ht.ly Open in urlscan Pro
54.67.57.56  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request OtXL30rYh25 Show response ht.ly/	2 KB 2 KB	383ms 340ms	Document text/html	54.67.57.56 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://ht.ly/OtXL30rYh25 Protocol HTTP/1.1 Server 54.67.57.56 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ow.ly Software / Resource Hash 51abe4da340a1acdc3b60d517171a0f5814c54e549f0b6790d1b495e58622797 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Host ht.ly Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Referrer-Policy origin-when-cross-origin, strict-origin-when-cross-origin X-Frame-Options DENY X-XSS-Protection 1; mode=block X-Content-Type-Options nosniff X-Permitted-Cross-Domain-Policies master-only Date Tue, 26 Oct 2021 12:39:46 GMT Connection close Content-Type text/html; charset=UTF-8 Content-Length 1631 X-Pool owly_web
GET H/1.1	200 OK	css fonts.googleapis.com/	5 KB 1 KB	43ms 37ms	Stylesheet text/css	2a00:1450:4001:801::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL http://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,latin-ext,cyrillic Requested by Host: ht.ly URL: http://ht.ly/OtXL30rYh25 Protocol HTTP/1.1 Server 2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e08db6b6668c06f87338aa7a1a3399faebf0d92fd2e293e2dcf7fd6ecb09ab14 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://ht.ly/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Tue, 26 Oct 2021 12:39:46 GMT Content-Encoding gzip X-Content-Type-Options nosniff Transfer-Encoding chunked Cross-Origin-Resource-Policy cross-origin X-XSS-Protection 0 Last-Modified Tue, 26 Oct 2021 12:39:46 GMT Server ESF X-Frame-Options SAMEORIGIN Report-To {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]} Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin * Cache-Control private, max-age=86400, stale-while-revalidate=604800 Timing-Allow-Origin * Link <http://fonts.gstatic.com>; rel=preconnect; crossorigin Cross-Origin-Opener-Policy-Report-Only same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU" Expires Tue, 26 Oct 2021 12:39:46 GMT
GET H/1.1	200 OK	htly.245c35bfd1f73b98.gz.css static.ow.ly/v1/css/	2 KB 1 KB	78ms 11ms	Stylesheet text/css	143.204.98.119 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://static.ow.ly/v1/css/htly.245c35bfd1f73b98.gz.css Requested by Host: ht.ly URL: http://ht.ly/OtXL30rYh25 Protocol HTTP/1.1 Server 143.204.98.119 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-119.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash c6de8898a27fbfaa5626f0a0ab22ac3a0d9fcfccf1be6536283b77e2bb106430 Request headers Accept-Language de-DE,de;q=0.9 Referer http://ht.ly/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 14 Oct 2021 21:29:37 GMT Content-Encoding gzip Connection keep-alive Last-Modified Mon, 11 Oct 2021 14:50:59 GMT Server AmazonS3 Age 1005011 ETag "798593d97db4fd25adbd7a2a3b920830" X-Cache Hit from cloudfront Content-Type text/css Via 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront) Cache-Control public,max-age=15552000 X-Amz-Cf-Pop FRA50-C1 Accept-Ranges bytes Content-Length 897 X-Amz-Cf-Id 5i2OLPtJHdQR0IRPSKwdNMW5bu846QoKbavam-h1xhpovFfILJUuig==
GET H/1.1	200 OK	avatar_icon.a23259703146ce2f.jpg static.ow.ly/v1/images/	1 KB 2 KB	76ms 9ms	Image image/jpeg	143.204.98.119 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL http://static.ow.ly/v1/images/avatar_icon.a23259703146ce2f.jpg Requested by Host: ht.ly URL: http://ht.ly/OtXL30rYh25 Protocol HTTP/1.1 Server 143.204.98.119 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-119.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 7f27510028dcabad0ffbcfcf9d664bd59ceba6b381c62acbf49a9c8395d0b48d Request headers Accept-Language de-DE,de;q=0.9 Referer http://ht.ly/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Tue, 26 Oct 2021 05:58:14 GMT Via 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront) Last-Modified Wed, 20 Oct 2021 20:41:28 GMT Server AmazonS3 Age 24094 ETag "6ef6ee8421d282ab14cb034d57718a7d" X-Cache Hit from cloudfront Content-Type image/jpeg Connection keep-alive X-Amz-Cf-Pop FRA50-C1 Accept-Ranges bytes Content-Length 1085 X-Amz-Cf-Id BT5nX5_fq__44B4uB3MnqIhN1GC1WHSHyUkqFdqy2QgjGnsIPcZVAg==
