www.samilanders.com Open in urlscan Pro
188.114.96.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://insmayntick.com/rd/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13
Effective URL:
https://www.samilanders.com/lp/exclusivecasinobonus/fi/eur?btag=35134_375271_2860-9997441&campaign_id=[TrackingCode]
Submission Tags: @phish_report
Submission: On December 12 via api (December 12th 2023, 11:13:01 pm UTC) from FI — Scanned from FI

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 11 domains to perform 10 HTTP transactions. The main IP is 188.114.96.3, located in and belongs to . The main domain is www.samilanders.com.
TLS certificate: Issued by GTS CA 1P5 on November 22nd 2023. Valid for: 3 months.

This is the only time www.samilanders.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	103.113.68.16 103.113.68.16	44477 (STARK-IND...) (STARK-INDUSTRIES)
1 1	34.76.189.27 34.76.189.27	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.195.30.15 35.195.30.15	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.177.216.197 35.177.216.197	16509 (AMAZON-02) (AMAZON-02)
1 1	159.65.59.14 159.65.59.14	() ()
1 1	35.234.86.61 35.234.86.61	() ()
1	188.114.96.3 188.114.96.3	() ()
10	3

2 103.113.68.16 (Moscow, Russian Federation)

ASN44477 (STARK-INDUSTRIES, GB)
PTR: martazende.com

insmayntick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.76.189.27 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 27.189.76.34.bc.googleusercontent.com

directfwd-1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.195.30.15 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 15.30.195.35.bc.googleusercontent.com

myguidancetrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.177.216.197 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-216-197.eu-west-2.compute.amazonaws.com

run472.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.59.14 (None, ) 1 redirects

ASN- ()

youribex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.234.86.61 (None, ) 1 redirects

ASN- ()

go.bruceaffiliates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.96.3 (None, )

ASN- ()

www.samilanders.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	insmayntick.com insmayntick.com	1 KB
1	samilanders.com www.samilanders.com samilanders.com Failed
1	bruceaffiliates.com 1 redirects go.bruceaffiliates.com	663 B
1	youribex.com 1 redirects youribex.com	715 B
1	run472.com 1 redirects run472.com	257 B
1	myguidancetrack.com 1 redirects myguidancetrack.com	566 B
1	directfwd-1.com 1 redirects directfwd-1.com	289 B
0	cloudinary.com Failed res.cloudinary.com Failed
0	jquery.com Failed code.jquery.com Failed
0	starbasecdn.co Failed starbasecdn.co Failed
0	jsdelivr.net Failed cdn.jsdelivr.net Failed
10	11

	Domain	Requested by
2	insmayntick.com	insmayntick.com
1	www.samilanders.com	insmayntick.com
1	go.bruceaffiliates.com	1 redirects
1	youribex.com	1 redirects
1	run472.com	1 redirects
1	myguidancetrack.com	1 redirects
1	directfwd-1.com	1 redirects
0	res.cloudinary.com Failed	www.samilanders.com
0	code.jquery.com Failed	www.samilanders.com
0	samilanders.com Failed	www.samilanders.com
0	starbasecdn.co Failed	www.samilanders.com
0	cdn.jsdelivr.net Failed	www.samilanders.com
10	12

This site contains no links.

Subject Issuer	Validity	Valid
samilanders.com GTS CA 1P5	`2023-11-22` - `2024-02-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.samilanders.com/lp/exclusivecasinobonus/fi/eur?btag=35134_375271_2860-9997441&campaign_id=[TrackingCode]
Frame ID: E30F0E8F900668F03B4149E707DAD09D
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://insmayntick.com/rd/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Page URL
http://insmayntick.com/t/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Page URL
https://directfwd-1.com/?a=3513&oc=18645&c=50537&m=3&s1=13&s2=224-1352&s3=1193-2-351 HTTP 302
https://myguidancetrack.com/?a=3513&oc=18645&c=50537&m=3&s1=13&s2=224-1352&s3=1193-2-351&ckmguid=ca56838... HTTP 302
https://run472.com/?a=4965&c=4489&s1=3513&s2=342731645 HTTP 302
https://youribex.com/?a=4965&c=4489&s1=3513&s2=342731645&ckmguid=34571f32-31c0-4973-878e-b79d06b9... HTTP 302
https://go.bruceaffiliates.com/visit/?bta=35134&nci=5747&afp=2860-9997441 HTTP 302
https://www.samilanders.com/lp/exclusivecasinobonus/fi/eur?btag=35134_375271_2860-9997441&campaign_id=[T... Page URL

