businesscards.org.in Open in urlscan Pro
184.168.101.66 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://businesscards.org.in/
Submission: On May 28 via api (May 28th 2024, 12:24:26 pm UTC) from US — Scanned from SG

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 15 HTTP transactions. The main IP is 184.168.101.66, located in Singapore, Singapore and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is businesscards.org.in.
TLS certificate: Issued by R3 on May 26th 2024. Valid for: 3 months.

This is the only time businesscards.org.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
3	184.168.101.66 184.168.101.66	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	64.233.170.157 64.233.170.157	15169 (GOOGLE) (GOOGLE)
2	44.197.236.66 44.197.236.66	14618 (AMAZON-AES) (AMAZON-AES)
1 2	184.28.235.137 184.28.235.137	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	142.251.175.104 142.251.175.104	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4003:c04::5e	15169 (GOOGLE) (GOOGLE)
2	2600:1417:3f:... 2600:1417:3f::b81c:eb63	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2600:1417:3f:... 2600:1417:3f:795::228b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
15	8

3 184.168.101.66 (Singapore, Singapore)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 66.101.168.184.host.secureserver.net

businesscards.org.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.170.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.197.236.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-236-66.compute-1.amazonaws.com

bluetick.cards	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.28.235.137 (Singapore, Singapore) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-28-235-137.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.175.104 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: sh-in-f104.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c04::5e (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google.com.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1417:3f::b81c:eb63 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1417:3f:795::228b (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)

csp.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 12783 csp.secureserver.net — Cisco Umbrella Rank: 12907	570 B
3	businesscards.org.in businesscards.org.in	15 KB
2	wsimg.com 1 redirects img1.wsimg.com — Cisco Umbrella Rank: 10058	21 KB
2	bluetick.cards bluetick.cards	10 KB
1	google.com.vn www.google.com.vn — Cisco Umbrella Rank: 11481	455 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	64 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	1 KB
15	7

	Domain	Requested by
4	csp.secureserver.net	img1.wsimg.com
3	businesscards.org.in	businesscards.org.in
2	events.api.secureserver.net	img1.wsimg.com
2	img1.wsimg.com	1 redirects businesscards.org.in
2	bluetick.cards	businesscards.org.in
1	www.google.com.vn	businesscards.org.in
1	www.google.com	businesscards.org.in
1	googleads.g.doubleclick.net	businesscards.org.in
15	8

This site contains links to these domains. Also see Links.

Domain
play.google.com

Subject Issuer	Validity	Valid
cpanel.businesscards.org.in R3	`2024-05-26` - `2024-08-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-06` - `2024-07-29`	3 months	crt.sh
bluetick.cards R3	`2024-04-23` - `2024-07-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.com.vn GTS CA 1C3	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2023-07-10` - `2024-08-10`	a year	crt.sh
*.secureserver.net Starfield Secure Certificate Authority - G2	`2023-10-10` - `2024-11-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://businesscards.org.in/
Frame ID: 3277467FDBA33EC6074FAD9FE60686F5
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

V-Card

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

15
Requests

93 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

8
IPs

2
Countries

49 kB
Transfer

153 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://play.google.com/store/apps/details?id=com.digitalbusinesscard.businesscardmaker.vcard.visitingcard

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
businesscards.org.in/ 13 KB
4 KB 1124ms
1105ms Document
text/html 184.168.101.66
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://businesscards.org.in/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.168.101.66 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 66.101.168.184.host.secureserver.net
Software: Apache / PHP/8.0.30
Resource Hash: 2beca83896df2d27b2bd160a9f732b1837f7433af2398ab9dfd463d850252876

Request headers

Accept-Language: en-SG,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-cache, private
content-encoding: br
content-length: 3236
content-type: text/html; charset=UTF-8
date: Tue, 28 May 2024 12:24:20 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/8.0.30