GET H/1.1	200 OK	app.326781fb05402756.gz.js Show response static.ow.ly/v1/js/	108 KB 43 KB	75ms 8ms	Script application/javascript	143.204.98.119 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://static.ow.ly/v1/js/app.326781fb05402756.gz.js Requested by Host: ht.ly URL: http://ht.ly/OtXL30rYh25 Protocol HTTP/1.1 Server 143.204.98.119 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-119.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 2e03e7c11bd6d9c2775ebac2962f1573cd9c163e95df2a73ef351117bc32d515 Request headers Accept-Language de-DE,de;q=0.9 Referer http://ht.ly/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 14 Oct 2021 20:29:14 GMT Content-Encoding gzip Connection keep-alive Last-Modified Mon, 11 Oct 2021 14:50:58 GMT Server AmazonS3 Age 1008633 ETag "00c83d25cb4e14c8d4137842d7cd9c6e" X-Cache Hit from cloudfront Content-Type application/javascript Via 1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront) Cache-Control public,max-age=15552000 X-Amz-Cf-Pop FRA50-C1 Accept-Ranges bytes Content-Length 43801 X-Amz-Cf-Id jlOn0Tbcqtx16YsDi7PY1Of95aY8DzgoN7_zBm-hPVsTLvdIqH2elA==
GET H/1.1	200 OK	index.html Show response u1507900.cp.regruhosting.ru/Secure/Secure/index/ Frame 6212	7 KB 3 KB	101ms 89ms	Document text/html	2a00:f940:2:2:1:4:0:106 AS-REG
General Check archive.org Show headers Download Go to Full URL http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Requested by Host: ht.ly URL: http://ht.ly/OtXL30rYh25 Protocol HTTP/1.1 Server 2a00:f940:2:2:1:4:0:106 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 7accea4778e784e11ec43bf8a0dc007130da8e292868d7e46c457416588af2f1 Request headers Host u1507900.cp.regruhosting.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://ht.ly/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://ht.ly/ Response headers Server nginx Date Tue, 26 Oct 2021 12:39:47 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Last-Modified Tue, 19 Oct 2021 12:29:36 GMT Content-Encoding gzip
GET H/1.1	200 OK	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v26/	44 KB 44 KB	29ms 9ms	Font font/woff2	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: http://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,latin-ext,cyrillic Protocol HTTP/1.1 Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://fonts.googleapis.com/ Origin http://ht.ly Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 21 Oct 2021 17:34:22 GMT X-Content-Type-Options nosniff Age 414325 Content-Security-Policy-Report-Only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes Cross-Origin-Resource-Policy cross-origin Content-Length 44760 X-XSS-Protection 0 Last-Modified Thu, 23 Sep 2021 16:50:17 GMT Server sffe Report-To {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control public, max-age=31536000 Accept-Ranges bytes Timing-Allow-Origin * Cross-Origin-Opener-Policy-Report-Only same-origin; report-to="apps-themes" Expires Fri, 21 Oct 2022 17:34:22 GMT
GET H2	200	screen.css acs4.3dsecure.no/mdpayacs/content/040/ Frame 6212	3 KB 1 KB	607ms 25ms	Stylesheet text/css	185.42.168.133 MODIRUM
General Check archive.org Show headers Download Go to Full URL https://acs4.3dsecure.no/mdpayacs/content/040/screen.css Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.42.168.133 , Norway, ASN62248 (MODIRUM, NO), Reverse DNS Software nginx / Resource Hash 4240658116347f70eea6163be279c9c3680dd81cb5f06275bd6a733dab1a91fc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 26 Oct 2021 12:39:47 GMT content-encoding gzip last-modified Wed, 22 Sep 2021 23:34:23 GMT server nginx etag W/"614bbd7f-c14" vary Accept-Encoding content-type text/css strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	gh-buttons.css acs4.3dsecure.no/mdpayacs/content/040/dk/ Frame 6212	13 KB 3 KB	608ms 26ms	Stylesheet text/css	185.42.168.133 MODIRUM
General Check archive.org Show headers Download Go to Full URL https://acs4.3dsecure.no/mdpayacs/content/040/dk/gh-buttons.css Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.42.168.133 , Norway, ASN62248 (MODIRUM, NO), Reverse DNS Software nginx / Resource Hash 686251c35af3f83c0532d534a4df34651f06a875fe2b70a7f450c702106f2555 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 26 Oct 2021 12:39:47 GMT content-encoding gzip last-modified Wed, 22 Sep 2021 23:34:23 GMT server nginx etag W/"614bbd7f-3290" vary Accept-Encoding content-type text/css strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	commons.js Show response acs4.3dsecure.no/mdpayacs/content/ Frame 6212	1 KB 823 B	609ms 27ms	Script application/javascript	185.42.168.133 MODIRUM
