instant-finance-deals.com Open in urlscan Pro
185.142.239.82 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://storage.googleapis.com/aeszizbxmkmcetanbgecuubqmvxgjyyfoogfhfynmrjlxcjrydpgcwd/redirect1.html#wfkeue5bs16.html?od=1syd6...
Effective URL:
https://instant-finance-deals.com/thebitcoinex/?intgrtn_clickID=vaQ2RbpjOxJGmgZYk3MArNMnn0Yrw5yV4EWDqnd069LPle7zB&intgrtn_custom1=...
Submission: On February 04 via api (February 4th 2022, 4:53:46 pm UTC) from BE — Scanned from DE

Summary HTTP 52 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 5 countries across 8 domains to perform 52 HTTP transactions. The main IP is 185.142.239.82, located in Amsterdam, Netherlands and belongs to COGENT-174, US. The main domain is instant-finance-deals.com.
TLS certificate: Issued by R3 on December 7th 2021. Valid for: 3 months.

This is the only time instant-finance-deals.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Investment Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:809::2010	15169 (GOOGLE) (GOOGLE)
1 1	67.214.164.103 67.214.164.103	12260 (CUSTOMDOTNET) (CUSTOMDOTNET)
1	185.80.130.53 185.80.130.53	61053 (VPSNET-AS) (VPSNET-AS)
1 1	204.12.240.58 204.12.240.58	32097 (WII) (WII)
1 1	185.142.239.85 185.142.239.85	174 (COGENT-174) (COGENT-174)
45	185.142.239.82 185.142.239.82	174 (COGENT-174) (COGENT-174)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	104.16.116.135 104.16.116.135	13335 (CLOUDFLAR...) (CLOUDFLARENET)
52	7

1 2a00:1450:4001:809::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.214.164.103 (United States) 1 redirects

ASN12260 (CUSTOMDOTNET, US)

jasantanja.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.80.130.53 (Lithuania)

ASN61053 (VPSNET-AS, LT)

wricksmix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.12.240.58 (United States) 1 redirects

ASN32097 (WII, US)

track.ads.trackingimpact.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.142.239.85 (Amsterdam, Netherlands) 1 redirects

ASN174 (COGENT-174, US)
PTR: black.host-85.239.142.185.in-addr.arpa

mztrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 185.142.239.82 (Amsterdam, Netherlands)

ASN174 (COGENT-174, US)
PTR: black.host-82.239.142.185.in-addr.arpa

instant-finance-deals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.116.135 (None, )

ASN13335 (CLOUDFLARENET, US)

poloniex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	instant-finance-deals.com instant-finance-deals.com	1 MB
2	poloniex.com poloniex.com — Cisco Umbrella Rank: 62745	57 KB
2	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 425 fonts.googleapis.com — Cisco Umbrella Rank: 47	2 KB
1	gstatic.com fonts.gstatic.com	44 KB
1	mztrck.com 1 redirects mztrck.com	784 B
1	trackingimpact.com 1 redirects track.ads.trackingimpact.com — Cisco Umbrella Rank: 270173	542 B
1	wricksmix.com wricksmix.com — Cisco Umbrella Rank: 544453	520 B
1	jasantanja.com 1 redirects jasantanja.com	462 B
52	8

	Domain	Requested by
45	instant-finance-deals.com	wricksmix.com instant-finance-deals.com
2	poloniex.com	instant-finance-deals.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	instant-finance-deals.com
1	mztrck.com	1 redirects
1	track.ads.trackingimpact.com	1 redirects
1	wricksmix.com	storage.googleapis.com
1	jasantanja.com	1 redirects
1	storage.googleapis.com
52	9

This site contains no links.

Subject Issuer	Validity	Valid
*.storage.googleapis.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
wricksmix.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-12` - `2022-07-12`	a year	crt.sh
instant-finance-deals.com R3	`2021-12-07` - `2022-03-07`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://instant-finance-deals.com/thebitcoinex/?intgrtn_clickID=vaQ2RbpjOxJGmgZYk3MArNMnn0Yrw5yV4EWDqnd069LPle7zB&intgrtn_custom1=1643993619Dj1V6DV19p7vp3j&intgrtn_custom2=728&country=DE&intgrtn_redirectReturningLead=auto
Frame ID: 8492446D8DA5417D30D422DAA3CD7396
Requests: 60 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BitcoinX

Page URL History Show full URLs

https://storage.googleapis.com/aeszizbxmkmcetanbgecuubqmvxgjyyfoogfhfynmrjlxcjrydpgcwd/redirect1.html Page URL
http://jasantanja.com/wfkeue5bs16.html?od=1syd61fbeb05bcc7f_vl_intervl_11p4.6e5xlzu.U0000rh5dyo1fp... HTTP 302
https://wricksmix.com/17640666fbf1a9b4800/kabor_11p61fbeb05bd168/yd11p%7CM21unJj=%7Ch5dyo%7C298g3j... Page URL
https://track.ads.trackingimpact.com/affiliate_c.php?offer_id=4639&aff_id=728&aff_sub=690372&aff_sub2=1238943741&... HTTP 302
https://mztrck.com/click.php?project_id=fa85a2c01b&affiliate_id=Nzn&custom1=1643993619Dj1V6DV19... HTTP 302
https://instant-finance-deals.com/thebitcoinex/?intgrtn_clickID=vaQ2RbpjOxJGmgZYk3MArNMnn0Yrw5yV4EWDqnd069LPle... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

