-19 21:34:13	Name: __cflb Value: 0H28uxchcBYFcUJ7agzKikmQw5nqRP4nvFcGgBRG3Qp

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.woff' from origin 'https://mail.bc.vc' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM Message: Access to font at 'https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.woff' from origin 'https://mail.bc.vc' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.ttf' from origin 'https://mail.bc.vc' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM Message: Access to font at 'https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.ttf' from origin 'https://mail.bc.vc' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.woff' from origin 'https://mail.bc.vc' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mail.bc.vc/ebude/new/Ndkxzcv/Ndkx/900289207COMPLETE.HTM Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.ttf' from origin 'https://mail.bc.vc' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.ttf Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
fonts.googleapis.com
fonts.gstatic.com
ht.ly
hua08.cloudns.nz
mail.bc.vc
ppllabs.com
smtpjs.com
static.ow.ly
www.visaprepaidprocessing.com
www.visaprepaidprocessing.com
104.18.20.25
143.204.98.90
158.69.226.152
185.67.122.114
2a00:1450:4001:813::200a
2a00:1450:4001:827::2003
2a00:1450:4001:82f::200a
52.72.49.79
54.243.51.135
54.67.120.65
78.129.237.3
1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776
288bac51a5a5725a1ea45e79d2a3b66494ef9df4029b93eeae587c6ebbc95468
2e03e7c11bd6d9c2775ebac2962f1573cd9c163e95df2a73ef351117bc32d515
42a0994f945e96989c7b09cd6d4c08fced929ce73f63396a83b3f071720c3c49
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
5e2aabe93299c82250d8d6952e7eec0d120c95b45ddc24175f187dd530543205
6106a5d04404e7c055aba2aa6ebd2d1d29936fcc28799f4f0082abd99a46035f
7a044d149bbcff78f26f8d32076a5a93781917e47c0f606c1db441d460f25c39
7f27510028dcabad0ffbcfcf9d664bd59ceba6b381c62acbf49a9c8395d0b48d
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c1e68071392d6257c87ff6df35bd6ef0945fcceebcb0fdc2317b25642f1cd35
9125b08d73099fe6cc8ec181f39edc63439b48442010ec2635791578f9e3b4ed
9ac51812f3c5052b6c14281e132a55b2c5603b4170e8440cca32ebbff26fe866
a09e8aa8ff9b53f243b934c2f0a65bb4bd0f40ea70f648126e1c066e53c70113
ad62eb85667532488d032273c196c7ea1c10e0897223c4b66cd38b8c5e5215a4
c6de8898a27fbfaa5626f0a0ab22ac3a0d9fcfccf1be6536283b77e2bb106430
db86fe978fad3c304c1c8b6ab1f65f409c16137076caec52fdfba3a18fbeebdb
e08db6b6668c06f87338aa7a1a3399faebf0d92fd2e293e2dcf7fd6ecb09ab14

ht.ly Open in urlscan Pro 54.67.120.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

24 Requests

50 %HTTPS

27 %IPv6

10 Domains

11 Subdomains

11 IPs

6 Countries

301 kBTransfer

750 kBSize

2 Cookies

1 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

12 Console Messages

Security Headers

Indicators

ht.ly Open in urlscan Pro
54.67.120.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

50 %
HTTPS

27 %
IPv6

10
Domains

11
Subdomains

11
IPs

6
Countries

301 kB
Transfer

750 kB
Size

2
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!