httpslink.com Open in urlscan Pro
50.16.187.37 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://httpslink.com/zh70
Submission: On September 14 via manual (September 14th 2021, 8:52:45 pm UTC) from IN — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 50.16.187.37, located in Ashburn, United States and belongs to . The main domain is httpslink.com.
TLS certificate: Issued by Amazon on May 30th 2021. Valid for: a year.

This is the only time httpslink.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	50.16.187.37 50.16.187.37	() ()
2	13.224.227.110 13.224.227.110	() ()
5	162.241.114.120 162.241.114.120	() ()
9	3

2 50.16.187.37 (Ashburn, United States)

ASN- ()

httpslink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.227.110 (United States)

ASN- ()

d19nyn3hrzs6lg.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 162.241.114.120 (United States)

ASN- ()

therealpetite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	therealpetite.com therealpetite.com	165 KB
2	cloudfront.net d19nyn3hrzs6lg.cloudfront.net	16 KB
2	httpslink.com httpslink.com	3 KB
9	3

	Domain	Requested by
5	therealpetite.com	httpslink.com therealpetite.com
2	d19nyn3hrzs6lg.cloudfront.net	httpslink.com
2	httpslink.com	httpslink.com
9	3

This site contains no links.

Subject Issuer	Validity	Valid
9nl.com Amazon	`2021-05-30` - `2022-06-28`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
therealpetite.com cPanel, Inc. Certification Authority	`2021-09-13` - `2021-12-12`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://httpslink.com/zh70
Frame ID: 636158EE217142CA8A1381358F8E08E5
Requests: 4 HTTP requests in this frame

Frame: https://therealpetite.com/2010/wap.php?wap=4UY432
Frame ID: 5B41AFADB3E09FED724FD4820F5EE861
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

