nl.bitcoin-now.wallfirm.link
Open in
urlscan Pro
34.106.255.70
Malicious Activity!
Public Scan
Effective URL: http://nl.bitcoin-now.wallfirm.link/NL/1232/
Submission: On June 16 via api from BE
Summary
This is the only time nl.bitcoin-now.wallfirm.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Investment Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 1 | 8.209.70.83 8.209.70.83 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
1 22 | 34.106.255.70 34.106.255.70 | 15169 (GOOGLE) (GOOGLE) | |
21 | 1 |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
5pja.skysafe.clothing |
ASN15169 (GOOGLE, US)
PTR: 70.255.106.34.bc.googleusercontent.com
nl.bitcoin-now.wallfirm.link |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
wallfirm.link
1 redirects
nl.bitcoin-now.wallfirm.link |
1 MB |
1 |
skysafe.clothing
1 redirects
5pja.skysafe.clothing |
346 B |
1 |
bit.ly
1 redirects
bit.ly |
255 B |
21 | 3 |
Domain | Requested by | |
---|---|---|
22 | nl.bitcoin-now.wallfirm.link |
1 redirects
nl.bitcoin-now.wallfirm.link
|
1 | 5pja.skysafe.clothing | 1 redirects |
1 | bit.ly | 1 redirects |
21 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://nl.bitcoin-now.wallfirm.link/NL/1232/
Frame ID: 8C1AE134DACF772545A3141809018E89
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/3pA1H8N
HTTP 301
http://5pja.skysafe.clothing/apmix HTTP 302
http://nl.bitcoin-now.wallfirm.link/NL/1232 HTTP 301
http://nl.bitcoin-now.wallfirm.link/NL/1232/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3pA1H8N
HTTP 301
http://5pja.skysafe.clothing/apmix HTTP 302
http://nl.bitcoin-now.wallfirm.link/NL/1232 HTTP 301
http://nl.bitcoin-now.wallfirm.link/NL/1232/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
nl.bitcoin-now.wallfirm.link/NL/1232/ Redirect Chain
|
126 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-ef66559740.css
nl.bitcoin-now.wallfirm.link/NL/1232/css/ |
33 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
brand-logo-dfb68a03e7.svg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1-2.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
276 KB 277 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
77 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
65 KB 65 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image3.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
102 KB 103 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
81 KB 81 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
7 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
26 KB 27 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
117 KB 117 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
73 KB 74 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
11.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
12.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
9 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
step1.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
17 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
step3.jpg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
nl.bitcoin-now.wallfirm.link/NL/1232/js/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getdetector.js
nl.bitcoin-now.wallfirm.link/NL/1232/js/ |
224 B 543 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
brand-title-8719773b15.svg
nl.bitcoin-now.wallfirm.link/NL/1232/img/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Investment Scam (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
5pja.skysafe.clothing
bit.ly
nl.bitcoin-now.wallfirm.link
34.106.255.70
67.199.248.10
8.209.70.83
06e45a46cdec5598dd0baed83e671eb824872e8b0e0a8a9b5382f0f5c2e45d86
089edc09ca1e924ecf8ed19b95472537bd424ee08e6d5ddf6ab409dad335c738
0feb25fd863d63e3d04773df3636afa4ac700980b17c05c92b7ee2739c05474a
1c909ee29a0d98bce8178a0c17a5504e33b5d1f63a22dca84f34f83a9f5693a8
37589fb05f8577887697102cb8ed962ec86d78d8135aa58bfff55e7caf20ec11
45412e6d036e03a94d24dafc2a2e2be806729dd84202beec5cb44b47ac5541a4
515d707246cb76a25ecebc554bf31fb9d1a8afb46b9a19c4c191b0e34f3b6900
54a2f7cb035b48a1df692601ba4c7443adf3f407a44ccedf036f0da4807cb5f4
5a23b97c82a7b9740d5e21d42b15f9d3ed5d5aa27e111a8d24e319333e9becaf
5bbed709ca1917d1297fe0136902d5e403dfc05326272e5d25f9009dcfa9ef08
6618ae9df86aa85bf80ea4f009cfe6f50e08f9f257b42b01d788f14caeb1e8de
7f714877c20249b549f049bcf9162b6199345b204147b7f1c04e7bb78bf4f656
9c05ea744591b3ab1cc5f614a7311b3fd60c1e7433ef0aaf106ac7717b811908
a1faa997ab702657d91c936fc5a8f0d317c35c4cabc28e8410ffa6aa70053351
a95db55fec4f2bd6cd856e64650645e8ca6f8bf87babfcd00c15a0618499ae2d
c595f3ef3e02ce10ecde7abd14e36a127f30f00d776e1fca545ed864e8854bb7
cbc37b6d8eea3b11467697ddf87878012153dbbd5e2d491cb63788686e6601a0
cd6b03b44af3d5a8a47f9fb1018e17c2546295d521fb3fc3e63f0f77fa87e77e
d587dffa2c941f0a0196e2d9b386cfb06d822260879783ddb7c24593fd22e76d
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
f7447f18cde452d48bfa53b4aae9385344cb5351faf4ab677aa5f345316dc307