sieesoft.com
Open in
urlscan Pro
212.129.50.172
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On October 20 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 1st 2020. Valid for: 3 months.
This is the only time sieesoft.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Luno (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 212.129.50.172 212.129.50.172 | 12876 (Online SAS) (Online SAS) | |
7 | 52.222.177.31 52.222.177.31 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-177-31.ham50.r.cloudfront.net
d32exi8v9av3ux.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
cloudfront.net
d32exi8v9av3ux.cloudfront.net |
14 KB |
1 |
sieesoft.com
sieesoft.com |
44 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
7 | d32exi8v9av3ux.cloudfront.net |
sieesoft.com
|
1 | sieesoft.com | |
8 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.luno.com |
d32exi8v9av3ux.cloudfront.net |
play.google.com |
itunes.apple.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sieesoft.com Let's Encrypt Authority X3 |
2020-09-01 - 2020-11-30 |
3 months | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sieesoft.com/tgg/luno2/
Frame ID: BD931834F8FB45AFE66F52B7FF7418F3
Requests: 8 HTTP requests in this frame
24 Outgoing links
These are links going to different origins than the main page.
Title: BTC/ZAR 180,296
Search URL Search Domain Scan URL
Title: GET STARTED
Search URL Search Domain Scan URL
Title: Ethereum price
Search URL Search Domain Scan URL
Title: Bitcoin Cash price
Search URL Search Domain Scan URL
Title: XRP price
Search URL Search Domain Scan URL
Title: Litecoin price
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: Help Centre
Search URL Search Domain Scan URL
Title: Learning Portal
Search URL Search Domain Scan URL
Title: Fees & features
Search URL Search Domain Scan URL
Title: Luno Bitcoin Wallet
Search URL Search Domain Scan URL
Title: Luno Ethereum Wallet
Search URL Search Domain Scan URL
Title: Luno Bitcoin Cash Wallet
Search URL Search Domain Scan URL
Title: Luno XRP Wallet
Search URL Search Domain Scan URL
Title: Luno Litecoin Wallet
Search URL Search Domain Scan URL
Title: Luno Exchange
Search URL Search Domain Scan URL
Title: Luno Business
Search URL Search Domain Scan URL
Title: Luno API
Search URL Search Domain Scan URL
Title: Company
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Press
Search URL Search Domain Scan URL
Title: Press Kit
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
sieesoft.com/tgg/luno2/ |
44 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
luno-logo.svg
d32exi8v9av3ux.cloudfront.net/web/2020/09/11/c051d363e4/website/common/svg/ |
1 KB 894 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
store-google-alt.svg
d32exi8v9av3ux.cloudfront.net/web/2020/09/11/c051d363e4/website/common/svg/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
store-apple-alt.svg
d32exi8v9av3ux.cloudfront.net/web/2020/09/11/c051d363e4/website/common/svg/ |
9 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ill_email.svg
d32exi8v9av3ux.cloudfront.net/static/svgs/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-google.svg
d32exi8v9av3ux.cloudfront.net/web/2020/09/11/c051d363e4/website-app/assets/svg/ |
802 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-apple-white.svg
d32exi8v9av3ux.cloudfront.net/web/2020/09/11/c051d363e4/website-app/assets/svg/ |
691 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-facebook-white.svg
d32exi8v9av3ux.cloudfront.net/web/2020/09/11/c051d363e4/website-app/assets/svg/ |
350 B 700 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Luno (Crypto Exchange)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d32exi8v9av3ux.cloudfront.net
sieesoft.com
212.129.50.172
52.222.177.31
0fc68d2dd1c1b7bf64b999c8217d125338291fdc1b77189f4a2bb79966e6dc53
2da59bb74d8445fbcb91a383ffe55c4bf84b85d2268ae743a8587702f5b37b7b
44c3cdb0ef17065437a2d1124f14e78a892408dc0fd89b680fd01a1a3030fe7c
4fd6a73539f01d13a8a5dcec4dd85db54b4f25fdeb20d6668710fd29c5460e20
61ac813e5ec7b76575d7a4d772da251f69e4ac410a50bdc14d4730eae16487e4
7bc143faaee4af8f42517737aafe8883f38e878d6e71ad25840beef00b8ce5c3
b4c335fcdd039c26e30fb835164fb8e0044b3bfb39fc03005bf93817da271ac5
c0c5f71d2a1db9434f76a34120051a3e31f1a51524cc6bd0b48d31deb60f2d5e