20/10 Engineering Group

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

184 kB
Transfer

182 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request zh70 Show response httpslink.com/	1 KB 2 KB	440ms 102ms	Document text/html	50.16.187.37
General Check archive.org Show headers Download Go to Full URL https://httpslink.com/zh70 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 50.16.187.37 Ashburn, United States, ASN (), Reverse DNS Software / Resource Hash `f5af6b18801897a1a1382b6183340db14fc04dc6077a2f6d5a587d896eadda1b` Request headers Host httpslink.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Content-Type text/html; charset=utf-8 Date Tue, 14 Sep 2021 20:52:30 GMT Engine clickmeter.redirect, version 2.0 X-Rate-Limit-Limit 20s X-Rate-Limit-Remaining 299 X-Rate-Limit-Reset 2021-09-14T20:52:51.5477170Z Content-Length 1405 Connection keep-alive
GET H/1.1	200 OK	nprogress.css d19nyn3hrzs6lg.cloudfront.net/redirect-cm/v1/content/styles/	1 KB 2 KB	99ms 21ms	Stylesheet text/css	13.224.227.110
General Check archive.org Show headers Download Go to Full URL https://d19nyn3hrzs6lg.cloudfront.net/redirect-cm/v1/content/styles/nprogress.css Requested by Host: httpslink.com URL: https://httpslink.com/zh70 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.224.227.110 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash `3abb974f9f5abf3d4dd05851811cc2b6c88605ae6cd1cb4662751159f2611c80` Request headers Accept-Language de-DE,de;q=0.9 Referer https://httpslink.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Tue, 14 Sep 2021 19:28:10 GMT Via 1.1 9c46a92c66fe21525310bd5d2f471e46.cloudfront.net (CloudFront) Last-Modified Tue, 09 Aug 2016 14:27:00 GMT Server AmazonS3 Age 5062 ETag "b860fa714a808e442b01396841a89622" X-Cache Hit from cloudfront Content-Type text/css Connection keep-alive X-Amz-Cf-Pop LHR61-C2 Accept-Ranges bytes Content-Length 1531 X-Amz-Cf-Id Nzp_C8dQYWWXBvSOSMFt_auPEbhivD3XTqZIAvWaF_z1EcamM4BWHA==
GET H/1.1	200 OK	nprogress.js Show response d19nyn3hrzs6lg.cloudfront.net/redirect-cm/v1/content/scripts/	14 KB 14 KB	98ms 20ms	Script application/x-javascript	13.224.227.110
General Check archive.org Show headers Download Go to Full URL https://d19nyn3hrzs6lg.cloudfront.net/redirect-cm/v1/content/scripts/nprogress.js Requested by Host: httpslink.com URL: https://httpslink.com/zh70 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.224.227.110 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash `72c2a50f7a1bd6d3c3c79dae35dfebe49a993a10eeab04202e29654c92f66bdc` Request headers Accept-Language de-DE,de;q=0.9 Referer https://httpslink.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Tue, 14 Sep 2021 16:25:03 GMT Via 1.1 d9301398db70d749f8b2ddc8f79c19e3.cloudfront.net (CloudFront) Last-Modified Tue, 09 Aug 2016 14:26:59 GMT Server AmazonS3 Age 16049 ETag "becc90ab00d3bb994ff072c30c4735c0" X-Cache Hit from cloudfront Content-Type application/x-javascript Connection keep-alive X-Amz-Cf-Pop LHR61-C2 Accept-Ranges bytes Content-Length 14234 X-Amz-Cf-Id HdIQ8bjLAAOPiOAjFqzXn5LSjqjX3DoW99108lIX3tI2YjJ7eLpNog==
GET H/1.1	200 OK	nprogress.css httpslink.com/lib/nprogress/	1 KB 2 KB	101ms 101ms	Stylesheet text/css	50.16.187.37
General Check archive.org Show headers Download Go to Full URL https://httpslink.com/lib/nprogress/nprogress.css Requested by Host: httpslink.com URL: https://httpslink.com/zh70 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 50.16.187.37 Ashburn, United States, ASN (), Reverse DNS Software / Resource Hash `4a39ac43a1612a5a1e3ff1cafaebefa77f314ec9bbd2d51f719a278f419c894a` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host httpslink.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Sec-Fetch-Mode no-cors Accept text/css,/;q=0.1 Cache-Control no-cache Sec-Fetch-Dest style Referer https://httpslink.com/zh70 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://httpslink.com/zh70 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Tue, 14 Sep 2021 20:52:31 GMT X-Rate-Limit-Limit 20s Last-Modified Mon, 15 Aug 2016 20:42:58 GMT X-Rate-Limit-Remaining 299 ETag "1d1f7359b3930fc" Content-Type text/css X-Rate-Limit-Reset 2021-09-14T20:52:51.7701690Z Connection keep-alive Accept-Ranges bytes Content-Length 1532
GET H/1.1	200 OK	wap.php Show response therealpetite.com/2010/ Frame 5B41	7 KB 7 KB	399ms 126ms	Document text/html	162.241.114.120
General Check archive.org Show headers Download Go to Full URL https://therealpetite.com/2010/wap.php?wap=4UY432 Requested by Host: httpslink.com URL: https://httpslink.com/zh70 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.114.120 , United States, ASN (), Reverse DNS Software Apache / Resource Hash `d8e48eaada21c33e836d7eb56db23155a6b0155bdd1ddd93b5071ca558490f66` Request headers Host therealpetite.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://httpslink.com/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://httpslink.com/ Response headers Date Tue, 14 Sep 2021 20:52:30 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	micro.svg therealpetite.com/2010/ Frame 5B41	4 KB 4 KB	127ms 126ms	Image image/svg+xml	162.241.114.120
General Check archive.org Show headers Download Go to Show image Full URL https://therealpetite.com/2010/micro.svg Requested by Host: therealpetite.com URL: https://therealpetite.com/2010/wap.php?wap=4UY432 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.114.120 , United States, ASN (), Reverse DNS Software Apache / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://therealpetite.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Tue, 14 Sep 2021 20:52:31 GMT Last-Modified Tue, 24 Nov 2020 03:48:08 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3651
GET H/1.1	200 OK	jquery-2.2.3.min.js Show response therealpetite.com/2010/vendor/jquery/ Frame 5B41	84 KB 84 KB	255ms 128ms	Script application/javascript	162.241.114.120
General Check archive.org Show headers Download Go to Full URL https://therealpetite.com/2010/vendor/jquery/jquery-2.2.3.min.js Requested by Host: therealpetite.com URL: https://therealpetite.com/2010/wap.php?wap=4UY432 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.114.120 , United States, ASN (), Reverse DNS Software Apache / Resource Hash `6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://therealpetite.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Tue, 14 Sep 2021 20:52:31 GMT Last-Modified Fri, 14 Feb 2020 17:44:18 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 85659
GET H/1.1	200 OK	data.js Show response therealpetite.com/2010/js/ Frame 5B41	3 KB 3 KB	376ms 120ms	Script application/javascript	162.241.114.120
General Check archive.org Show headers Download Go to Full URL https://therealpetite.com/2010/js/data.js Requested by Host: therealpetite.com URL: https://therealpetite.com/2010/wap.php?wap=4UY432 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.114.120 , United States, ASN (), Reverse DNS Software Apache / Resource Hash `b7212057a282925d14104090497bdbc69b78b51fb8cf30cd3a38602b87aa8019` Request headers Accept-Language de-DE,de;q=0.9 Referer https://therealpetite.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Tue, 14 Sep 2021 20:52:31 GMT Last-Modified Wed, 02 Dec 2020 15:55:18 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2645
GET H/1.1	200 OK	background.png therealpetite.com/2010/ Frame 5B41	67 KB 67 KB	380ms 124ms	Image image/png	162.241.114.120
General Check archive.org Show headers Download Go to Show image Full URL https://therealpetite.com/2010/background.png Requested by Host: therealpetite.com URL: https://therealpetite.com/2010/wap.php?wap=4UY432 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.114.120 , United States, ASN (), Reverse DNS Software Apache / Resource Hash `173b35d5874338d8668d56d843f3553d6850f0867852158e64e33c60f4b5e1b5` Request headers Accept-Language de-DE,de;q=0.9 Referer https://therealpetite.com/2010/wap.php?wap=4UY432 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Tue, 14 Sep 2021 20:52:31 GMT Last-Modified Mon, 20 Jul 2020 06:56:52 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 68526

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster object| NProgress

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d19nyn3hrzs6lg.cloudfront.net
httpslink.com
therealpetite.com
13.224.227.110
162.241.114.120
50.16.187.37
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
173b35d5874338d8668d56d843f3553d6850f0867852158e64e33c60f4b5e1b5
3abb974f9f5abf3d4dd05851811cc2b6c88605ae6cd1cb4662751159f2611c80
4a39ac43a1612a5a1e3ff1cafaebefa77f314ec9bbd2d51f719a278f419c894a
6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
72c2a50f7a1bd6d3c3c79dae35dfebe49a993a10eeab04202e29654c92f66bdc
b7212057a282925d14104090497bdbc69b78b51fb8cf30cd3a38602b87aa8019
d8e48eaada21c33e836d7eb56db23155a6b0155bdd1ddd93b5071ca558490f66
f5af6b18801897a1a1382b6183340db14fc04dc6077a2f6d5a587d896eadda1b

httpslink.com Open in urlscan Pro 50.16.187.37 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

184 kBTransfer

182 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

httpslink.com Open in urlscan Pro
50.16.187.37 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

184 kB
Transfer

182 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!