hylandsoft.com Open in urlscan Pro
104.148.37.250 Malicious Activity! Public Scan

URL:
http://hylandsoft.com/
Submission: On December 01 via manual (December 1st 2020, 2:57:15 pm UTC) from US

Summary HTTP 41 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 41 HTTP transactions. The main IP is 104.148.37.250, located in Los Angeles, United States and belongs to LAYER-HOST, US. The main domain is hylandsoft.com.

This is the only time hylandsoft.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bet365 (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
15	104.148.37.250 104.148.37.250	46573 (LAYER-HOST) (LAYER-HOST)
1	103.97.176.21 103.97.176.21	137443 (ANCHGLOBA...) (ANCHGLOBAL-AS-AP Anchnet Asia Limited)
1 2	182.16.20.226 182.16.20.226	45753 (NETSEC-HK...) (NETSEC-HK NETSEC)
41	4

15 104.148.37.250 (Los Angeles, United States)

ASN46573 (LAYER-HOST, US)

hylandsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.97.176.21 (Hong Kong)

ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK)

www.twsw999.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 182.16.20.226 (Cheung Sha Wan, Hong Kong) 1 redirects

ASN45753 (NETSEC-HK NETSEC, HK)

www.cn365e.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	hylandsoft.com hylandsoft.com	85 KB
2	cn365e.com 1 redirects www.cn365e.com	455 B
1	twsw999.com www.twsw999.com	3 KB
41	3

	Domain	Requested by
15	hylandsoft.com	hylandsoft.com www.twsw999.com
2	www.cn365e.com	1 redirects www.twsw999.com
1	www.twsw999.com	hylandsoft.com
41	3

This site contains no links.

Subject Issuer	Validity	Valid
twsw999.com Let's Encrypt Authority X3	`2020-11-05` - `2021-02-03`	3 months	crt.sh
cn365e.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-23` - `2021-06-23`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://hylandsoft.com/
Frame ID: 480CE39D2686451310CE8D3AEE0E9491
Requests: 40 HTTP requests in this frame

Frame: https://www.cn365e.com/cn/register
Frame ID: 10A011F7AE91A3B58460CDB3974870DB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Win32|Win64/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

41
Requests

5 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

88 kB
Transfer

147 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://www.cn365e.com/ HTTP 302
https://www.cn365e.com/cn/register

41 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
hylandsoft.com/ 30 KB
8 KB 410ms
356ms Document
text/html 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 110c8ac50be2e88aad46cfc312a9b544568b583e7cbb17cadf021e24dd38d42f

Request headers

Host: hylandsoft.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:36 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
Last-Modified: Fri, 05 Oct 2018 06:54:47 GMT
ETag: "790c-57775bf4180ff-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7390
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK dfiles14558templetsdefaultcsscsscss.css
hylandsoft.com/images/ 30 KB
6 KB 382ms
354ms Stylesheet
text/css 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/images/dfiles14558templetsdefaultcsscsscss.css
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: eb499263ee5a9adc0a1ac5edd1f8e5864c7d1dff1854f9716ff9fd49bb8f26fc

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:18:51 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "7961-56e271bbea694-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 5739

GET
H/1.1 200
OK _sitegray_sitegray_dcss.css
hylandsoft.com/images/ 20 B
348 B 381ms
353ms Stylesheet
text/css 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/images/_sitegray_sitegray_dcss.css
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 183f83b69b6f7ced023f06bc9b98b2d00c9e08b5c627c1f6e9002f48f0bbfb5c

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:36 GMT
Last-Modified: Fri, 08 Jun 2018 20:18:52 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "14-56e271bcacf5f"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 20

GET
H/1.1 200
OK indexvsbcss.css
hylandsoft.com/images/ 190 B
516 B 380ms
353ms Stylesheet
text/css 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/images/indexvsbcss.css
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 2fe9f90026d1e75d1ddbd0113bae34975c782701225a35279d05009c2225481b

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:18:52 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "be-56e271bcf9413-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 135

GET
H/1.1 200
OK zjdbw5.js Show response
hylandsoft.com/69254/44806/45056/ 1000 B
854 B 380ms
353ms Script
application/javascript 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/69254/44806/45056/zjdbw5.js
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: f04f89767b7329c1f641aa5ebff7a787568d23cd46d8e044900f91fd5a5e9388