52
Requests

98 %
HTTPS

33 %
IPv6

8
Domains

9
Subdomains

7
IPs

5
Countries

1247 kB
Transfer

8938 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://storage.googleapis.com/aeszizbxmkmcetanbgecuubqmvxgjyyfoogfhfynmrjlxcjrydpgcwd/redirect1.html Page URL
http://jasantanja.com/wfkeue5bs16.html?od=1syd61fbeb05bcc7f_vl_intervl_11p4.6e5xlzu.U0000rh5dyo1fp1028_x11357.h5dyoMjk4ZzNqLTI5MDBpdnA0s5tng HTTP 302
https://wricksmix.com/17640666fbf1a9b4800/kabor_11p61fbeb05bd168/yd11p%7CM21unJj=%7Ch5dyo%7C298g3j%7C2900ivp%7C66997%7C0000rh5dyo%7CU%7CoTI2pzSxo3V=%7CPC%7C1a17btn/p3yxAwSzLzIvZQIvL2Z3My92oS9coaEypaMfKmRkpQD= Page URL
https://track.ads.trackingimpact.com/affiliate_c.php?offer_id=4639&aff_id=728&aff_sub=690372&aff_sub2=1238943741&aff_sub3=kabor_11p61fbeb05bd168 HTTP 302
https://mztrck.com/click.php?project_id=fa85a2c01b&affiliate_id=Nzn&custom1=1643993619Dj1V6DV19p7vp3j&custom2=728 HTTP 302
https://instant-finance-deals.com/thebitcoinex/?intgrtn_clickID=vaQ2RbpjOxJGmgZYk3MArNMnn0Yrw5yV4EWDqnd069LPle7zB&intgrtn_custom1=1643993619Dj1V6DV19p7vp3j&intgrtn_custom2=728&country=DE&intgrtn_redirectReturningLead=auto Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://jasantanja.com/wfkeue5bs16.html?od=1syd61fbeb05bcc7f_vl_intervl_11p4.6e5xlzu.U0000rh5dyo1fp1028_x11357.h5dyoMjk4ZzNqLTI5MDBpdnA0s5tng HTTP 302
https://wricksmix.com/17640666fbf1a9b4800/kabor_11p61fbeb05bd168/yd11p%7CM21unJj=%7Ch5dyo%7C298g3j%7C2900ivp%7C66997%7C0000rh5dyo%7CU%7CoTI2pzSxo3V=%7CPC%7C1a17btn/p3yxAwSzLzIvZQIvL2Z3My92oS9coaEypaMfKmRkpQD=

52 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 redirect1.html
storage.googleapis.com/aeszizbxmkmcetanbgecuubqmvxgjyyfoogfhfynmrjlxcjrydpgcwd/ 179 B
755 B 89ms
40ms Document
text/html 2a00:1450:4001:809::2010
GOOGLE

General

Domain/Path	Expires	Name / Value
instant-finance-deals.com/thebitcoinex/	1970-01-20 09:25:29	Name: intgrtn_clickID Value: vaQ2RbpjOxJGmgZYk3MArNMnn0Yrw5yV4EWDqnd069LPle7zB
instant-finance-deals.com/thebitcoinex/	1970-01-20 09:25:29	Name: intgrtn_custom1 Value: 1643993619Dj1V6DV19p7vp3j
instant-finance-deals.com/thebitcoinex/	1970-01-20 09:25:29	Name: intgrtn_custom2 Value: 728
instant-finance-deals.com/thebitcoinex/	1970-01-20 09:25:29	Name: intgrtn_redirectReturningLead Value: auto
instant-finance-deals.com/thebitcoinex/	1970-01-20 09:25:29	Name: intgrtn_locale Value: en-US
wricksmix.com/	1970-01-20 01:23:05	Name: uid28029 Value: 1238943741-20220204115338-e352a6c2a0413a8ca5271bd452e18d5b-
track.ads.trackingimpact.com/	1970-01-20 00:39:53	Name: COOK_CHK Value: user_generated_
track.ads.trackingimpact.com/	1970-01-20 01:23:05	Name: offers_make_c_4639 Value: 1643993619Dj1V6DV19p7vp3j
mztrck.com/	1970-01-20 00:49:58	Name: clickID Value: vaQ2RbpjOxJGmgZYk3MArNMnn0Yrw5yV4EWDqnd069LPle7zB
mztrck.com/	1970-01-20 00:49:58	Name: leadID Value: vaQ2RbpjOxJGmgZYk3MArNMnn0Yrw5yV4EWDqnd069LPle7zB

instant-finance-deals.com Open in urlscan Pro 185.142.239.82 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

98 %HTTPS

33 %IPv6

8 Domains

9 Subdomains

7 IPs

5 Countries

1247 kBTransfer

8938 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

instant-finance-deals.com Open in urlscan Pro
185.142.239.82 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

98 %
HTTPS

33 %
IPv6

8
Domains

9
Subdomains

7
IPs

5
Countries

1247 kB
Transfer

8938 kB
Size

10
Cookies

52 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!