activate01eddcard.cloudns.ph Open in urlscan Pro
142.202.190.59  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request cali.html Show response activate01eddcard.cloudns.ph/	32 KB 32 KB	280ms 140ms	Document text/html	142.202.190.59 DYNU
General Check archive.org Show headers Download Go to Full URL http://activate01eddcard.cloudns.ph/cali.html Protocol HTTP/1.1 Server 142.202.190.59 Chandler, United States, ASN398019 (DYNU, US), Reverse DNS activate01eddcard.cloudns.ph Software Apache / Resource Hash f2fadd8268ffde150b56e87a647d46f968789c8ac8e755d6e2a454784e61ac78 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Thu, 13 Jan 2022 01:13:18 GMT Server Apache Last-Modified Mon, 03 Jan 2022 13:55:56 GMT ETag "8003-5d4ade1389366" Accept-Ranges bytes Content-Length 32771 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H2	200	css www.visaprepaidprocessing.com/bundles/foundation/	2 KB 1 KB	382ms 330ms	Stylesheet text/css	104.18.21.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.visaprepaidprocessing.com/bundles/foundation/css?v=TgYukCV0BSpb98GObtBe6i9KeBqBppGV5EzParDKRD011 Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.21.25 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9125b08d73099fe6cc8ec181f39edc63439b48442010ec2635791578f9e3b4ed Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Thu, 13 Jan 2022 01:13:19 GMT content-encoding br cf-cache-status DYNAMIC server cloudflare x-opnet-transaction-trace a2_e82e8825-3e84-4115-be36-5220b8499876-18472-1668822 x-frame-options SAMEORIGIN expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/css; charset=utf-8 cache-control no-cache cf-ray 6ccac2e51f067039-FRA expires -1
GET H2	200	css www.visaprepaidprocessing.com/bundles/	290 KB 46 KB	599ms 548ms	Stylesheet text/css	104.18.21.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.visaprepaidprocessing.com/bundles/css?v=wAZASNxRNEHvELh5VVy5mcxHM2kaP7CFlrsQ-TKMrzc11 Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.21.25 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f536ff6ac60737ced5a8e914b5b66981c6d747d98b462e745265965916004a8 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Thu, 13 Jan 2022 01:13:19 GMT content-encoding br cf-cache-status DYNAMIC server cloudflare x-opnet-transaction-trace a2_f074538e-9893-44ee-b7e2-4b3865f833ad-14648-1667002 x-frame-options SAMEORIGIN expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/css; charset=utf-8 cache-control no-cache cf-ray 6ccac2e51f087039-FRA expires -1
GET H2	200	preventEarlyClickCss www.visaprepaidprocessing.com/bundles/	45 B 146 B	572ms 521ms	Stylesheet text/css	104.18.21.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.visaprepaidprocessing.com/bundles/preventEarlyClickCss?v=AjE3qz4xe4LPPh9UwnSuF7YqcFXF2UG5PMA-GpfTe5c11 Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.21.25 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 42a0994f945e96989c7b09cd6d4c08fced929ce73f63396a83b3f071720c3c49 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Thu, 13 Jan 2022 01:13:19 GMT cf-cache-status DYNAMIC server cloudflare x-opnet-transaction-trace a2_e7fb5e00-0208-4c32-8438-2574f1db733c-21208-1665683 x-frame-options SAMEORIGIN expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/css; charset=utf-8 cache-control no-cache cf-ray 6ccac2e51f0a7039-FRA content-length 45 expires -1
GET H2	200	site.css www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Styles/	65 KB 12 KB	89ms 38ms	Stylesheet text/css	104.18.21.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Styles/site.css Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.21.25 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9ac51812f3c5052b6c14281e132a55b2c5603b4170e8440cca32ebbff26fe866 Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 01:13:18 GMT content-encoding br cf-cache-status HIT last-modified Mon, 11 May 2020 16:57:38 GMT server cloudflare age 7172 etag W/"456f1a47b527d61:0" x-opnet-transaction-trace a2_0f0417f1-c64f-480b-a3da-e28e70d17db8-20860-108694 vary Accept-Encoding expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/css cache-control public, max-age=14400 cf-ray 6ccac2e51f0b7039-FRA expires Thu, 13 Jan 2022 05:13:18 GMT
GET H2	200	logo.png www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Images/	8 KB 8 KB	86ms 35ms	Image image/png	104.18.21.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.visaprepaidprocessing.com/content/PRC384/CP384-T03-019/_Images/logo.png Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.21.25 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad62eb85667532488d032273c196c7ea1c10e0897223c4b66cd38b8c5e5215a4 Security Headers Name Value Strict-Transport-Security max-age=3153600; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 01:13:18 GMT vary Accept-Encoding cf-cache-status HIT age 2235 x-opnet-transaction-trace a2_436ac9e6-31ce-403d-b0cd-6d6c3e8ca151-22284-305335 content-length 7719 last-modified Tue, 15 Oct 2019 14:27:22 GMT server cloudflare etag "d8d87ca86483d51:0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=3153600; includeSubDomains content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 6ccac2e51f0d7039-FRA expires Thu, 13 Jan 2022 05:13:18 GMT
GET H2	200	load.gif ppllabs.com/wp-content/uploads/2018/10/	97 KB 97 KB	328ms 97ms	Image image/gif	158.69.226.152 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://ppllabs.com/wp-content/uploads/2018/10/load.gif Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 158.69.226.152 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS pod-300-1.jumbowp.com Software nginx / Resource Hash 7a044d149bbcff78f26f8d32076a5a93781917e47c0f606c1db441d460f25c39 Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 01:13:19 GMT last-modified Fri, 26 Oct 2018 09:13:05 GMT server nginx etag "5bd2daa1-18207" content-type image/gif cache-control max-age=31536000, public accept-ranges bytes content-length 98823 expires Fri, 13 Jan 2023 01:13:19 GMT
