urlscan.io logo urlscan.io
SecurityTrails logo

href.li Open in urlscan Pro
192.0.78.26  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://p.haltowe.info/go/287184/587964/0.7228899390590493
Effective URL: https://href.li/?https://cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/setup_2024.008.20...
Submission: On March 08 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 192.0.78.26, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is href.li. The Cisco Umbrella rank of the primary domain is 103256.
TLS certificate: Issued by R3 on March 5th 2024. Valid for: 3 months.
This is the only time href.li was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

setup_2024.008.20534_win64_86.exe 19 MB application/x-dosexec
MIME: PE32 executable (GUI) Intel 80386, for MS Windows
Size: 19 MB (19613166 bytes, 100% done)
Downloaded from: https://cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/setup_2024.008.20534_win64_86.exe?ex=65fd87e5&is=65eb12e5&hm=b1dbfa917c8c8ea1b8db120d3971d7b0fe688e904cebc62a6fef2a53244d4fde&

Domain & IP information

IP Address AS Autonomous System
1 2 54.165.90.62 14618 (AMAZON-AES)
3 5 149.102.231.135 212238 (CDNEXT)
1 192.0.78.26 2635 (AUTOMATTIC)
1 162.159.135.233 13335 (CLOUDFLAR...)
5 4
Apex Domain
Subdomains		 Transfer
5 mykavaspot.com
mykavaspot.com
12 KB
2 haltowe.info
p.haltowe.info
660 B
1 discordapp.com
cdn.discordapp.com — Cisco Umbrella Rank: 2893
1 href.li
href.li — Cisco Umbrella Rank: 103256
542 B
5 4
Domain Requested by
5 mykavaspot.com 3 redirects p.haltowe.info
mykavaspot.com
2 p.haltowe.info 1 redirects
1 cdn.discordapp.com href.li
1 href.li
5 4

This site contains no links.

Subject Issuer Validity Valid
mykavaspot.com
R3		 2024-03-06 -
2024-06-04		 3 months crt.sh
tls.automattic.com
R3		 2024-03-05 -
2024-06-03		 3 months crt.sh
discordapp.com
Cloudflare Inc ECC CA-3		 2023-10-20 -
2024-10-19		 a year crt.sh

This page contains 1 frames:

Frame: https://cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/setup_2024.008.20534_win64_86.exe?ex=65fd87e5&is=65eb12e5&hm=b1dbfa917c8c8ea1b8db120d3971d7b0fe688e904cebc62a6fef2a53244d4fde&
Frame ID: 3E3EC2EB521A19621AA2D27145F2031B
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://p.haltowe.info/go/287184/587964/0.7228899390590493 Page URL
  2. http://p.haltowe.info/ad/ad?p=287184&w=587964&t=d8688974ecf65505&r=0.7228899390590493&vw=1600&vh=1200 HTTP 303
    https://mykavaspot.com/brucer2 HTTP 301
    https://mykavaspot.com/brucer2/ HTTP 301
    https://mykavaspot.com/wxx HTTP 301
    https://mykavaspot.com/wxx/ Page URL
  3. https://href.li/?https://cdn.discordapp.com/attachments/809018060765790221/12156527992669552... Page URL

Page Statistics

5
Requests

80 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

12 kB
Transfer

13 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://p.haltowe.info/go/287184/587964/0.7228899390590493 Page URL
  2. http://p.haltowe.info/ad/ad?p=287184&w=587964&t=d8688974ecf65505&r=0.7228899390590493&vw=1600&vh=1200 HTTP 303
    https://mykavaspot.com/brucer2 HTTP 301
    https://mykavaspot.com/brucer2/ HTTP 301
    https://mykavaspot.com/wxx HTTP 301
    https://mykavaspot.com/wxx/ Page URL
  3. https://href.li/?https://cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/setup_2024.008.20534_win64_86.exe?ex=65fd87e5&is=65eb12e5&hm=b1dbfa917c8c8ea1b8db120d3971d7b0fe688e904cebc62a6fef2a53244d4fde& Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://p.haltowe.info/ad/ad?p=287184&w=587964&t=d8688974ecf65505&r=0.7228899390590493&vw=1600&vh=1200 HTTP 303
  • https://mykavaspot.com/brucer2 HTTP 301
  • https://mykavaspot.com/brucer2/ HTTP 301
  • https://mykavaspot.com/wxx HTTP 301
  • https://mykavaspot.com/wxx/

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
0.7228899390590493
p.haltowe.info/go/287184/587964/ 		444 B
497 B 		Document
General
Check archive.org
Download Go to
Full URL
http://p.haltowe.info/go/287184/587964/0.7228899390590493
Protocol
HTTP/1.1
Server
54.165.90.62 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-165-90-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 08 Mar 2024 22:24:01 GMT
Server
nginx
Vary
Accept-Encoding
transfer-encoding
chunked
/
mykavaspot.com/wxx/
Redirect Chain
  • http://p.haltowe.info/ad/ad?p=287184&w=587964&t=d8688974ecf65505&r=0.7228899390590493&vw=1600&vh=1200
  • https://mykavaspot.com/brucer2
  • https://mykavaspot.com/brucer2/
  • https://mykavaspot.com/wxx
  • https://mykavaspot.com/wxx/
1003 B
805 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mykavaspot.com/wxx/
Requested by
Host: p.haltowe.info
URL: http://p.haltowe.info/go/287184/587964/0.7228899390590493
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.102.231.135 Singapore, Singapore, ASN212238 (CDNEXT, GB),
Reverse DNS
unn-149-102-231-135.datapacket.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cd94a20916c7328ca23ed965014b468fe679961b0ab514b0784ca6bf11bafef5

