f6f991-64507.portmap.io
Open in
urlscan Pro
193.161.193.99
Malicious Activity!
Public Scan
Effective URL: https://f6f991-64507.portmap.io:64507/d2931297501719299447ln/en-01/?x=
Submission: On June 25 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E5 on June 23rd 2024. Valid for: 3 months.
This is the only time f6f991-64507.portmap.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Luno (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.176.2 172.67.176.2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 52.21.33.16 52.21.33.16 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 13 | 193.161.193.99 193.161.193.99 | 198134 (GETWIFI-AS) (GETWIFI-AS) | |
1 | 2606:4700:303... 2606:4700:3037::ac43:8ef5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
3 | 52.222.206.81 52.222.206.81 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.117.186.192 34.117.186.192 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
20 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: us-ip-1.short.io
lun0-secure.org |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-81.fra56.r.cloudfront.net
d32exi8v9av3ux.cloudfront.net |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.186.117.34.bc.googleusercontent.com
ipinfo.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
portmap.io
1 redirects
f6f991-64507.portmap.io |
177 KB |
3 |
cloudfront.net
d32exi8v9av3ux.cloudfront.net |
148 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83 ajax.googleapis.com — Cisco Umbrella Rank: 469 |
31 KB |
1 |
ipinfo.io
ipinfo.io — Cisco Umbrella Rank: 6207 |
922 B |
1 |
gstatic.com
fonts.gstatic.com |
125 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1381 |
13 KB |
1 |
lun0-secure.org
1 redirects
lun0-secure.org |
81 B |
1 |
tyny.to
1 redirects
tyny.to |
616 B |
20 | 8 |
Domain | Requested by | |
---|---|---|
13 | f6f991-64507.portmap.io |
1 redirects
f6f991-64507.portmap.io
|
3 | d32exi8v9av3ux.cloudfront.net |
f6f991-64507.portmap.io
|
1 | ipinfo.io |
ajax.googleapis.com
|
1 | fonts.gstatic.com |
f6f991-64507.portmap.io
|
1 | ajax.googleapis.com |
f6f991-64507.portmap.io
|
1 | fonts.googleapis.com |
f6f991-64507.portmap.io
|
1 | use.fontawesome.com |
f6f991-64507.portmap.io
|
1 | lun0-secure.org | 1 redirects |
1 | tyny.to | 1 redirects |
20 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.luno.com |
discover.luno.com |
status.luno.com |
luno.sng.link |
Subject Issuer | Validity | Valid | |
---|---|---|---|
f6f991-64507.portmap.io E5 |
2024-06-23 - 2024-09-21 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
upload.video.google.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
ipinfo.io R3 |
2024-06-03 - 2024-09-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://f6f991-64507.portmap.io:64507/d2931297501719299447ln/en-01/?x=
Frame ID: F9D3AEB6707F42D71B87540A5C38FD19
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Sign in | LunoMaterial Design for BootstrapPage URL History Show full URLs
-
http://tyny.to/s92dfa
HTTP 307
https://tyny.to/s92dfa HTTP 302
https://lun0-secure.org/update HTTP 302
https://f6f991-64507.portmap.io:64507/?x=ln012406 HTTP 302
https://f6f991-64507.portmap.io:64507/d2931297501719299447ln/en-01/?x= Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
22 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Home
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: Sign in
Search URL Search Domain Scan URL
Title: Bitcoin price
Search URL Search Domain Scan URL
Title: Ethereum price
Search URL Search Domain Scan URL
Title: Link price
Search URL Search Domain Scan URL
Title: Uniswap price
Search URL Search Domain Scan URL
Title: Features
Search URL Search Domain Scan URL
Title: Wallet
Search URL Search Domain Scan URL
Title: Fees
Search URL Search Domain Scan URL
Title: Exchange
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: Luno API
Search URL Search Domain Scan URL
Title: Discover
Search URL Search Domain Scan URL
Title: Help Centre
Search URL Search Domain Scan URL
Title: Status
Search URL Search Domain Scan URL
Title: Company
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Press
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://tyny.to/s92dfa
HTTP 307
https://tyny.to/s92dfa HTTP 302
https://lun0-secure.org/update HTTP 302