GET
H2 200 ic_card.png Show response
businesscards.org.in/icons/ 11 KB
11 KB 17ms
15ms Script
image/png 184.168.101.66
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://businesscards.org.in/icons/ic_card.png
Requested by: Host: businesscards.org.in
URL: https://businesscards.org.in/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.168.101.66 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 66.101.168.184.host.secureserver.net
Software: Apache /
Resource Hash: fa9f481c6b5ddeb8c1626c431f9c954b8a075c66d11e971f2f405262ea4a6e2d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 12:24:22 GMT
last-modified: Mon, 27 May 2024 18:46:17 GMT
server: Apache
accept-ranges: bytes
etag: "14a5f4-2cb4-61973eebf8919"
content-length: 11444
content-type: image/png

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/16478328526/ 3 KB
1 KB 24ms
11ms Script
text/javascript 64.233.170.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16478328526/?random=1716724672252&cv=11&fst=1716724672252&bg=ffffff&guid=ON&async=1&gtm=45be45m0za200&gcd=13l3l3l3l1&dma=0&u_w=1366&u_h=768&url=https%3A%2F%2Fbluetick.cards%2F&hn=www.googleadservices.com&frm=0&tiba=Bluetick&npa=0&pscdl=noapi&auid=948983648.1716724672&uaa=x86&uab=64&uafvl=Not_A%2520Brand%3B99.0.0.0%7CGoogle%2520Chrome%3B109.0.5414.120%7CChromium%3B109.0.5414.120&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: businesscards.org.in
URL: https://businesscards.org.in/

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.170.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f157.1e100.net

Software

cafe /

Resource Hash

5d9cd72a08ddce945da4b57281a464ff1c907c1ee6acc3c8817001978d58274d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 28 May 2024 12:24:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1401
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ic_card.png
businesscards.org.in/icons/ 11 KB
0 18ms
18ms Image
image/png 184.168.101.66
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://businesscards.org.in/icons/ic_card.png
Requested by: Host: businesscards.org.in
URL: https://businesscards.org.in/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.168.101.66 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 66.101.168.184.host.secureserver.net
Software: Apache /
Resource Hash: b2d93fdf11ad6f779c28c7c3c360c8e41642fd0f444cdd9e6a3585a11e89b2dd

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 12:24:22 GMT
last-modified: Mon, 27 May 2024 18:46:17 GMT
server: Apache
accept-ranges: bytes
etag: "14a5f4-2cb4-61973eebf8919"
content-length: 11444
content-type: image/png

GET
H/1.1 200
OK PlayStoreDownload.png
bluetick.cards/storage/ 6 KB
6 KB 1271ms
782ms Image
image/png 44.197.236.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetick.cards/storage/PlayStoreDownload.png

Requested by

Host: businesscards.org.in
URL: https://businesscards.org.in/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

44.197.236.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-197-236-66.compute-1.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

923d80c7ae9a06d102f46b3e47564fa6fadd9a2f3dd3633cc19ac5eeb25bd4ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 12:24:22 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Feb 2024 10:35:51 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65d72387-1757"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5975
X-XSS-Protection: 1; mode=block

GET
H2

200

scc-c2.min.js Show response
img1.wsimg.com/signals/js/clients/scc-c2/
Redirect Chain

https://img1.wsimg.com/traffic-assets/js/tccl.min.js
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

105 KB
21 KB

5ms
5ms

Script
text/javascript

184.28.235.137
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
Requested by: Host: businesscards.org.in
URL: https://businesscards.org.in/
Protocol: H2
Server: 184.28.235.137 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-28-235-137.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8f7092c94ef904c57584706cdb5f1fd9fe1efce52ce3105e99b9a7def487f09f