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Oct 2018 06:54:47 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "3e8-57775bf41be08-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 458

GET
H/1.1 200
OK dfiles14558templetsdefaultimagesstatus_icon1.jpg
hylandsoft.com/images/ 1 KB
1 KB 191ms
190ms Image
image/jpeg 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesstatus_icon1.jpg
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: b9755c2e7c17f731a8930e4c85e6617118fc76ba637b894d5e290913ae3e4320

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:17:20 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "58a-56e271646e52d-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 916

GET
H/1.1 200
OK dfiles14558templetsdefaultimagesstatus_icon2.jpg
hylandsoft.com/images/ 1 KB
1 KB 193ms
192ms Image
image/jpeg 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesstatus_icon2.jpg
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 76f43fffb3eb95a7bbfc6fa587dae7799877e7275c32041c4659c1e537f88c06

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:17:20 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "593-56e271650318c-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 936

GET
H/1.1 200
OK dfiles14558templetsdefaultimagesstatus_icon3.jpg
hylandsoft.com/images/ 1 KB
1 KB 192ms
191ms Image
image/jpeg 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesstatus_icon3.jpg
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: fa13423fe730022c665639c32dc78bcbe88ca837a53f05ba6834e05ac4f90afa

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:17:21 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "5a6-56e2716580fb5-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 956

GET
H/1.1 200
OK dfiles14558templetsdefaultimagesstatus_icon4.jpg
hylandsoft.com/images/ 1 KB
1 KB 190ms
189ms Image
image/jpeg 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesstatus_icon4.jpg
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: e0e800034e162bc67b15fc34a66356c38255a0520d076c5b97d67c33e37f4081

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:17:21 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "5b2-56e27166067f0-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 973

GET
H/1.1 200
OK dfiles14558templetsdefaultimagesstatus_icon5.jpg
hylandsoft.com/images/ 8 KB
3 KB 190ms
190ms Image
image/jpeg 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesstatus_icon5.jpg
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 86195a9264dcea9686d3758a29d0324af421a6843e6d59301f28a93a645c7665

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:17:22 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "2013-56e2716697746-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2813

GET
H/1.1 200
OK dfiles14558templetsdefaultimageslogo.jpg
hylandsoft.com/images/ 32 KB
24 KB 191ms
191ms Image
image/jpeg 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimageslogo.jpg
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 8d8595574c70100d165576bd649d3e1c49a9ca659e18d9f0b16ae2dbcb395a61

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:17:23 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "7efa-56e27167e725e-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 24606

GET
H/1.1 200
OK imagestop_right.jpg
hylandsoft.com/images/ 35 KB
35 KB 192ms
191ms Image
image/jpeg 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hylandsoft.com/images/imagestop_right.jpg
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: e5f3930500ce7c417e01003852c5b1a0cd94dd7bde693490db4601dfd626f5f1

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 20:17:24 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "8d5f-56e27168e6bb9-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 35811

GET dfiles14558templetsdefaultimagesnav_leftbg.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesnav_rightbg.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesboard_left.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesbtn.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesboard_right.jpg
hylandsoft.com/images/ 0
0

GET
H/1.1 200
OK systemresourcestylecomponentnewslistimagechangenewscss.css
hylandsoft.com/images/ 929 B
632 B 190ms
190ms Stylesheet
text/css 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/images/systemresourcestylecomponentnewslistimagechangenewscss.css
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 7e33066f72bfcdbe85d169e0d5c64fb12270311b268c845d599728e2779e53de

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jun 2018 21:48:56 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "3a1-56e285dde645a-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 251

GET systemresourceimagesspace.gif
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesmore2.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesabout_img.jpg
hylandsoft.com/images/ 0
0

GET __localB4DB4CFFEC3923FDDFCEE30CBEC1CA43_FC6BBC59_786BD.jpg
hylandsoft.com/images/ 0
0

GET __localED47BA9250A401B128D2C4E5C0D192F4_A1B7C6AA_5CA2.jpg
hylandsoft.com/images/ 0
0

GET __localCE6A6B5615FFFA8CF7DD28BF4DB29596_8DC6D015_1003C.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimageshf.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesmore1.jpg
hylandsoft.com/images/ 0
0

