leflam.com
Open in
urlscan Pro
148.243.204.25
Malicious Activity!
Public Scan
Effective URL: https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/login.php?cmd=login_submit&id=a5eb506faedf63f82ce9a5a2fbec...
Submission: On October 22 via automatic, source phishtank
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 17th 2018. Valid for: 3 months.
This is the only time leflam.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NatWest (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 196.247.27.218 196.247.27.218 | 41204 (HOSTCOOL) (HOSTCOOL) | |
3 13 | 148.243.204.25 148.243.204.25 | 6503 (Axtel) (Axtel) | |
1 2 | 192.186.220.3 192.186.220.3 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
12 | 3 |
ASN41204 (HOSTCOOL, NL)
PTR: undefined.hostname.localhost
www.billiganikesverige.se |
ASN6503 (Axtel, S.A.B. de C.V., MX)
PTR: na-148-243-204-25.static.avantel.net.mx
leflam.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net
csscheckbox.com | |
www.csscheckbox.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
leflam.com
3 redirects
leflam.com |
73 KB |
2 |
csscheckbox.com
1 redirects
csscheckbox.com www.csscheckbox.com |
1 KB |
1 |
billiganikesverige.se
www.billiganikesverige.se |
531 B |
12 | 3 |
Domain | Requested by | |
---|---|---|
13 | leflam.com |
3 redirects
www.billiganikesverige.se
leflam.com |
1 | www.csscheckbox.com |
leflam.com
|
1 | csscheckbox.com | 1 redirects |
1 | www.billiganikesverige.se | |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
billiganikesverige.se cPanel, Inc. Certification Authority |
2018-08-08 - 2018-11-06 |
3 months | crt.sh |
leflam.com Let's Encrypt Authority X3 |
2018-09-17 - 2018-12-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/login.php?cmd=login_submit&id=a5eb506faedf63f82ce9a5a2fbec0738a5eb506faedf63f82ce9a5a2fbec0738&session=a5eb506faedf63f82ce9a5a2fbec0738a5eb506faedf63f82ce9a5a2fbec0738
Frame ID: 2D55A934357D9CA37BDF986DA04BC19E
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.billiganikesverige.se/errors/default/protected/ref/ Page URL
-
https://leflam.com/parkings/Natwest-line/
HTTP 302
https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce HTTP 301
https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/ HTTP 302
https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/login.php?cmd=login_submit&id=a5eb506f... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.billiganikesverige.se/errors/default/protected/ref/ Page URL
-
https://leflam.com/parkings/Natwest-line/
HTTP 302
https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce HTTP 301
https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/ HTTP 302
https://leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/login.php?cmd=login_submit&id=a5eb506faedf63f82ce9a5a2fbec0738a5eb506faedf63f82ce9a5a2fbec0738&session=a5eb506faedf63f82ce9a5a2fbec0738a5eb506faedf63f82ce9a5a2fbec0738 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- http://csscheckbox.com/checkboxes/u/csscheckbox_4bfc3caa894d4f15ed692104b5bd533f.png HTTP 301
- http://www.csscheckbox.com/checkboxes/u/csscheckbox_4bfc3caa894d4f15ed692104b5bd533f.png
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
www.billiganikesverige.se/errors/default/protected/ref/ |
129 B 531 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/ Redirect Chain
|
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s1.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s2.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s3.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s4.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s5.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s6.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s8.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
592 B 834 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s7.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
541 B 782 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cxt.png
leflam.com/parkings/Natwest-line/6795a5d1a9b6bce/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_4bfc3caa894d4f15ed692104b5bd533f.png
www.csscheckbox.com/checkboxes/u/ Redirect Chain
|
697 B 965 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NatWest (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| unhideBody1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
leflam.com/ | Name: PHPSESSID Value: 7ahkm42lv7hoaq3oodo1j5h6j6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
csscheckbox.com
leflam.com
www.billiganikesverige.se
www.csscheckbox.com
148.243.204.25
192.186.220.3
196.247.27.218
0bbba538ce85ae9158d4915f7f0b6a8b82dc216b2ab99f2ce135aed06072b5be
157e1638f3d9221c7338b129619c547cb574953a4fb10509ed8cb4fa9c884dfa
42906ca15e2befa5580b5a61bf96d769b23cc500ffb666b30611e30df052251b
6a82d132433e404e4e9dbed28e87d14ab5dbf7c7ca498cfa291901ace51d0588
99dbf2da17678af855af7c1be81a9e627fe660fe624b5bc982b84b9744767e42
c9939086f25022d0a94728687600493e155322ffaaad77bf8aab7111906f4995
ce9d8eaf26d9a6502108c0c2451bb7b563c8815c097d3e5a616ff7beacf67960
d306c233775e370a409dc70495bc145b3b28eeb76a07ddcd1e17d5aa3373235e
d7f2d992b6fe8f4c9d6070cbe945dd5f8846b462059e504a6513bb6c23808118
e56b8c195e6f6d768b3bb434ab4190e760e17b56299ff6df690e06eb37cf76ef
e7c1170b598e14644843cc82a3bd149c971f229ac5c52cb7415a686d4fbca6e5