xn--lgder-6za.com Open in urlscan Pro Puny
lėgder.com IDN
2606:4700:3031::681b:a973 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xz762.mjt.lu/lnk/EAAAATxWONMAAAAAAAAAABPYwlMAAAAA2d0AAAAAABJ-KwBfwCPMQ7RWw4DQQlqhG0_aDsOo1wASfdU/1/bL-hpy0ywo...
Effective URL:
https://xn--lgder-6za.com/ledger-live/download/
Submission: On November 27 via manual (November 27th 2020, 2:59:38 am UTC) from NZ

Summary HTTP 76 Redirects Links 69 Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 11 domains to perform 76 HTTP transactions. The main IP is 2606:4700:3031::681b:a973, located in United States and belongs to CLOUDFLARENET, US. The main domain is xn--lgder-6za.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 24th 2020. Valid for: a year.

This is the only time xn--lgder-6za.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ledger (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.241.186.140 35.241.186.140	15169 (GOOGLE) (GOOGLE)
2 2	145.249.104.34 145.249.104.34	202425 (INT-NETWORK) (INT-NETWORK)
1 2	80.82.67.190 80.82.67.190	202425 (INT-NETWORK) (INT-NETWORK)
1 1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
3 3	145.249.106.227 145.249.106.227	202425 (INT-NETWORK) (INT-NETWORK)
54	2606:4700:303... 2606:4700:3031::681b:a973	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	151.139.128.8 151.139.128.8	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:6c0... 2a02:26f0:6c00:285::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6812:1634	13335 (CLOUDFLAR...) (CLOUDFLARENET)
76	11

1 35.241.186.140 (Ascension Island) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 140.186.241.35.bc.googleusercontent.com

xz762.mjt.lu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.249.104.34 (Amsterdam, Netherlands) 2 redirects

ASN202425 (INT-NETWORK, SC)

numisconsult.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 80.82.67.190 (Netherlands) 1 redirects

ASN202425 (INT-NETWORK, SC)
PTR: mail.macserialjunkie.com

ledger-live.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.249.106.227 (Amsterdam, Netherlands) 3 redirects

ASN202425 (INT-NETWORK, SC)

www.theironshop.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2606:4700:3031::681b:a973 (United States)

ASN13335 (CLOUDFLARENET, US)

xn--lgder-6za.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7aaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.139.128.8 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

kit-pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00::210:ba2a (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:285::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	xn--lgder-6za.com xn--lgder-6za.com	1 MB
10	fontawesome.com kit.fontawesome.com kit-pro.fontawesome.com ka-p.fontawesome.com	198 KB
4	gstatic.com fonts.gstatic.com	37 KB
4	typekit.net use.typekit.net p.typekit.net	45 KB
4	unpkg.com 2 redirects unpkg.com	39 KB
3	theironshop.net 3 redirects www.theironshop.net	810 B
2	ledger-live.io 1 redirects ledger-live.io	654 B
2	numisconsult.com 2 redirects numisconsult.com	532 B
1	googleapis.com fonts.googleapis.com	1 KB
1	google.com 1 redirects www.google.com	385 B
1	mjt.lu 1 redirects xz762.mjt.lu	201 B
76	11

	Domain	Requested by
54	xn--lgder-6za.com	xn--lgder-6za.com
5	kit-pro.fontawesome.com	xn--lgder-6za.com kit-pro.fontawesome.com
4	ka-p.fontawesome.com	kit.fontawesome.com
4	fonts.gstatic.com	fonts.googleapis.com
4	unpkg.com	2 redirects xn--lgder-6za.com
3	use.typekit.net	xn--lgder-6za.com use.typekit.net
3	www.theironshop.net	3 redirects
2	ledger-live.io	1 redirects
2	numisconsult.com	2 redirects
1	p.typekit.net	use.typekit.net
1	fonts.googleapis.com	xn--lgder-6za.com
1	kit.fontawesome.com	xn--lgder-6za.com
1	www.google.com	1 redirects
1	xz762.mjt.lu	1 redirects
76	14

This site contains links to these domains. Also see Links.

Domain
www.ledger.com
shop.ledger.com
vaultplatform.ledger.com
support.ledger.com
github.com
itunes.apple.com
play.google.com
www.ledgerwallet.com
status.ledger.com
ledger.readthedocs.io
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
ledger-live.io Let's Encrypt Authority X3	`2020-10-24` - `2021-01-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-11-24` - `2021-11-23`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xn--lgder-6za.com/ledger-live/download/
Frame ID: 1A4024125B2B05BE5426A60A4A7C9FC0
Requests: 74 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://xz762.mjt.lu/lnk/EAAAATxWONMAAAAAAAAAABPYwlMAAAAA2d0AAAAAABJ-KwBfwCPMQ7RWw4DQQlqhG0_aDsOo... HTTP 302
https://numisconsult.com/blog/20f768db3d507d4c535711635ff97af0 HTTP 302
https://numisconsult.com/update/ HTTP 302
https://ledger-live.io/update/ Page URL
https://ledger-live.io/update/version.php HTTP 301
https://www.google.com/url?sa=t&url=http://www.theironshop.net/xwzx/djwd/gddt/678486.shtml&usg=AOvV... HTTP 302
http://www.theironshop.net/xwzx/djwd/gddt/678486.shtml HTTP 301
https://www.theironshop.net/xwzx/djwd/gddt/678486.shtml HTTP 302
https://www.theironshop.net/404.php HTTP 302
https://xn--lgder-6za.com/ledger-live/download/ Page URL