Security Scan Report: vly.to

Redirected to:
blob:https://pub-3261d955f2e340558a0b359b22482c70.r2.dev/ebb88579-e0f1...
Submitted: Jul 1, 2026, 8:36:37 PMCompleted: Jul 1, 2026, 8:37:47 PMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main domain is and was registered NaN years ago.

Submitted URL: https://vly.to/9nW6Nk?clckid=fdb4ff13

Effective URL: blob:https://pub-3261d955f2e340558a0b359b22482c70.r2.dev/ebb88579-e0f1-4bc1-a2f8-4e7d3613c26cRedirected

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

The site impersonates Truist banking, collects credentials via login forms, uses blob URLs and suspicious external requests – high‑risk phishing page.

Risk Factors
Brand impersonation of a major bank
Credential collection form
Blob URL usage
Cross‑origin request to suspicious domain
Unranked / low‑reputation domain
Domain age information unavailable

Details

Primary Scan Blocked — Fallback Capture Shown

The primary scanner could not load this page (possible bot protection). The screenshot and page details shown were captured by a fallback browser that loaded the page successfully.

Page Title

Truist Online Banking Login | Truist

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(55%)

Domain Information

You're looking at domain 'vly.to' on the .to country-code top-level domain without a subdomain. The second-level label 'vly' is 3 characters long split between zero vowels and three consonants. Tokenizing the label suggests 2 words: v, ly. Average segment length settles at 1.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://vly.to/9nW6Nk?clckid=fdb4ff13

Page Load Overview

0.30s
Total Load Time
2
HTTP Requests
1
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:4,916 chars
Detector Agreement:50%

Website Classification

Primary Category

finance banking55% confidence
Type: webapp
Method: ml+structural

All Detected Categories

finance banking
55%
corporate business
48%
technology software
44%
adult content
41%
documentation technical
40%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1172.67.181.30Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
1185.104.45.148Ukraine
AS200000Hosting Ukraine LTD
22--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1FBC3BF7A56E3543626A784A47B6B1B8A3EB4A4039043D4553FEC62C94FC38C0DDAB7DC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:Vrxb7J21XGythjC4/CYmMoTNEyA2IOht642AFStpmZjHLZXolxctf0nk:Vrxb7J2Xw4KYmZ5aDag4lFumxZYlmtfT

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:125926:kAA8SwPEhMoAVGAkAGOAAEgQKQARdUECNyQEoRw4oEFkVFFyiYZtNhwhajwUR1QKG8YBYRAQIiCBcJQGyAGFAayADNDKIFGA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0f0f1f1f1f3f7f7f
Perceptual Hash:881a3346dc2377dd
Difference Hash:a85191b2344d898a
Wavelet Hash:0101071f1f1f3f3f
Color Hash:#6ce09c

Other Hashes

Crop Resistant:a85191b2344d898a

Scan History

Scan history not available

Unable to load historical scan data