u.lewd.se
Open in
urlscan Pro
2400:cb00:2048:1::681b:a244
Malicious Activity!
Public Scan
Submission: On August 23 via automatic, source phishtank
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on August 14th 2018. Valid for: 6 months.
This is the only time u.lewd.se was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Blockchain (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2400:cb00:204... 2400:cb00:2048:1::681b:a244 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
5 | 66.55.90.17 66.55.90.17 | 32181 (ASN-GIGENET) (ASN-GIGENET - GigeNET) | |
1 | 2a02:c0:2f0:7... 2a02:c0:2f0:700:f816:3eff:fe73:c194 | 39029 (REDPILL-L...) (REDPILL-LINPRO Managed Service Provider operating in the Nordics) | |
13 | 4 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
u.lewd.se |
ASN32181 (ASN-GIGENET - GigeNET, US)
PTR: pomf.cat
a.pomf.cat |
ASN39029 (REDPILL-LINPRO Managed Service Provider operating in the Nordics, NO)
filebin.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
pomf.cat
a.pomf.cat |
426 KB |
2 |
lewd.se
u.lewd.se |
4 KB |
1 |
filebin.net
filebin.net |
|
13 | 3 |
Domain | Requested by | |
---|---|---|
5 | a.pomf.cat |
u.lewd.se
|
2 | u.lewd.se |
u.lewd.se
|
1 | filebin.net |
u.lewd.se
|
13 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
blockchain.com |
blockchain.info |
www.blockchain.com |
blog.blockchain.com |
support.blockchain.com |
github.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni159103.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-08-14 - 2019-02-20 |
6 months | crt.sh |
a.pomf.cat Let's Encrypt Authority X3 |
2018-08-03 - 2018-11-01 |
3 months | crt.sh |
filebin.net Let's Encrypt Authority X3 |
2018-08-22 - 2018-11-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://u.lewd.se/muRnMR.htm
Frame ID: D501CD68AC0F93E278F3F2E92DB771C9
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Page Statistics
32 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Data
Search URL Search Domain Scan URL
Title: About
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: Bulgarian
Search URL Search Domain Scan URL
Title: Chinese Simplified
Search URL Search Domain Scan URL
Title: Danish
Search URL Search Domain Scan URL
Title: Dutch
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: French
Search URL Search Domain Scan URL
Title: German
Search URL Search Domain Scan URL
Title: Greek
Search URL Search Domain Scan URL
Title: Hindi
Search URL Search Domain Scan URL
Title: Hungarian
Search URL Search Domain Scan URL
Title: Indonesian
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: Japanese
Search URL Search Domain Scan URL
Title: Korean
Search URL Search Domain Scan URL
Title: Norwegian
Search URL Search Domain Scan URL
Title: Polish
Search URL Search Domain Scan URL
Title: Portuguese
Search URL Search Domain Scan URL
Title: Romanian
Search URL Search Domain Scan URL
Title: Russian
Search URL Search Domain Scan URL
Title: Slovenian
Search URL Search Domain Scan URL
Title: Spanish
Search URL Search Domain Scan URL
Title: Swedish
Search URL Search Domain Scan URL
Title: Thai
Search URL Search Domain Scan URL
Title: Turkish
Search URL Search Domain Scan URL
Title: Vietnamese
Search URL Search Domain Scan URL
Title: v1.29.9 Â
Search URL Search Domain Scan URL
Title: (MyWallet v3.40.9)
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
muRnMR.htm
u.lewd.se/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jR5BhA.css
u.lewd.se/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aflrua.css
a.pomf.cat/ |
420 KB 420 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
my-wallet-c08cb03fc2c059fc13e85ca992b351b9d584768e.js
filebin.net/9bl6ie30qz7h43r7/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qzvnjf.svg
a.pomf.cat/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rxalvp.gif
a.pomf.cat/ |
404 B 769 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jxuvum.svg
a.pomf.cat/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Montserrat-Light-3dccfdb80593b1c26f5734a7b4b2a0af8e2aef82.ttf
a.pomf.cat/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
GillSans-Light-0cbd72b9964d6888edde1f65666560dfd20bf0c3.ttf
a.pomf.cat/fonts/gillsans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Montserrat-Regular-c63e78fe22028cdc1c85653e5289d9e9e1e44096.ttf
a.pomf.cat/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Montserrat-Medium-90b9f32e29a809550bff73f08b9a34455b8dd159.ttf
a.pomf.cat/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg
a.pomf.cat/img/ |
0 466 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icomoon-74a475b5b62cd1c7bff135d28dff1ef5a7cd2e9a.ttf
a.pomf.cat/fonts/icomoon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- a.pomf.cat
- URL
- https://a.pomf.cat/fonts/montserrat/Montserrat-Light-3dccfdb80593b1c26f5734a7b4b2a0af8e2aef82.ttf
- Domain
- a.pomf.cat
- URL
- https://a.pomf.cat/fonts/gillsans/GillSans-Light-0cbd72b9964d6888edde1f65666560dfd20bf0c3.ttf
- Domain
- a.pomf.cat
- URL
- https://a.pomf.cat/fonts/montserrat/Montserrat-Regular-c63e78fe22028cdc1c85653e5289d9e9e1e44096.ttf
- Domain
- a.pomf.cat
- URL
- https://a.pomf.cat/fonts/montserrat/Montserrat-Medium-90b9f32e29a809550bff73f08b9a34455b8dd159.ttf
- Domain
- a.pomf.cat
- URL
- https://a.pomf.cat/fonts/icomoon/icomoon-74a475b5b62cd1c7bff135d28dff1ef5a7cd2e9a.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Blockchain (Crypto Exchange)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.lewd.se/ | Name: __cfduid Value: def2978786cd7cf84e38e9105657d5ec21535052280 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.pomf.cat
filebin.net
u.lewd.se
a.pomf.cat
2400:cb00:2048:1::681b:a244
2a02:c0:2f0:700:f816:3eff:fe73:c194
66.55.90.17
2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8
79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470
bd6f1e6aa13a3e9707d20e516fd12e602f60d343a1da098e6416aea8dc0d64ab
dca23f38a70b452a2a3840cdf691ff736606ec7db4460d45deb71269b797c225
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305