u.lewd.se Open in urlscan Pro
2400:cb00:2048:1::681b:a244  Malicious Activity! Public Scan

32 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request muRnMR.htm Show response u.lewd.se/	15 KB 4 KB	170ms 147ms	Document text/html	2400:cb00:2048:1::681b:a244 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://u.lewd.se/muRnMR.htm Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:a244 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash bd6f1e6aa13a3e9707d20e516fd12e602f60d343a1da098e6416aea8dc0d64ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :method GET :authority u.lewd.se :scheme https :path /muRnMR.htm pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id D501CD68AC0F93E278F3F2E92DB771C9 Response headers status 200 date Thu, 23 Aug 2018 19:24:41 GMT content-type text/html set-cookie __cfduid=def2978786cd7cf84e38e9105657d5ec21535052280; expires=Fri, 23-Aug-19 19:24:40 GMT; path=/; domain=.lewd.se; HttpOnly last-modified Thu, 23 Aug 2018 08:35:23 GMT strict-transport-security max-age=31536000; includeSubDomains expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 44eff5f36d7c9786-FRA content-encoding gzip
GET H2	404	jR5BhA.css u.lewd.se/	0 0	150ms 148ms	Stylesheet text/html	2400:cb00:2048:1::681b:a244 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://u.lewd.se/jR5BhA.css Requested by Host: u.lewd.se URL: https://u.lewd.se/muRnMR.htm Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:a244 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /jR5BhA.css pragma no-cache cookie __cfduid=def2978786cd7cf84e38e9105657d5ec21535052280 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority u.lewd.se referer https://u.lewd.se/muRnMR.htm :scheme https :method GET Referer https://u.lewd.se/muRnMR.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Thu, 23 Aug 2018 19:24:41 GMT content-encoding gzip cf-cache-status EXPIRED server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 404 cache-control public, max-age=14400 strict-transport-security max-age=31536000; includeSubDomains cf-ray 44eff5f45ec89786-FRA expires Thu, 23 Aug 2018 23:24:41 GMT
GET H/1.1	200 OK	aflrua.css a.pomf.cat/	420 KB 420 KB	1387ms 337ms	Stylesheet text/css	66.55.90.17 GigeNET
General Check archive.org Show headers Download Go to Full URL https://a.pomf.cat/aflrua.css Requested by Host: u.lewd.se URL: https://u.lewd.se/muRnMR.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.55.90.17 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS pomf.cat Software nginx/1.10.3 (Ubuntu) / Resource Hash dca23f38a70b452a2a3840cdf691ff736606ec7db4460d45deb71269b797c225 Request headers Referer https://u.lewd.se/muRnMR.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 23 Aug 2018 19:24:42 GMT Last-Modified Tue, 19 Dec 2017 10:55:06 GMT Server nginx/1.10.3 (Ubuntu) Age 0 ETag "5a38f00a-69075" X-Cache MISS Content-Type text/css Expires Thu, 23 Aug 2018 20:24:46 GMT Cache-Control max-age=3600, public Connection keep-alive Accept-Ranges bytes Content-Length 430197 X-Cache-Hits 0
GET H/1.1	404 Not Found	my-wallet-c08cb03fc2c059fc13e85ca992b351b9d584768e.js filebin.net/9bl6ie30qz7h43r7/	0 0	237ms 42ms	Script text/plain	2a02:c0:2f0:700:f816:3eff:fe73:c194 REDPILL-LINPRO Ma...
General Check archive.org Show headers Download Go to Full URL https://filebin.net/9bl6ie30qz7h43r7/my-wallet-c08cb03fc2c059fc13e85ca992b351b9d584768e.js Requested by Host: u.lewd.se URL: https://u.lewd.se/muRnMR.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a02:c0:2f0:700:f816:3eff:fe73:c194 , Norway, ASN39029 (REDPILL-LINPRO Managed Service Provider operating in the Nordics, NO), Reverse DNS Software / Resource Hash Request headers Referer https://u.lewd.se/muRnMR.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Cache-Control s-maxage=1 Content-Type text/plain; charset=utf-8
GET H/1.1	200 OK	qzvnjf.svg a.pomf.cat/	2 KB 3 KB	1104ms 169ms	Image image/svg+xml	66.55.90.17 GigeNET
General Check archive.org Show headers Download Go to Show image Full URL https://a.pomf.cat/qzvnjf.svg Requested by Host: u.lewd.se URL: https://u.lewd.se/muRnMR.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.55.90.17 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS pomf.cat Software nginx/1.10.3 (Ubuntu) / Resource Hash 79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470 Request headers Referer https://u.lewd.se/muRnMR.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 23 Aug 2018 19:24:42 GMT Last-Modified Sat, 23 Dec 2017 20:35:20 GMT Server nginx/1.10.3 (Ubuntu) Age 0 ETag "5a3ebe08-9df" X-Cache MISS Content-Type image/svg+xml Expires Fri, 24 Aug 2018 01:24:46 GMT Cache-Control max-age=21600, public Connection keep-alive Accept-Ranges bytes Content-Length 2527 X-Cache-Hits 0
GET H/1.1	200 OK	rxalvp.gif a.pomf.cat/	404 B 769 B	169ms 168ms	Image image/gif	66.55.90.17 GigeNET
General Check archive.org Show headers Download Go to Show image Full URL https://a.pomf.cat/rxalvp.gif Requested by Host: u.lewd.se URL: https://u.lewd.se/muRnMR.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.55.90.17 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS pomf.cat Software nginx/1.10.3 (Ubuntu) / Resource Hash ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305 Request headers Referer https://u.lewd.se/muRnMR.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 23 Aug 2018 19:24:42 GMT Last-Modified Sat, 23 Dec 2017 20:33:09 GMT Server nginx/1.10.3 (Ubuntu) Age 0 ETag "5a3ebd85-194" X-Cache MISS Content-Type image/gif Expires Fri, 24 Aug 2018 01:24:46 GMT Cache-Control max-age=21600, public Connection keep-alive Accept-Ranges bytes Content-Length 404 X-Cache-Hits 0
GET H/1.1	200 OK	jxuvum.svg a.pomf.cat/	1 KB 1 KB	169ms 168ms	Image image/svg+xml	66.55.90.17 GigeNET
General Check archive.org Show headers Download Go to Show image Full URL https://a.pomf.cat/jxuvum.svg Requested by Host: u.lewd.se URL: https://u.lewd.se/muRnMR.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.55.90.17 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS pomf.cat Software nginx/1.10.3 (Ubuntu) / Resource Hash 2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8 Request headers Referer https://u.lewd.se/muRnMR.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 23 Aug 2018 19:24:42 GMT Last-Modified Sat, 23 Dec 2017 20:31:46 GMT Server nginx/1.10.3 (Ubuntu) Age 0 ETag "5a3ebd32-448" X-Cache MISS Content-Type image/svg+xml Expires Fri, 24 Aug 2018 01:24:46 GMT Cache-Control max-age=21600, public Connection keep-alive Accept-Ranges bytes Content-Length 1096 X-Cache-Hits 0
GET		Montserrat-Light-3dccfdb80593b1c26f5734a7b4b2a0af8e2aef82.ttf a.pomf.cat/fonts/montserrat/	0 0
GET		GillSans-Light-0cbd72b9964d6888edde1f65666560dfd20bf0c3.ttf a.pomf.cat/fonts/gillsans/	0 0
GET		Montserrat-Regular-c63e78fe22028cdc1c85653e5289d9e9e1e44096.ttf a.pomf.cat/fonts/montserrat/	0 0
GET		Montserrat-Medium-90b9f32e29a809550bff73f08b9a34455b8dd159.ttf a.pomf.cat/fonts/montserrat/	0 0
GET H/1.1	404 Not Found	puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg a.pomf.cat/img/	0 466 B	169ms 168ms	Image text/html	66.55.90.17 GigeNET
General Check archive.org Show headers Download Go to Show image Full URL https://a.pomf.cat/img/puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.55.90.17 Arlington Heights, United States, ASN32181 (ASN-GIGENET - GigeNET, US), Reverse DNS pomf.cat Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://a.pomf.cat/aflrua.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type text/html
GET		icomoon-74a475b5b62cd1c7bff135d28dff1ef5a7cd2e9a.ttf a.pomf.cat/fonts/icomoon/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