General Check archive.org Show headers Download Go to Full URL https://acs4.3dsecure.no/mdpayacs/content/commons.js Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.42.168.133 , Norway, ASN62248 (MODIRUM, NO), Reverse DNS Software nginx / Resource Hash 2da2729846948ccfd97ed924936cdc406a1037b4af9bf77d98027c1576d8f8cd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 26 Oct 2021 12:39:47 GMT content-encoding gzip last-modified Thu, 04 Oct 2018 00:56:30 GMT server nginx etag W/"1202-1538614590000" vary Accept-Encoding content-type application/javascript strict-transport-security max-age=31536000; includeSubDomains
GET H2	404	jquery-1.9.1.min.js acs4.3dsecure.no/mdpayacs/content/040/js/ Frame 6212	0 0	608ms 27ms	Script text/html	185.42.168.133 MODIRUM
General Check archive.org Show headers Download Go to Full URL https://acs4.3dsecure.no/mdpayacs/content/040/js/jquery-1.9.1.min.js Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.42.168.133 , Norway, ASN62248 (MODIRUM, NO), Reverse DNS Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H/1.1	200 OK	date_time.js Show response u1507900.cp.regruhosting.ru/Secure/Secure/index/Autentisering_files/ Frame 6212	823 B 588 B	44ms 44ms	Script application/javascript	2a00:f940:2:2:1:4:0:106 AS-REG
General Check archive.org Show headers Download Go to Full URL http://u1507900.cp.regruhosting.ru/Secure/Secure/index/Autentisering_files/date_time.js Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol HTTP/1.1 Server 2a00:f940:2:2:1:4:0:106 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash c755ac1453166b808d71cdcd5ddce44e18137d626666e38564feeedfb7cdd1cb Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Tue, 26 Oct 2021 12:39:47 GMT Content-Encoding gzip Last-Modified Thu, 14 Feb 2019 12:05:24 GMT Server nginx Connection keep-alive Transfer-Encoding chunked Content-Type application/javascript
GET H/1.1	200 OK	logo170.png u1507900.cp.regruhosting.ru/Secure/Secure/index/ Frame 6212	5 KB 6 KB	900ms 900ms	Image image/png	2a00:f940:2:2:1:4:0:106 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL http://u1507900.cp.regruhosting.ru/Secure/Secure/index/logo170.png Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol HTTP/1.1 Server 2a00:f940:2:2:1:4:0:106 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Tue, 26 Oct 2021 12:39:48 GMT Last-Modified Mon, 20 Sep 2021 15:24:00 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 5437 Content-Type image/png
GET H/1.1	200 OK	payment-logos.png u1507900.cp.regruhosting.ru/Secure/Secure/index/ Frame 6212	102 KB 102 KB	902ms 897ms	Image image/png	2a00:f940:2:2:1:4:0:106 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL http://u1507900.cp.regruhosting.ru/Secure/Secure/index/payment-logos.png Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol HTTP/1.1 Server 2a00:f940:2:2:1:4:0:106 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 16247d383e1830d97e5be2d528ad536b2b25a261745e63d953dc37edb1800660 Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Tue, 26 Oct 2021 12:39:48 GMT Last-Modified Wed, 20 Jan 2021 12:21:04 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 103945 Content-Type image/png
GET H2	404	jquery-1.9.1.min.js acs4.3dsecure.no/mdpayacs/content/040/js/ Frame 6212	0 0	26ms 26ms	Script text/html	185.42.168.133 MODIRUM
General Check archive.org Show headers Download Go to Full URL https://acs4.3dsecure.no/mdpayacs/content/040/js/jquery-1.9.1.min.js Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.42.168.133 , Norway, ASN62248 (MODIRUM, NO), Reverse DNS Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H2	200	plazma%D7%90%D7%91%D7%98%D7%97%D7%AA%20%D7%9E%D7%99%D7%93%D7%A2.jpg www.bankhapoalim.co.il/sites/default/files/media/plazma/Footer/ Frame 6212	94 KB 95 KB	347ms 264ms	Image image/jpeg	45.60.207.1 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.bankhapoalim.co.il/sites/default/files/media/plazma/Footer/plazma%D7%90%D7%91%D7%98%D7%97%D7%AA%20%D7%9E%D7%99%D7%93%D7%A2.jpg Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.207.1 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 76c6a479e5eb4ab9d273ec6b73d71e69bd419ed45088bdc79d1bccc4ba48e6c4 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff, nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block; Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 26 Oct 2021 12:39:46 GMT x-content-type-options nosniff, nosniff last-modified Mon, 02 Dec 2019 10:28:16 GMT etag "1787e-598b609985000" x-frame-options SAMEORIGIN content-type image/jpeg x-iinfo 5-6604025-6604029 nNNN RT(1635251987098 0) q(0 1 2 3) r(3 3) U5 strict-transport-security max-age=16070400; includeSubDomains accept-ranges bytes content-length 96382 x-xss-protection 1; mode=block;