GET __local3652C8183FC865406A2A5A14F0B275AC_75ADD616_578E.jpg
hylandsoft.com/images/ 0
0

GET __local105FDB43B4302A2F0619A22492D2B809_5B25A311_2CBC.jpg
hylandsoft.com/images/ 0
0

GET __localB2939D2B4E623B2069B37564560655B1_1B18F393_A35E.jpg
hylandsoft.com/images/ 0
0

GET __local62A25FD5052E778A5FE81936170DFDD8_39804A84_BC51.jpg
hylandsoft.com/images/ 0
0

GET __localBDF49D4E0FEC00CB21AC564648D76270_62AB919F_94B1.jpg
hylandsoft.com/images/ 0
0

GET __local88EF68849ED4B1C588EBB7829AA5AB5C_3398AB08_1AC6B.jpg
hylandsoft.com/images/ 0
0

GET __local9D7C3593B7632EDC71A57165A6C6083D_A25E38B1_3C8BA.jpg
hylandsoft.com/images/ 0
0

GET __local1A74BF485ECD20E7F6EC0AF5D524277A_EF1079D0_32717.jpg
hylandsoft.com/images/ 0
0

GET __local277BECA5C82BFCFC0A066273BD0FC4A9_E24D2E59_A3673.jpg
hylandsoft.com/images/ 0
0

GET __local4C0DB1CCA79BFA1E004B9B851B979389_8EA17682_29029.jpg
hylandsoft.com/images/ 0
0

GET dfiles14558templetsdefaultimagesplc.gif
hylandsoft.com/images/ 0
0

GET
H/1.1 200
OK lnc3qk.js Show response
hylandsoft.com/69254/44806/45056/ 475 B
749 B 190ms
190ms Script
application/javascript 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/69254/44806/45056/lnc3qk.js
Requested by: Host: hylandsoft.com
URL: http://hylandsoft.com/
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash: 8ace5d7bdbb3eec188f36ea37514f8bcc3054b4be33180d678fbc0df84e65368

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Oct 2018 06:54:47 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
ETag: "1db-57775bf41be08-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 354

GET
H/1.1 200
OK 5.js Show response
www.twsw999.com/ 3 KB
3 KB 1132ms
280ms Script
application/javascript 103.97.176.21
ANCHGLOBAL-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.twsw999.com/5.js

Requested by

Host: hylandsoft.com
URL: http://hylandsoft.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.97.176.21 , Hong Kong, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

160ae50cd2ff5354783c92198ccb92b33073df8f8219737052c09ffd02368387

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 01 Dec 2020 14:54:59 GMT
Last-Modified: Thu, 29 Nov 2018 06:02:29 GMT
Server: nginx
ETag: "5bff80f5-cca"
Strict-Transport-Security: max-age=63072000; includeSubdomains
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3274

GET
H/1.1

200
OK

Cookie set register
www.cn365e.com/cn/ Frame 10A0
Redirect Chain

https://www.cn365e.com/
https://www.cn365e.com/cn/register

0
0

488ms
487ms

Document
text/html

182.16.20.226
NETSEC-HK NETSEC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cn365e.com/cn/register
Requested by: Host: www.twsw999.com
URL: https://www.twsw999.com/5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 182.16.20.226 Cheung Sha Wan, Hong Kong, ASN45753 (NETSEC-HK NETSEC, HK),
Reverse DNS
Software: nginx/1.10.2 / PHP/5.6.26
Resource Hash

Request headers

Host: www.cn365e.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://hylandsoft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://hylandsoft.com/

Response headers

Server: nginx/1.10.2
Date: Tue, 01 Dec 2020 22:54:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.26
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: web=n1gak0qor5k8fs74f67e3fhcc6; path=/ randomYes=43435930483; path=/ randomYes=43435930483; path=/ firstVisit=1; Expires=Tue, 08-Dec-2020 14:56:42 GMT; Path=/
Content-Encoding: gzip

Redirect headers

Server: nginx/1.10.2
Date: Tue, 01 Dec 2020 22:54:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.26
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: web=ndei6rlvam34qffaf39m0j0n15; path=/ randomYes=43435930483; path=/
Location: /cn/register

GET
H/1.1 404
Not Found tongji.js
hylandsoft.com/ 0
0 382ms
367ms Script
text/html 104.148.37.250
LAYER-HOST