a.pomf.cat

URL

https://a.pomf.cat/fonts/montserrat/Montserrat-Light-3dccfdb80593b1c26f5734a7b4b2a0af8e2aef82.ttf

Domain

a.pomf.cat

URL

https://a.pomf.cat/fonts/gillsans/GillSans-Light-0cbd72b9964d6888edde1f65666560dfd20bf0c3.ttf

Domain

a.pomf.cat

URL

https://a.pomf.cat/fonts/montserrat/Montserrat-Regular-c63e78fe22028cdc1c85653e5289d9e9e1e44096.ttf

Domain

a.pomf.cat

URL

https://a.pomf.cat/fonts/montserrat/Montserrat-Medium-90b9f32e29a809550bff73f08b9a34455b8dd159.ttf

Domain

a.pomf.cat

URL

https://a.pomf.cat/fonts/icomoon/icomoon-74a475b5b62cd1c7bff135d28dff1ef5a7cd2e9a.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Blockchain (Crypto Exchange)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.lewd.se/	1970-01-19 03:09:48	Name: __cfduid Value: def2978786cd7cf84e38e9105657d5ec21535052280

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pomf.cat
filebin.net
u.lewd.se
a.pomf.cat
2400:cb00:2048:1::681b:a244
2a02:c0:2f0:700:f816:3eff:fe73:c194
66.55.90.17
2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8
79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470
bd6f1e6aa13a3e9707d20e516fd12e602f60d343a1da098e6416aea8dc0d64ab
dca23f38a70b452a2a3840cdf691ff736606ec7db4460d45deb71269b797c225
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305