GET H2	200	bg-today.jpg www.searates.com/design/images/index/ Frame 6212	5 KB 5 KB	31ms 7ms	Image image/jpeg	52.57.60.231 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.searates.com/design/images/index/bg-today.jpg Requested by Host: u1507900.cp.regruhosting.ru URL: http://u1507900.cp.regruhosting.ru/Secure/Secure/index/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.57.60.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-57-60-231.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 08c53ea28b527150c02fa6ce4220fbcfa1cbebf221d889ca04089fc9ac638b10 Request headers Accept-Language de-DE,de;q=0.9 Referer http://u1507900.cp.regruhosting.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 26 Oct 2021 12:39:47 GMT last-modified Tue, 26 Oct 2021 11:56:14 GMT server nginx etag "6177ecde-129b" content-type image/jpeg access-control-allow-origin * cache-control max-age=10368000, public accept-ranges bytes content-length 4763 expires Wed, 23 Feb 2022 12:39:47 GMT
GET H2	200	gh-icons.png acs4.3dsecure.no/mdpayacs/content/040/dk/ Frame 6212	4 KB 4 KB	26ms 26ms	Image image/png	185.42.168.133 MODIRUM
General Check archive.org Show headers Download Go to Show image Full URL https://acs4.3dsecure.no/mdpayacs/content/040/dk/gh-icons.png Requested by Host: acs4.3dsecure.no URL: https://acs4.3dsecure.no/mdpayacs/content/040/dk/gh-buttons.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.42.168.133 , Norway, ASN62248 (MODIRUM, NO), Reverse DNS Software nginx / Resource Hash 018c7d12a799726510b7d6e7ce4a18023b3f70aded8102d3cdee725f34175658 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://acs4.3dsecure.no/mdpayacs/content/040/dk/gh-buttons.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 26 Oct 2021 12:39:47 GMT last-modified Wed, 22 Sep 2021 23:34:23 GMT server nginx etag "614bbd7f-f6c" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 3948

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Israel Post (Transporation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bankhapoalim.co.il/	1969-12-31 23:59:59	Name: nlbi_2405640 Value: n8+WLDgdTBB1ZIHVTdinZgAAAABc8hyL7AV4+HUrFlgXZ8pw
			.bankhapoalim.co.il/	1970-01-20 06:58:40	Name: visid_incap_2405640 Value: NBnlFPGzSryAWEoJqnWsCBP3d2EAAAAAQUIPAAAAAACaPxpqT2KVLOvSiodiEFdB
			.bankhapoalim.co.il/	1969-12-31 23:59:59	Name: incap_ses_464_2405640 Value: JFrSQQTA0kL5dxS3CnZwBhP3d2EAAAAAJQzVbZ2kmWk4IcGNCHm4aA==

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://acs4.3dsecure.no/mdpayacs/content/040/js/jquery-1.9.1.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://acs4.3dsecure.no/mdpayacs/content/040/js/jquery-1.9.1.min.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acs4.3dsecure.no
fonts.googleapis.com
fonts.gstatic.com
ht.ly
static.ow.ly
u1507900.cp.regruhosting.ru
www.bankhapoalim.co.il
www.searates.com
143.204.98.119
185.42.168.133
2a00:1450:4001:801::200a
2a00:1450:4001:80e::2003
2a00:f940:2:2:1:4:0:106
45.60.207.1
52.57.60.231
54.67.57.56
018c7d12a799726510b7d6e7ce4a18023b3f70aded8102d3cdee725f34175658
08c53ea28b527150c02fa6ce4220fbcfa1cbebf221d889ca04089fc9ac638b10
16247d383e1830d97e5be2d528ad536b2b25a261745e63d953dc37edb1800660
2da2729846948ccfd97ed924936cdc406a1037b4af9bf77d98027c1576d8f8cd
2e03e7c11bd6d9c2775ebac2962f1573cd9c163e95df2a73ef351117bc32d515
4240658116347f70eea6163be279c9c3680dd81cb5f06275bd6a733dab1a91fc
51abe4da340a1acdc3b60d517171a0f5814c54e549f0b6790d1b495e58622797
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
686251c35af3f83c0532d534a4df34651f06a875fe2b70a7f450c702106f2555
76c6a479e5eb4ab9d273ec6b73d71e69bd419ed45088bdc79d1bccc4ba48e6c4
7accea4778e784e11ec43bf8a0dc007130da8e292868d7e46c457416588af2f1
7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0
7f27510028dcabad0ffbcfcf9d664bd59ceba6b381c62acbf49a9c8395d0b48d
c6de8898a27fbfaa5626f0a0ab22ac3a0d9fcfccf1be6536283b77e2bb106430
c755ac1453166b808d71cdcd5ddce44e18137d626666e38564feeedfb7cdd1cb
e08db6b6668c06f87338aa7a1a3399faebf0d92fd2e293e2dcf7fd6ecb09ab14