Request headers

Referer
http://p.haltowe.info/go/287184/587964/0.7228899390590493
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 08 Mar 2024 22:24:13 GMT
ETag
W/"65eb1704-3eb"
Last-Modified
Fri, 08 Mar 2024 13:47:48 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
178
Content-Type
text/html
Date
Fri, 08 Mar 2024 22:24:12 GMT
Location
https://mykavaspot.com/wxx/
Server
nginx/1.18.0 (Ubuntu)
downloadimage.png
mykavaspot.com/img/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mykavaspot.com/img/downloadimage.png
Requested by
Host: mykavaspot.com
URL: https://mykavaspot.com/wxx/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.102.231.135 Singapore, Singapore, ASN212238 (CDNEXT, GB),
Reverse DNS
unn-149-102-231-135.datapacket.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mykavaspot.com/wxx/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date
Fri, 08 Mar 2024 22:24:15 GMT
Last-Modified
Fri, 02 Jun 2023 17:32:45 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"647a27bd-291e"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10526
Primary Request /
href.li/ 		1 KB
542 B 		Document
General
Check archive.org
Download Go to
Full URL
https://href.li/?https://cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/setup_2024.008.20534_win64_86.exe?ex=65fd87e5&is=65eb12e5&hm=b1dbfa917c8c8ea1b8db120d3971d7b0fe688e904cebc62a6fef2a53244d4fde&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.26 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bcb0b8af0108d911018e674e888ce12c1817a98cad4890dcc761d686a00d9453
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://mykavaspot.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 08 Mar 2024 22:24:18 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-ac
2.jfk _dfw MISS
setup_2024.008.20534_win64_86.exe
cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/setup_2024.008.20534_win64_86.exe?ex=65fd87e5&is=65eb12e5&hm=b1dbfa917c8c8ea1b8db120d3971d7b0fe688e904cebc62a6fef2a53244d4fde&
Requested by
Host: href.li
URL: https://href.li/?https://cdn.discordapp.com/attachments/809018060765790221/1215652799266955264/setup_2024.008.20534_win64_86.exe?ex=65fd87e5&is=65eb12e5&hm=b1dbfa917c8c8ea1b8db120d3971d7b0fe688e904cebc62a6fef2a53244d4fde&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.135.233 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes, bytes
age
29390
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=31536000
cf-cache-status
HIT
cf-ray
86163c124fe63344-EWR
content-disposition
attachment; filename="setup_2024.008.20534_win64_86.exe"
content-length
19613166
content-type
application/x-msdos-program
date
Fri, 08 Mar 2024 22:24:18 GMT
etag
"c935f54929475d06b6d11c746ac64156"
expires
Sat, 08 Mar 2025 22:24:18 GMT
last-modified
Fri, 08 Mar 2024 13:30:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kD8zuf0kJNOeBH88gz0YRsp3LaJG%2F%2Bo6ZC39Pm2wHU7czDaORan%2FX4%2FEA5ETdMmtLuE%2B2e1%2F74H81waMIPanuYQPCNdfPZeymgDUHlLV1bcQ4P0bCZnscqA%2Fb0ltXaSVinnUqg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-goog-generation
1709904613195434
x-goog-hash
crc32c=5OCslA== md5=yTX1SSlHXQa20Rx0asZBVg==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
19613166
x-guploader-uploadid
ABPtcPqpo6h9AZXJzg5aJSKlpV9M-k78yZVIbg91N4nah8s4KBA6CSqgsujIc_xX6zUDLHXHntuzYLPMYQ
x-robots-tag
noindex, nofollow, noarchive, nocache, noimageindex, noodp

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
.discordapp.com/ Name: __cf_bm
Value: CahPUCmc6eygoMyybhm5VZYsfrX7IqcEkWPVigUO1.U-1709936658-1.0.1.1-EO.JM0M.S6oOyv9z0LOIsfC.sU7TH2jwsjeivbMeA.La2cRjezqqOW5ZFomYCGo8kccrTn8es2bMgjRgwTHgcw
.discordapp.com/ Name: _cfuvid
Value: HzD0Pl6s1ZTAyMA3AV7hmwyAq7GDBfnDq54IaYUGlgM-1709936658315-0.0.1.1-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.discordapp.com
href.li
mykavaspot.com
p.haltowe.info
149.102.231.135
162.159.135.233
192.0.78.26
54.165.90.62
bcb0b8af0108d911018e674e888ce12c1817a98cad4890dcc761d686a00d9453
cd94a20916c7328ca23ed965014b468fe679961b0ab514b0784ca6bf11bafef5