https://f6f991-64507.portmap.io:64507/?x=ln012406 HTTP 302
https://f6f991-64507.portmap.io:64507/d2931297501719299447ln/en-01/?x= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/ Redirect Chain
|
61 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.11.2/css/ |
56 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
9 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mdb.min.css
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/css/ |
287 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.b41ac71e09153073.css
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/data/ |
155 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
singular-sdk.js
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/data/ |
160 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
track.gif
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/data/ |
23 B 257 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ill_email.png
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/data/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mdb.min.js
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/js/ |
216 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/pass/ |
2 KB 788 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
fonts.gstatic.com/s/materialicons/v133/ |
125 KB 125 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fracktif-Regular.woff
d32exi8v9av3ux.cloudfront.net/static/fonts/ |
72 KB 73 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fracktif-SemiBold.woff
d32exi8v9av3ux.cloudfront.net/static/fonts/ |
73 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-google.svg
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/data/ |
802 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-apple-white.svg
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/data/ |
691 B 931 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-facebook-white.svg
f6f991-64507.portmap.io/d2931297501719299447ln/en-01/data/ |
350 B 590 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ipinfo.io/ |
620 B 922 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon-32x32.png
d32exi8v9av3ux.cloudfront.net/static/v3/icons/favicons/ |
990 B 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Luno (Crypto Exchange)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime function| singularSdk function| SingularConfig function| LinkParams function| $ function| jQuery number| uidEvent object| mdb object| myInput object| letter object| capital object| number2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tyny.to/ | Name: PHPSESSID Value: akqphe3o3q29j2j1pv6pbrvut5 |
|
tyny.to/ | Name: s92dfa Value: 1 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
d32exi8v9av3ux.cloudfront.net
f6f991-64507.portmap.io
fonts.googleapis.com
fonts.gstatic.com
ipinfo.io
lun0-secure.org
tyny.to
use.fontawesome.com
172.67.176.2
193.161.193.99
2606:4700:3037::ac43:8ef5
2a00:1450:4001:80b::200a
2a00:1450:4001:81d::200a
2a00:1450:4001:829::2003
34.117.186.192
52.21.33.16
52.222.206.81
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0fadd58fc7c28198eb676f6afd04ca464d4c812451907ca803523a6392c0e32c
2da59bb74d8445fbcb91a383ffe55c4bf84b85d2268ae743a8587702f5b37b7b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
412b2537f5f90857519fd60ec6ad2d749f36dbde3c70172d286367f626beff83
44c3cdb0ef17065437a2d1124f14e78a892408dc0fd89b680fd01a1a3030fe7c
4fd6a73539f01d13a8a5dcec4dd85db54b4f25fdeb20d6668710fd29c5460e20
6a03922b707374c37f2edc150b9fde0370e8d7a101d81c0e40fe8d48172af3e3
6df363c440ac18e9850d153b77900422db9af69fcc3f2c93804deb7219bba498
730f7bbecc32f2828002d9e89656a120dbb7c33e8969f41ea50ce6614c75737a
7591721c56f67691f9635b748ce15cf8d4b6bce926c42b96c19613bc7822401d
8970c9eb36de10a2a77945ec495683b8ef71fbcaa663fde25d8e4b0fb2232449
af9e52b1788e243b0a07ba97a3de75df5845d00b896f1b83f38c42702a7ba690
b06ff8d12ea07d75dae5c620db1cdfa1ce603d26788039198c07076ae67fc08d
b583624afe21bdeb2a3252b801630785adda709ac8cfdda23114232c66cb74d4
d09aa5fd7f1f63fae4c8f6e532f6957a96add99e54c13ae4991ab8b4d7186550
e411bef0704211ab5dfd1c2c74f085e005df395f0b421c4c1e454c51a174063c
f8de3f57f49b005896d4c3c10979df9cff5048ddfe29ebbe36507ed1ebff60a4
fbff55fa35995b30857a3e31aaaf37d60e60809655b38702211dc74d94790efa