GET H2	200	print www.visaprepaidprocessing.com/bundles/css/	2 KB 655 B	632ms 582ms	Stylesheet text/css	104.18.21.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.visaprepaidprocessing.com/bundles/css/print?v=JPgM1hk5e3sLqXHZFVWtkkRA7MMTcH6t30yiIk5dBDo11 Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.21.25 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5e2aabe93299c82250d8d6952e7eec0d120c95b45ddc24175f187dd530543205 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Thu, 13 Jan 2022 01:13:19 GMT content-encoding br cf-cache-status DYNAMIC server cloudflare x-opnet-transaction-trace a2_e7fb5e00-0208-4c32-8438-2574f1db733c-21208-1665684 x-frame-options SAMEORIGIN expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/css; charset=utf-8 cache-control no-cache cf-ray 6ccac2e51f0f7039-FRA expires -1
GET H2	200	480px-Loader.gif upload.wikimedia.org/wikipedia/commons/thumb/2/29/Loader.gif/	26 KB 27 KB	60ms 27ms	Image image/gif	2620:0:862:ed1a::2:b WIKIMEDIA
General Check archive.org Show headers Download Go to Show image Full URL https://upload.wikimedia.org/wikipedia/commons/thumb/2/29/Loader.gif/480px-Loader.gif Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US), Reverse DNS Software ATS/8.0.8 / Resource Hash 7e9bee738620a282a5dc1b424fba2e8e6f70ed2ce2ad8f31e6a55f616a904f0c Security Headers Name Value Strict-Transport-Security max-age=106384710; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 00:03:38 GMT nel { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0} age 4180 x-cache-status hit-front x-cache cp3063 hit, cp3063 hit/1 server-timing cache;desc="hit-front", host;desc="cp3063" content-length 26467 x-client-ip 2a03:1b20:6:f011::3e last-modified Tue, 20 Oct 2020 06:01:54 GMT server ATS/8.0.8 etag 493d21f514fc5ea32f5b6457a0cf2b5c strict-transport-security max-age=106384710; includeSubDomains; preload report-to { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] } content-type image/gif access-control-allow-origin * x-timestamp 1603173713.96048 permissions-policy interest-cohort=() accept-ranges bytes timing-allow-origin * access-control-expose-headers Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
GET H2	200	EmailLogo.png www.visaprepaidprocessing.com/content/PRC384/_images/	4 KB 4 KB	66ms 65ms	Image image/png	104.18.21.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.visaprepaidprocessing.com/content/PRC384/_images/EmailLogo.png Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.21.25 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash db86fe978fad3c304c1c8b6ab1f65f409c16137076caec52fdfba3a18fbeebdb Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 01:13:19 GMT cf-cache-status HIT last-modified Thu, 27 Aug 2020 16:15:23 GMT server cloudflare age 4820 etag "805f2c448d7cd61:0" x-opnet-transaction-trace a2_fc82de47-5d66-4077-982b-731df45ecccd-9312-221602 vary Accept-Encoding expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 6ccac2e58fca7039-FRA content-length 3908 expires Thu, 13 Jan 2022 05:13:19 GMT
GET H2	200	smtp.js Show response smtpjs.com/v3/	871 B 1 KB	50ms 15ms	Script application/javascript	109.169.71.112 IOMART-AS
General Check archive.org Show headers Download Go to Full URL https://smtpjs.com/v3/smtp.js Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 109.169.71.112 Catterick, United Kingdom, ASN20860 (IOMART-AS, GB), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776 Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 01:13:18 GMT last-modified Tue, 10 Nov 2020 17:17:51 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "162f436b85b7d61:0" content-type application/javascript access-control-allow-origin * accept-ranges bytes content-length 871
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.2.1/	85 KB 30 KB	126ms 40ms	Script text/javascript	2a00:1450:4001:82b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js Requested by Host: activate01eddcard.cloudns.ph URL: http://activate01eddcard.cloudns.ph/cali.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://activate01eddcard.cloudns.ph/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 11 Jan 2022 11:31:58 GMT content-encoding gzip x-content-type-options nosniff age 135681 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30306 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Wed, 11 Jan 2023 11:31:58 GMT
GET		OpenSans-Regular-webfont.woff www.visaprepaidprocessing.com/Content/_Fonts/	0 0
GET		Connections.woff www.visaprepaidprocessing.com/content/PRC384/_Fonts/	0 0
GET		OpenSans-Bold-webfont.woff www.visaprepaidprocessing.com/Content/_Fonts/	0 0
GET H/1.1	200 OK	/ Show response api.ipify.org/	24 B 268 B	309ms 102ms	XHR application/json	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash 42eee6398f7ac0110ce6359051983a58c06603ef42fb4b1660b9777df755f03c Request headers Accept application/json, text/javascript, */*; q=0.01 Referer http://activate01eddcard.cloudns.ph/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 13 Jan 2022 01:13:19 GMT Via 1.1 vegur Server Cowboy Vary Origin Content-Type application/json Access-Control-Allow-Origin http://activate01eddcard.cloudns.ph Connection keep-alive Content-Length 24
GET		OpenSans-Regular-webfont.ttf www.visaprepaidprocessing.com/Content/_Fonts/	0 0
GET		OpenSans-Bold-webfont.ttf www.visaprepaidprocessing.com/Content/_Fonts/	0 0
GET		Connections.ttf www.visaprepaidprocessing.com/content/PRC384/_Fonts/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.visaprepaidprocessing.com