Request headers

Accept-Language: en-SG,en;q=0.9;q=0.9
Referer: https://businesscards.org.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

x-amz-version-id: VDVeY4oO8ClQrknn.k4OgPWK0heF1LAr
content-encoding: gzip
date: Tue, 28 May 2024 12:24:22 GMT
x-amz-request-id: 1HF801XBZ1JCMVMV
x-amz-server-side-encryption: AES256
x-amz-meta-version: 0.4.0
content-length: 20848
x-amz-id-2: F18Z3b2Xp4izPVuL68FTQ4h5RCoK3OoGx8dnOWnHydXKtkV5ls9h5PZ45bLxKRoJQWVsJJ8jlPY=
last-modified: Fri, 17 May 2024 22:31:26 GMT
etag: "ace51bdb3b35a6b66c74fa115d4caa3f"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 May 2024 12:54:22 GMT

Redirect headers

location: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
access-control-allow-origin: *
date: Tue, 28 May 2024 12:24:22 GMT
cache-control: max-age=31536000
timing-allow-origin: *
content-length: 0
expires: Wed, 28 May 2025 12:24:22 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/16478328526/ 42 B
64 B 20ms
8ms Image
image/gif 142.251.175.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/16478328526/?random=1716724672252&cv=11&fst=1716721200000&bg=ffffff&guid=ON&async=1&gtm=45be45m0za200&gcd=13l3l3l3l1&dma=0&u_w=1366&u_h=768&url=https%3A%2F%2Fbluetick.cards%2F&hn=www.googleadservices.com&frm=0&tiba=Bluetick&npa=0&pscdl=noapi&auid=948983648.1716724672&uaa=x86&uab=64&uafvl=Not_A%2520Brand%3B99.0.0.0%7CGoogle%2520Chrome%3B109.0.5414.120%7CChromium%3B109.0.5414.120&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLrhYAC6PCLID2VSR3IrSgcEZJazcRdQ&random=3396716943&rmt_tld=0&ipr=y

Requested by

Host: businesscards.org.in
URL: https://businesscards.org.in/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.175.104 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 28 May 2024 12:24:22 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.vn/pagead/1p-user-list/16478328526/ 42 B
455 B 32ms
10ms Image
image/gif 2404:6800:4003:c04::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.vn/pagead/1p-user-list/16478328526/?random=1716724672252&cv=11&fst=1716721200000&bg=ffffff&guid=ON&async=1&gtm=45be45m0za200&gcd=13l3l3l3l1&dma=0&u_w=1366&u_h=768&url=https%3A%2F%2Fbluetick.cards%2F&hn=www.googleadservices.com&frm=0&tiba=Bluetick&npa=0&pscdl=noapi&auid=948983648.1716724672&uaa=x86&uab=64&uafvl=Not_A%2520Brand%3B99.0.0.0%7CGoogle%2520Chrome%3B109.0.5414.120%7CChromium%3B109.0.5414.120&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLrhYAC6PCLID2VSR3IrSgcEZJazcRdQ&random=3396716943&rmt_tld=1&ipr=y

Requested by

Host: businesscards.org.in
URL: https://businesscards.org.in/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c04::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 28 May 2024 12:24:22 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
285 B 230ms
189ms Fetch
image/gif 2600:1417:3f::b81c:eb63
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1417:3f::b81c:eb63 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Tue, 28 May 2024 12:24:23 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://businesscards.org.in
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
285 B 1002ms
963ms Fetch
image/gif 2600:1417:3f::b81c:eb63
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?dh=businesscards.org.in&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F125.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=0.4.0&vg=b5726db9-3bda-4a83-ac0f-ec73330c3ea3&vtg=b5726db9-3bda-4a83-ac0f-ec73330c3ea3&dp=%2F&trace_id=959c1b1909894192b3e42e5f2b201a3b&cts=2024-05-28T12%3A24%3A23.308Z&hit_id=71b99927-c703-40b5-9eae-d827c0763808&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22sg2plzcpnl456444%22%2C%22dcenter%22%3A%22sg2%22%2C%22cp_id%22%3A%229905172%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=643592029&z=109247574&tce=1716899060919&tcs=1716899060907&tdc=1716899063304&tdclee=1716899062118&tdcles=1716899062118&tdi=1716899062118&tdl=1716899062028&tdle=1716899060907&tdls=1716899060907&tfs=1716899060899&tns=1716899060899&trqs=1716899060920&tre=1716899062025&trps=1716899062024&tles=1716899063304&tlee=0&nt=navigate&LCP=1172&nav_type=hard

