www.singapore-money.club Open in urlscan Pro
2400:cb00:2048:1::681b:8782 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://url12.pw/q11
Effective URL:
https://www.singapore-money.club/?aid=VXHvncpDms&sxid=8jlddclv98b6&ai=2190296&gi=901&ci=728&sub=A-PLATAMEDIA&MPC_2=69232787109978...
Submission: On August 24 via manual (August 24th 2018, 12:10:26 pm UTC) from SG

Summary HTTP 58 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 18 domains to perform 58 HTTP transactions. The main IP is 2400:cb00:2048:1::681b:8782, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.singapore-money.club.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on August 23rd 2018. Valid for: 6 months.

This is the only time www.singapore-money.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lion's Den Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	85.17.164.183 85.17.164.183	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	104.236.48.227 104.236.48.227	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1 1	159.203.160.179 159.203.160.179	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1 1	54.93.141.81 54.93.141.81	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2400:cb00:204... 2400:cb00:2048:1::681b:8782	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
39	2400:cb00:204... 2400:cb00:2048:1::6812:3454	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	2400:cb00:204... 2400:cb00:2048:1::6818:78ae	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
2	151.101.12.193 151.101.12.193	54113 (FASTLY) (FASTLY - Fastly)
1	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2400:cb00:204... 2400:cb00:2048:1::6814:3677	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2400:cb00:204... 2400:cb00:2048:1::6813:c597	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 2	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1 1	2a00:1450:400... 2a00:1450:400c:c0a::9b	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
58	13

1 85.17.164.183 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: lw1376.ua-hosting.company

url12.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.236.48.227 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: gateway-tinycc.com

snghottoday.2.vu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.203.160.179 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: tinycc.com

tinycc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.93.141.81 (Frankfurt, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-93-141-81.eu-central-1.compute.amazonaws.com

thrivebc2.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:cb00:2048:1::681b:8782 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.singapore-money.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2400:cb00:2048:1::6812:3454 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.dolly.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:cb00:2048:1::6818:78ae (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.samirpooper.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

media.giphy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.12.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6814:3677 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.pushcrew.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9b (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	dolly.media cdn.dolly.media	1 MB
4	samirpooper.club cdn.samirpooper.club	2 MB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	82 KB
2	google-analytics.com 1 redirects www.google-analytics.com	14 KB
2	imgur.com i.imgur.com	14 KB
2	singapore-money.club www.singapore-money.club	13 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	192 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	161 B
1	cloudflare.com cdnjs.cloudflare.com	76 KB
1	pushcrew.com cdn.pushcrew.com	60 KB
1	giphy.com media.giphy.com	61 KB
1	googletagmanager.com www.googletagmanager.com	25 KB
1	thrivebc2.online 1 redirects thrivebc2.online	2 KB
1	tinycc.com 1 redirects tinycc.com	716 B
1	2.vu 1 redirects snghottoday.2.vu	242 B
1	url12.pw 1 redirects url12.pw	245 B
0	freegeoip.net Failed freegeoip.net Failed
58	18

	Domain	Requested by
39	cdn.dolly.media	www.singapore-money.club
4	cdn.samirpooper.club	www.singapore-money.club
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	i.imgur.com	www.singapore-money.club
2	www.singapore-money.club	www.singapore-money.club
1	www.google.de	www.singapore-money.club
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	cdnjs.cloudflare.com	www.singapore-money.club
1	cdn.pushcrew.com	www.singapore-money.club
1	static.hotjar.com	www.singapore-money.club
1	media.giphy.com	www.singapore-money.club
1	www.googletagmanager.com	www.singapore-money.club
1	thrivebc2.online	1 redirects
1	tinycc.com	1 redirects
1	snghottoday.2.vu	1 redirects
1	url12.pw	1 redirects
0	freegeoip.net Failed	cdn.dolly.media www.singapore-money.club
58	20

This site contains links to these domains. Also see Links.

Domain
thrivebc2.online

Subject Issuer	Validity	Valid
sni90393.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-08-23` - `2019-03-01`	6 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-08-07` - `2018-10-16`	2 months	crt.sh
sni202385.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-08-09` - `2019-02-15`	6 months	crt.sh
sni116223.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-08-22` - `2019-02-28`	6 months	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-08-22` - `2018-10-06`	a month	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2017-11-15` - `2019-01-09`	a year	crt.sh
*.hotjar.com Let's Encrypt Authority X3	`2018-07-25` - `2018-10-23`	3 months	crt.sh
*.pushcrew.com Go Daddy Secure Certificate Authority - G2	`2016-06-02` - `2019-07-31`	3 years	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-04-14` - `2018-10-21`	6 months	crt.sh
www.google.de Google Internet Authority G3	`2018-08-07` - `2018-10-16`	2 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.singapore-money.club/?aid=VXHvncpDms&sxid=8jlddclv98b6&ai=2190296&gi=901&ci=728&sub=A-PLATAMEDIA&MPC_2=692327871099785&MPC_3=%7B%7B%7Bdynamic%7D%7D%7D&hop=6rFBu0TMH4&so=OCBC_BANK_SM188_2_%7B%7B%7Bad_id%7D%7D%7D&campaign_id=SM188
Frame ID: 98C792C253C3E5479772663EB7E3E911
Requests: 57 HTTP requests in this frame

Frame: https://vars.hotjar.com/rcj-da10bd4908deb9e19dfde013ec3fe4ff.html
Frame ID: 08E7C69B533A08D0D30E0364076FE7DF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://url12.pw/q11 HTTP 302
http://snghottoday.2.vu/OCBC_SM188 HTTP 301
https://tinycc.com/tiny/custom_domain_redirect/snghottoday.2.vu/OCBC_SM188 HTTP 303
http://thrivebc2.online/path/lp.php?trvid=10004&trvx=3cfcb6a0&ai=2190296&gi=901&ci=728&sub=A-PLATAME... HTTP 302
https://www.singapore-money.club/?aid=VXHvncpDms&sxid=8jlddclv98b6&ai=2190296&gi=901&ci=728&sub=A-PLATAMEDIA&... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