URL

https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.woff

Domain

www.visaprepaidprocessing.com

URL

https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.woff

Domain

www.visaprepaidprocessing.com

URL

https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.woff

Domain

www.visaprepaidprocessing.com

URL

https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.ttf

Domain

www.visaprepaidprocessing.com

URL

https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.ttf

Domain

www.visaprepaidprocessing.com

URL

https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onsecuritypolicyviolation object| onslotchange object| Email function| sendEmail function| sendEmail2 function| sendEmail3 function| sendEmail4 function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.visaprepaidprocessing.com/	1970-01-20 00:08:39	Name: __cflb Value: 0H28uxchcBYFcUJ7agzKikmQw5nqRP48MEFbUQVtUdz
			.visaprepaidprocessing.com/	1969-12-31 23:59:59	Name: __cfruid Value: b10caf5c4518a73521ff2d7cd84564d3c72280c8-1642036399

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://activate01eddcard.cloudns.ph/cali.html Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.woff' from origin 'http://activate01eddcard.cloudns.ph' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://activate01eddcard.cloudns.ph/cali.html Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.woff' from origin 'http://activate01eddcard.cloudns.ph' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://activate01eddcard.cloudns.ph/cali.html Message: Access to font at 'https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.woff' from origin 'http://activate01eddcard.cloudns.ph' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://activate01eddcard.cloudns.ph/cali.html Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.ttf' from origin 'http://activate01eddcard.cloudns.ph' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Regular-webfont.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://activate01eddcard.cloudns.ph/cali.html Message: Access to font at 'https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.ttf' from origin 'http://activate01eddcard.cloudns.ph' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/Content/_Fonts/OpenSans-Bold-webfont.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://activate01eddcard.cloudns.ph/cali.html Message: Access to font at 'https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.ttf' from origin 'http://activate01eddcard.cloudns.ph' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.visaprepaidprocessing.com/content/PRC384/_Fonts/Connections.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

activate01eddcard.cloudns.ph
ajax.googleapis.com
api.ipify.org
ppllabs.com
smtpjs.com
upload.wikimedia.org
www.visaprepaidprocessing.com
www.visaprepaidprocessing.com
104.18.21.25
109.169.71.112
142.202.190.59
158.69.226.152
2620:0:862:ed1a::2:b
2a00:1450:4001:82b::200a
3.220.57.224
1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776
42a0994f945e96989c7b09cd6d4c08fced929ce73f63396a83b3f071720c3c49
42eee6398f7ac0110ce6359051983a58c06603ef42fb4b1660b9777df755f03c
5e2aabe93299c82250d8d6952e7eec0d120c95b45ddc24175f187dd530543205
5f536ff6ac60737ced5a8e914b5b66981c6d747d98b462e745265965916004a8
7a044d149bbcff78f26f8d32076a5a93781917e47c0f606c1db441d460f25c39
7e9bee738620a282a5dc1b424fba2e8e6f70ed2ce2ad8f31e6a55f616a904f0c
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9125b08d73099fe6cc8ec181f39edc63439b48442010ec2635791578f9e3b4ed
9ac51812f3c5052b6c14281e132a55b2c5603b4170e8440cca32ebbff26fe866
ad62eb85667532488d032273c196c7ea1c10e0897223c4b66cd38b8c5e5215a4
db86fe978fad3c304c1c8b6ab1f65f409c16137076caec52fdfba3a18fbeebdb
f2fadd8268ffde150b56e87a647d46f968789c8ac8e755d6e2a454784e61ac78