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1417:3f::b81c:eb63 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Tue, 28 May 2024 12:24:24 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://businesscards.org.in
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK logo.png
bluetick.cards/storage/ 4 KB
4 KB 239ms
238ms Other
image/png 44.197.236.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetick.cards/storage/logo.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

44.197.236.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-197-236-66.compute-1.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

26653bc5b0beb670f6b91ff866a456b9cb4d1c01f7155cbce330eea69889a18d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://businesscards.org.in/
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 12:24:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Feb 2024 11:02:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65d729c0-e15"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3605
X-XSS-Protection: 1; mode=block

OPTIONS
H/1.1 200
OK eventbus
csp.secureserver.net/ 0
0 225ms
190ms Preflight
application/json 2600:1417:3f:795::228b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1417:3f:795::228b Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://businesscards.org.in
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type,authorization
Access-Control-Allow-Methods: OPTIONS,POST
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Date: Tue, 28 May 2024 12:24:23 GMT
Expires: Tue, 28 May 2024 12:24:23 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id: Yez2vFWmvHcEaLg=
x-amzn-requestid: ada80aa7-255f-4ead-8857-9cb7ecfb8f99
x-amzn-trace-id: Root=1-6655ccf7-3db9af4d6858997922f7e93f
x-envoy-upstream-service-time: 7

POST
H/1.1 202
Accepted eventbus
csp.secureserver.net/ 0
0 251ms
250ms Fetch
application/json 2600:1417:3f:795::228b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1417:3f:795::228b Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: api-key b18ef4f046435b64a469b32c3c1c20a3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://businesscards.org.in/
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Tue, 28 May 2024 12:24:24 GMT
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id: Root=1-6655ccf7-63c95ce371554a6329647ff1
x-amzn-requestid: 516dd114-c6bc-40e7-a3ef-23d21578ee0a
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
x-envoy-upstream-service-time: 49
Connection: keep-alive
x-amz-apigw-id: Yez2xGfWvHcEK8Q=
Content-Length: 0
Expires: Tue, 28 May 2024 12:24:24 GMT

POST
H/1.1 202
Accepted eventbus
csp.secureserver.net/ 0
0 222ms
221ms Fetch
application/json 2600:1417:3f:795::228b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1417:3f:795::228b Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: api-key 8da2217409854bee82e12dc4ca0b39fb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://businesscards.org.in/
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Tue, 28 May 2024 12:24:24 GMT
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id: Root=1-6655ccf7-5219816c2b96c933482448bd
x-amzn-requestid: 8b137838-d1ab-437d-84f3-1a1db874d13e
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
x-envoy-upstream-service-time: 48
Connection: keep-alive
x-amz-apigw-id: Yez2xFkIvHcEHNQ=
Content-Length: 0
Expires: Tue, 28 May 2024 12:24:24 GMT

OPTIONS
H/1.1 200
OK eventbus
csp.secureserver.net/ 0
0 231ms
197ms Preflight
application/json 2600:1417:3f:795::228b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1417:3f:795::228b Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://businesscards.org.in
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type,authorization
Access-Control-Allow-Methods: OPTIONS,POST
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Date: Tue, 28 May 2024 12:24:23 GMT
Expires: Tue, 28 May 2024 12:24:23 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id: Yez2vEBBvHcEp6w=
x-amzn-requestid: 0f209154-db55-4ca8-8b77-546e9a8c9793
x-amzn-trace-id: Root=1-6655ccf7-24f3440d2f9081b22f716ae4
x-envoy-upstream-service-time: 4

