finance banking

technology software

documentation technical

healthcare medical

government public service

English

_ga_D9P7HC1ET7

PHPSESSID

Domain 'bit.ly' uses the Libyan country-code top-level domain (.ly) while skipping any subdomain. Count 3 characters in 'bit' split between 1 vowel and 2 consonants. It segments into one word: bit. No strong language cues emerged from the frequency lists.

html/a9/4d/a94d1e68-efae-4abf-b749-cd34deeb5df5_nodriver.html.gz

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers

text/javascript; charset: UTF-8;charset=UTF-8

script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:178:0

script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:146:0

42a89581906e60bb3987a22398ae13eb58a46cbf3de9615662a72a3af1a3348a

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

e21e121c209400a165ef1585f49799a7db6753c9663396ede86de434ae84e1e9

da0f2adb4e7b4e1596a222848f4cf630da8db226d83a3f2c24ab80cca1718c2c

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.


## Recommendation

Upgrade to version 1.9.0 or later.

parseHTML() executes scripts in event handlers

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

XSS in the `altField` option of the Datepicker widget

XSS in the `of` option of the `.position()` util

XSS Vulnerability on text options of jQuery UI datepicker

XSS when refreshing a checkboxradio with an HTML-like initial text label 

8f5a5322d04a0c27aa2ba8fa4d2a054fd87bace6e7fa823c47d703600f171cce

a2cfa19285d9e856d242a82ecb42d0e749663165e364a3845e73fd3a284e9639

ff2a78d03552ec08db5dfb5052ff90337b5d81b65a610225a3df54d2363ab99a

7bf30f74ee0b81da7f85457392ad3f0021468041c0927544cf962e0f4de533c3

viewport

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://webui-test chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types lottie-worker-script-loader webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

EmailMe Form - Secure Payment Capture Form (AT&amp;T Order)

GoDaddy.com, LLC

EMAILMEFORM.COM

Libyan Spider Network (int)

bit.ly

Abuse

Google LLC

GOOGLE


      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-D9P7HC1ET7');
    


if (typeof jQuery == 'undefined'){
    document.write(unescape("%3Cscript src='https://www.emailmeform.com/builder/js/jquery-1.8.3.min.js' type='text/javascript'%3E%3C/script%3E"));
}



if (typeof $.ui == 'undefined'){
    document.write(unescape("%3Cscript src='https://www.emailmeform.com/builder/js/jquery-ui-1.7.2.custom.min.js' type='text/javascript'%3E%3C/script%3E"));
}


Requests	IP Address	Location	AS Autonomous System
5	142.251.14.95	United States	AS15169Google LLC
2	142.251.110.97	United States	AS15169Google LLC
2	67.199.248.11	United States	AS396982Google LLC
2	104.17.230.29	United States	AS13335Cloudflare, Inc.
11	4	-	-

Security Scan Report: bit.ly

Summary

AI Security Verdict

Confirmed Scam

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies8

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History