Page Statistics

10
Requests

10 %
HTTPS

0 %
IPv6

11
Domains

12
Subdomains

3
IPs

3
Countries

1 kB
Transfer

10 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://insmayntick.com/rd/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Page URL
http://insmayntick.com/t/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Page URL
https://directfwd-1.com/?a=3513&oc=18645&c=50537&m=3&s1=13&s2=224-1352&s3=1193-2-351 HTTP 302
https://myguidancetrack.com/?a=3513&oc=18645&c=50537&m=3&s1=13&s2=224-1352&s3=1193-2-351&ckmguid=ca568387-7b8e-4a36-b313-242bb2c4a20a HTTP 302
https://run472.com/?a=4965&c=4489&s1=3513&s2=342731645 HTTP 302
https://youribex.com/?a=4965&c=4489&s1=3513&s2=342731645&ckmguid=34571f32-31c0-4973-878e-b79d06b97af6 HTTP 302
https://go.bruceaffiliates.com/visit/?bta=35134&nci=5747&afp=2860-9997441 HTTP 302
https://www.samilanders.com/lp/exclusivecasinobonus/fi/eur?btag=35134_375271_2860-9997441&campaign_id=[TrackingCode] Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	351u13 insmayntick.com/rd/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/	235 B 487 B	543ms 529ms	Document text/html	103.113.68.16 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL http://insmayntick.com/rd/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Protocol HTTP/1.1 Server 103.113.68.16 Moscow, Russian Federation, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS martazende.com Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Length 235 Content-Type text/html; charset=utf-8 Date Tue, 12 Dec 2023 23:12:55 GMT X-Address gin_throttle_mw_7200000000_176.93.20.53 X-Ratelimit-Limit 500 X-Ratelimit-Remaining 497 X-Ratelimit-Reset 1702426354
GET H/1.1	200 OK	351u13 Show response insmayntick.com/t/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/	294 B 546 B	321ms 321ms	Document text/html	103.113.68.16 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL http://insmayntick.com/t/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Requested by Host: insmayntick.com URL: http://insmayntick.com/rd/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Protocol HTTP/1.1 Server 103.113.68.16 Moscow, Russian Federation, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS martazende.com Software / Resource Hash `e392a7bef726f805ef13db0eb7a4f09f25b52f7e86332186d324043efb7b598a` Request headers Referer http://insmayntick.com/rd/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Length 294 Content-Type text/html; charset=utf-8 Date Tue, 12 Dec 2023 23:12:55 GMT X-Address gin_throttle_mw_7200000000_176.93.20.53 X-Ratelimit-Limit 500 X-Ratelimit-Remaining 496 X-Ratelimit-Reset 1702426354
GET H2	200	Primary Request eur www.samilanders.com/lp/exclusivecasinobonus/fi/ Redirect Chain https://directfwd-1.com/?a=3513&oc=18645&c=50537&m=3&s1=13&s2=224-1352&s3=1193-2-351 https://myguidancetrack.com/?a=3513&oc=18645&c=50537&m=3&s1=13&s2=224-1352&s3=1193-2-351&ckmguid=ca568387-7b8e-4a36-b313-242bb2c4a20a https://run472.com/?a=4965&c=4489&s1=3513&s2=342731645 https://youribex.com/?a=4965&c=4489&s1=3513&s2=342731645&ckmguid=34571f32-31c0-4973-878e-b79d06b97af6 https://go.bruceaffiliates.com/visit/?bta=35134&nci=5747&afp=2860-9997441 https://www.samilanders.com/lp/exclusivecasinobonus/fi/eur?btag=35134_375271_2860-9997441&campaign_id=[TrackingCode]	9 KB 0	847ms 248ms	Document text/html	188.114.96.3
General Check archive.org Show headers Download Go to Full URL https://www.samilanders.com/lp/exclusivecasinobonus/fi/eur?btag=35134_375271_2860-9997441&campaign_id=[TrackingCode] Requested by Host: insmayntick.com URL: http://insmayntick.com/t/4ANQtb1352xPZe224wlpkgjsjpp1193ZSVNKOUOUOKEWLS2/351u13 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.96.3 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash Request headers Referer http://insmayntick.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8349a7d04c5d56b1-OSL content-encoding br content-type text/html; charset=UTF-8 date Tue, 12 Dec 2023 23:13:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ki5V52r6bovgs19RVDHs8pO5nBr8gNuTrJF1j3rAsy9GNmZVQJfB3y7IZdeYdma7LnlQqzyqd7IjLGpeAMWXVqFHxDAHFaH485W4HVQ%2BPex1dReJWayVvj3nqb7sTHlgRisR1Efk"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 3 Content-Type application/octet-stream Date Tue, 12 Dec 2023 23:13:00 GMT Server rhino-core-shield X-Cache-Status MISS access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, proxy-revalidate expires 0 location https://www.samilanders.com/lp/exclusivecasinobonus/fi/eur?btag=35134_375271_2860-9997441&campaign_id=[TrackingCode] pragma no-cache referer http://insmayntick.com/ surrogate-control no-store
GET		bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/	0 0