General

Check archive.org

Show headers Download Go to

Full URL: http://hylandsoft.com/tongji.js
Requested by: Host: www.twsw999.com
URL: https://www.twsw999.com/5.js
Protocol: HTTP/1.1
Server: 104.148.37.250 Los Angeles, United States, ASN46573 (LAYER-HOST, US),
Reverse DNS
Software: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev /
Resource Hash

Request headers

Referer: http://hylandsoft.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 30 Nov 2020 23:34:38 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.2.18 mod_fcgid/2.3.10-dev
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 333
Content-Type: text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesnav_leftbg.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesnav_rightbg.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesboard_left.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesbtn.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesboard_right.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/systemresourceimagesspace.gif

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesmore2.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesabout_img.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__localB4DB4CFFEC3923FDDFCEE30CBEC1CA43_FC6BBC59_786BD.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__localED47BA9250A401B128D2C4E5C0D192F4_A1B7C6AA_5CA2.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__localCE6A6B5615FFFA8CF7DD28BF4DB29596_8DC6D015_1003C.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimageshf.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesmore1.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local3652C8183FC865406A2A5A14F0B275AC_75ADD616_578E.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local105FDB43B4302A2F0619A22492D2B809_5B25A311_2CBC.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__localB2939D2B4E623B2069B37564560655B1_1B18F393_A35E.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local62A25FD5052E778A5FE81936170DFDD8_39804A84_BC51.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__localBDF49D4E0FEC00CB21AC564648D76270_62AB919F_94B1.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local88EF68849ED4B1C588EBB7829AA5AB5C_3398AB08_1AC6B.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local9D7C3593B7632EDC71A57165A6C6083D_A25E38B1_3C8BA.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local1A74BF485ECD20E7F6EC0AF5D524277A_EF1079D0_32717.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local277BECA5C82BFCFC0A066273BD0FC4A9_E24D2E59_A3673.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/__local4C0DB1CCA79BFA1E004B9B851B979389_8EA17682_29029.jpg

Domain: hylandsoft.com
URL: http://hylandsoft.com/images/dfiles14558templetsdefaultimagesplc.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bet365 (Entertainment)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hylandsoft.com
www.cn365e.com
www.twsw999.com
hylandsoft.com
103.97.176.21
104.148.37.250
182.16.20.226
110c8ac50be2e88aad46cfc312a9b544568b583e7cbb17cadf021e24dd38d42f
160ae50cd2ff5354783c92198ccb92b33073df8f8219737052c09ffd02368387
183f83b69b6f7ced023f06bc9b98b2d00c9e08b5c627c1f6e9002f48f0bbfb5c
2fe9f90026d1e75d1ddbd0113bae34975c782701225a35279d05009c2225481b
76f43fffb3eb95a7bbfc6fa587dae7799877e7275c32041c4659c1e537f88c06
7e33066f72bfcdbe85d169e0d5c64fb12270311b268c845d599728e2779e53de
86195a9264dcea9686d3758a29d0324af421a6843e6d59301f28a93a645c7665
8ace5d7bdbb3eec188f36ea37514f8bcc3054b4be33180d678fbc0df84e65368
8d8595574c70100d165576bd649d3e1c49a9ca659e18d9f0b16ae2dbcb395a61
b9755c2e7c17f731a8930e4c85e6617118fc76ba637b894d5e290913ae3e4320
e0e800034e162bc67b15fc34a66356c38255a0520d076c5b97d67c33e37f4081
e5f3930500ce7c417e01003852c5b1a0cd94dd7bde693490db4601dfd626f5f1
eb499263ee5a9adc0a1ac5edd1f8e5864c7d1dff1854f9716ff9fd49bb8f26fc
f04f89767b7329c1f641aa5ebff7a787568d23cd46d8e044900f91fd5a5e9388
fa13423fe730022c665639c32dc78bcbe88ca837a53f05ba6834e05ac4f90afa

hylandsoft.com Open in urlscan Pro 104.148.37.250 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

41 Requests

5 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

88 kBTransfer

147 kBSize

0 Cookies

0 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Indicators

hylandsoft.com Open in urlscan Pro
104.148.37.250 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

5 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

88 kB
Transfer

147 kB
Size

0
Cookies

41 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!