ScanMalware.com

Security Scan Report: snip.ly

Redirected to: https://pub-f21054c2b9c04405bf054840a3a1240e.r2.dev/index.html?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply

Site favicon
Submitted: Oct 30, 2025, 10:31:14 PMCompleted: Oct 30, 2025, 10:32:40 PMpubliccompleted
Loading additional data...

Summary

This website contacted 85 IPs in 4 countries across 24 domains to perform 73 HTTP transactions. The main domain is pub-f21054c2b9c04405bf054840a3a1240e.r2.dev.

Submitted URL: https://snip.ly/pymtTCG

Effective URL: https://pub-f21054c2b9c04405bf054840a3a1240e.r2.dev/index.html?utm_source=sniply&utm_campaign=sniply&utm_medium=sniplyRedirected

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page impersonating The Courier Guy, collecting payment on a cloud storage domain.

Risk Factors
Brand impersonation on an unusual, unranked domain
Payment fields on a cloud storage host
Urgent payment demand to force quick action
Domain likely newly registered and unranked
Domain age information unavailable

Details

Page Title

The Courier Guy

Scan Type

public

Language

🇺🇸

English

(50% confidence)

Category

finance banking

(56%)

Domain Information

Domain 'snip.ly' uses the Libyan country-code top-level domain (.ly) with no subdomain. The second-level label 'snip' is 4 characters long split between 1 vowel and 3 consonants. Tokenizing the label suggests one word: snip. Median word length is 4 characters. The linguistic tilt is Afrikaans for 'snip'. It also appears in Sinhala and English contexts. Overall, 'snip.ly' reads as Afrikaans with single-word simplicity.

Screenshot

Security scan screenshot of https://snip.ly/pymtTCG

Page Load Overview

37.27s
Total Load Time
73
HTTP Requests
24
Domains
1.9 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:50%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:50%
Script Type:Latin
HTML Lang Attribute:en
Text Length:644 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking56% confidence
Type: spa
Method: ml+structural

All Detected Categories

finance banking
56%
government public service
29%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7399.84.152.118United States
AS16509AMAZON-02
034.143.75.2United States
AS396982GOOGLE-CLOUD-PLATFORM
0142.250.186.67United States
AS15169GOOGLE
0142.250.185.227United States
AS15169GOOGLE
034.143.73.2United States
AS396982GOOGLE-CLOUD-PLATFORM
0157.240.0.6Frankfurt am Main, Hesse, Germany
AS32934FACEBOOK
020.250.198.32Zurich, Zurich, Switzerland
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
0172.66.0.227United States
AS13335CLOUDFLARENET
0216.239.32.36United States
AS15169GOOGLE
023.36.162.25Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
7385--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1EC04D79362A029FA1B338137538E99C8B14C4CD5B913E9E6F5DE98490BC96FD0D13B27

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:kubdHuUmSmemSm8mSmRmSmNXmSm4mSmkmSmewspOO7BWuSpE/TdJlf5fef9fgf+h:Rbh7BWCY0wB1swCPXOn

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:175923:2AQGexAQQACF2kQK8oliAACgMAKKZgCGg7goGsmiEFceFBAHiGgJYAaACcOCBiUyYTGIsCWgAbCJLPYgIAAACJWJlKUDR4CA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:07bbb9c989f3e7ff
Perceptual Hash:bc09863419e7cf3c
Difference Hash:da77639b33274c12
Wavelet Hash:02b381c888f9e3ff
Color Hash:#ae87c5

Other Hashes

Crop Resistant:da77639b33274c12

Scan History

Scan history not available

Unable to load historical scan data