GET		/ starbasecdn.co/upload/	0 0

GET		lp_skin.css samilanders.com/assets/	0 0

GET		jquery-3.6.0.slim.min.js code.jquery.com/	0 0

GET		bootstrap.bundle.min.js cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/	0 0

GET		Samiland_Logo_2.svg res.cloudinary.com/dfzvmt6tq/image/upload/v1690464466/Samiland/Logos/	0 0

GET		/ starbasecdn.co/upload/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

Domain: starbasecdn.co
URL: https://starbasecdn.co/upload/?dist=rsymOUxcXZqFdxkMYh

Domain: samilanders.com
URL: https://samilanders.com/assets/lp_skin.css

Domain: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.slim.min.js

Domain: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js

Domain: res.cloudinary.com
URL: https://res.cloudinary.com/dfzvmt6tq/image/upload/v1690464466/Samiland/Logos/Samiland_Logo_2.svg

Domain: starbasecdn.co
URL: https://starbasecdn.co/upload/?dist=t0i157SAv4EDqzeDFO

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.myguidancetrack.com/	1969-12-31 23:59:59	Name: som Value: QUVBVwVpC9izrUayJU8XCjnAP24IMKe2W9hXvVChP0baTcALWE8LbQ==
			.myguidancetrack.com/	1970-01-21 02:29:42	Name: tm Value: 2aOxpgNj9gl3IFqEiR35LDnAP24IMKe2W9hXvVChP0baTcALWE8LbQ==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
directfwd-1.com
go.bruceaffiliates.com
insmayntick.com
myguidancetrack.com
res.cloudinary.com
run472.com
samilanders.com
starbasecdn.co
www.samilanders.com
youribex.com
cdn.jsdelivr.net
code.jquery.com
res.cloudinary.com
samilanders.com
starbasecdn.co
103.113.68.16
159.65.59.14
188.114.96.3
34.76.189.27
35.177.216.197
35.195.30.15
35.234.86.61
e392a7bef726f805ef13db0eb7a4f09f25b52f7e86332186d324043efb7b598a

www.samilanders.com Open in urlscan Pro 188.114.96.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

10 Requests

10 %HTTPS

0 %IPv6

11 Domains

12 Subdomains

3 IPs

3 Countries

1 kBTransfer

10 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

2 Cookies

Indicators

www.samilanders.com Open in urlscan Pro
188.114.96.3 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

10 %
HTTPS

0 %
IPv6

11
Domains

12
Subdomains

3
IPs

3
Countries

1 kB
Transfer

10 kB
Size

2
Cookies

10 HTTP transactions
0 data transactions