58
Requests

97 %
HTTPS

56 %
IPv6

18
Domains

20
Subdomains

13
IPs

4
Countries

3776 kB
Transfer

4609 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://thrivebc2.online/path/out.php?&ai=2190296&ci=728&sub=A-PLATAMEDIA&so=OCBC_BANK_SM188_2_{{{ad_id}}}&MPC_1=&MPC_2=692327871099785&MPC_3={{{dynamic}}}&MPC_4=&lg=&gi=901&hop=6rFBu0TMH4

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://url12.pw/q11 HTTP 302
http://snghottoday.2.vu/OCBC_SM188 HTTP 301
https://tinycc.com/tiny/custom_domain_redirect/snghottoday.2.vu/OCBC_SM188 HTTP 303
http://thrivebc2.online/path/lp.php?trvid=10004&trvx=3cfcb6a0&ai=2190296&gi=901&ci=728&sub=A-PLATAMEDIA&MPC_2=692327871099785&MPC_3={{{dynamic}}}&hop=6rFBu0TMH4&so=OCBC_BANK_SM188_2_{{{ad_id}}}&campaign_id=SM188 HTTP 302
https://www.singapore-money.club/?aid=VXHvncpDms&sxid=8jlddclv98b6&ai=2190296&gi=901&ci=728&sub=A-PLATAMEDIA&MPC_2=692327871099785&MPC_3=%7B%7B%7Bdynamic%7D%7D%7D&hop=6rFBu0TMH4&so=OCBC_BANK_SM188_2_%7B%7B%7Bad_id%7D%7D%7D&campaign_id=SM188 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56

https://www.google-analytics.com/r/collect?v=1&_v=j68&a=771086711&t=pageview&_s=1&dl=https%3A%2F%2Fwww.singapore-money.club%2F%3Faid%3DVXHvncpDms%26sxid%3D8jlddclv98b6%26ai%3D2190296%26gi%3D901%26ci%3D728%26sub%3DA-PLATAMEDIA%26MPC_2%3D692327871099785%26MPC_3%3D%257B%257B%257Bdynamic%257D%257D%257D%26hop%3D6rFBu0TMH4%26so%3DOCBC_BANK_SM188_2_%257B%257B%257Bad_id%257D%257D%257D%26campaign_id%3DSM188&ul=en-us&de=UTF-8&dt=BBC%20%7C%20OCBC%20CODE%20shockwaves&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1527534749&gjid=275674059&cid=562078463.1535112616&tid=UA-121092515-2&_gid=379374279.1535112616&_r=1&gtm=u86&z=1312496951 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-121092515-2&cid=562078463.1535112616&jid=1527534749&_gid=379374279.1535112616&gjid=275674059&_v=j68&z=1312496951 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121092515-2&cid=562078463.1535112616&jid=1527534749&_v=j68&z=1312496951 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121092515-2&cid=562078463.1535112616&jid=1527534749&_v=j68&z=1312496951&slf_rd=1&random=2257466315

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.singapore-money.club/
Redirect Chain

http://url12.pw/q11
http://snghottoday.2.vu/OCBC_SM188
https://tinycc.com/tiny/custom_domain_redirect/snghottoday.2.vu/OCBC_SM188
http://thrivebc2.online/path/lp.php?trvid=10004&trvx=3cfcb6a0&ai=2190296&gi=901&ci=728&sub=A-PLATAMEDIA&MPC_2=692327871099785&MPC_3={{{dynamic}}}&hop=6rFBu0TMH4&so=OCBC_BANK_SM188_2_{{{ad_id}}}&cam...
https://www.singapore-money.club/?aid=VXHvncpDms&sxid=8jlddclv98b6&ai=2190296&gi=901&ci=728&sub=A-PLATAMEDIA&MPC_2=692327871099785&MPC_3=%7B%7B%7Bdynamic%7D%7D%7D&hop=6rFBu0TMH4&so=OCBC_BANK_SM188_...

94 KB
13 KB

1789ms
1789ms

Document
text/html

2400:cb00:2048:1::681b:8782
Cloudflare

General

Domain/Path	Expires	Name / Value
.singapore-money.club/	1970-01-18 18:25:12	Name: _gat_gtag_UA_121092515_2 Value: 1
.singapore-money.club/	1970-01-18 18:26:39	Name: _gid Value: GA1.2.379374279.1535112616
.singapore-money.club/	1970-01-19 11:56:24	Name: _ga Value: GA1.2.562078463.1535112616
www.singapore-money.club/	1969-12-31 23:59:59	Name: PHPSESSID Value: vhu3eaf064du1k0gf0eispkss9
.singapore-money.club/	1970-01-19 03:10:48	Name: __cfduid Value: d720ea6c1e521e84ccad7c0b186f67f301535112613

www.singapore-money.club Open in urlscan Pro 2400:cb00:2048:1::681b:8782 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

58 Requests

97 %HTTPS

56 %IPv6

18 Domains

20 Subdomains

13 IPs

4 Countries

3776 kBTransfer

4609 kBSize

5 Cookies

1 Outgoing links

Page URL History

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.singapore-money.club Open in urlscan Pro
2400:cb00:2048:1::681b:8782 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

97 %
HTTPS

56 %
IPv6

18
Domains

20
Subdomains

13
IPs

4
Countries

3776 kB
Transfer

4609 kB
Size

5
Cookies

58 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!