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
businesscards.org.in/	1970-01-20 20:55:06	Name: XSRF-TOKEN Value: eyJpdiI6IjVKZFJ2amplNUtRemJCeWNlSk1pOHc9PSIsInZhbHVlIjoici9mMXZjcXRJd0QzRUNPdG1wanBUY2JsUHZMSFR6SFA0a1RnVVdqeW9RVVBQbFl4U2JuQi9USEErRWtpS3RlS0trQUpmb2FQaGZYSlhXZ2Z2dU80QzhzaHpsaHMwY3FzY203dmw4d1UxT01Odm82alNHN3Y3VGZ0K2lQYk52NUEiLCJtYWMiOiIyYWE2OWY5ZjFhMWE0YjI0ZmQ5OTRkNjUxMTQzMjlkZGFiODM3ZTZkMTc1OTMxZmI4ZmE4ZDk0ZTBhN2ZiOGI4IiwidGFnIjoiIn0%3D
businesscards.org.in/	1970-01-20 20:55:06	Name: laravel_session Value: eyJpdiI6ImlTWHJvRy9zNnBuS0NqcVBXUzI4Z0E9PSIsInZhbHVlIjoiMDNOREVidXBYdkhPK0lWMlpERFZxTzV2VUxKLzJWVnFvVDI2QzMwWEhmd3k1dkx2OGJaYWFGNDBad3NsOXV1UDQ1OXpvbzE0cU9NZDFvdC9JWXlna3lZSXFSYXlsL25xRnpWclNvd1pYWkxpcnZBZml0a2xzSmt6cmIyQnlsMWgiLCJtYWMiOiI2NDgzMjJmYTQxZTQxODUxNTc3YzhkMDYyNWJmYjQ3NTYyNzdkMGE4MzMxNmFiNmM3NTBkYjVmMDkxMmZmMjM4IiwidGFnIjoiIn0%3D
.doubleclick.net/	1970-01-20 20:54:59	Name: test_cookie Value: CheckForPermission

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://businesscards.org.in/ Message: Refused to execute script from 'https://businesscards.org.in/icons/ic_card.png' because its MIME type ('image/png') is not executable.
other	warning	URL: https://businesscards.org.in/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bluetick.cards
businesscards.org.in
csp.secureserver.net
events.api.secureserver.net
googleads.g.doubleclick.net
img1.wsimg.com
www.google.com
www.google.com.vn
142.251.175.104
184.168.101.66
184.28.235.137
2404:6800:4003:c04::5e
2600:1417:3f:795::228b
2600:1417:3f::b81c:eb63
44.197.236.66
64.233.170.157
26653bc5b0beb670f6b91ff866a456b9cb4d1c01f7155cbce330eea69889a18d
2beca83896df2d27b2bd160a9f732b1837f7433af2398ab9dfd463d850252876
5d9cd72a08ddce945da4b57281a464ff1c907c1ee6acc3c8817001978d58274d
8f7092c94ef904c57584706cdb5f1fd9fe1efce52ce3105e99b9a7def487f09f
923d80c7ae9a06d102f46b3e47564fa6fadd9a2f3dd3633cc19ac5eeb25bd4ad
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2d93fdf11ad6f779c28c7c3c360c8e41642fd0f444cdd9e6a3585a11e89b2dd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa9f481c6b5ddeb8c1626c431f9c954b8a075c66d11e971f2f405262ea4a6e2d

businesscards.org.in Open in urlscan Pro 184.168.101.66 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

93 %HTTPS

38 %IPv6

7 Domains

8 Subdomains

8 IPs

2 Countries

49 kBTransfer

153 kBSize

3 Cookies

1 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

businesscards.org.in Open in urlscan Pro
184.168.101.66 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

93 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

8
IPs

2
Countries

49 kB
Transfer

153 kB
Size

3
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!