blockchain-com.su Open in urlscan Pro
92.63.197.244  Malicious Activity! Public Scan

URL: http://blockchain-com.su/
Submission Tags: @ipnigh
Submission: On March 23 via api from GB

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 92.63.197.244, located in Russian Federation and belongs to HVFOPSERVER-AS, UA. The main domain is blockchain-com.su.
This is the only time blockchain-com.su was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Blockchain (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
1 14 92.63.197.244 60307 (HVFOPSERV...)
13 1
Apex Domain
Subdomains
Transfer
14 blockchain-com.su
blockchain-com.su
13 MB
13 1
Domain Requested by
14 blockchain-com.su 1 redirects blockchain-com.su
13 1

This site contains links to these domains. Also see Links.

Domain
github.com
blockchain.com
blog.blockchain.com
support.blockchain.com
itunes.apple.com
play.google.com
Subject Issuer Validity Valid

This page contains 2 frames:

Primary Page: http://blockchain-com.su/
Frame ID: 5DD9B6FD0BFDD55067A35A347977CD20
Requests: 12 HTTP requests in this frame

Frame: http://blockchain-com.su/public/proxy.php/walletHelper/wallet-helper/matomo
Frame ID: 1B9A8A703F27A5ABC3848E615BDC2CA3
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

13284 kB
Transfer

13280 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://blockchain-com.su/proxy.php/walletHelper/wallet-helper/matomo/ HTTP 301
  • http://blockchain-com.su/public/proxy.php/walletHelper/wallet-helper/matomo

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
blockchain-com.su/
4 KB
5 KB
Document
General
Full URL
http://blockchain-com.su/
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 / PHP/7.3.15
Resource Hash
df7f1cc4564829aaca0985d948bbad5d3ef2d038be435dfe7b51cc75866ea066

Request headers

Host
blockchain-com.su
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.16.1
Date
Mon, 23 Mar 2020 18:46:36 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.3.15
Cache-Control
private, must-revalidate
pragma
no-cache
expires
-1
Set-Cookie
XSRF-TOKEN=eyJpdiI6Im9UdG5iSFVkdTVDTjdhcFVtcmhpZGc9PSIsInZhbHVlIjoidytcLytvTUtHRk5iTWViVjJ4Wm9zVFJHdjE4UTVCc1ByTUdaWTJITWljSUpvVWZ6N2RCQWc5UlFVN3hHMm43WXgiLCJtYWMiOiI0OTFiMTVkYjI4OGFkNmU1MjFlNTA5ODc5ZmVmNTMyYjk2OGY0NmQ3YzE1ZTllOGQ4NzhjZTA3ODM4Y2NmYTExIn0%3D; expires=Mon, 23-Mar-2020 20:46:36 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6InE5V0V0VENPUWpXcGZ3bkV5QW1pekE9PSIsInZhbHVlIjoiMXdOSFVLSUxVYWFJTFh1UzVIcFY4bElObncwTFpUd0VzY0FHdW9nSTU2cEFNZFlzcVRpS0tCZzBTWEszcHZ1YiIsIm1hYyI6ImFmZmZhZjhlNTY5N2Y1NzNmZDRmNmUyZTMwMjgyNWMzYWE0NmExOGVjNmZlOGRhODBhMzJjOTRkZTk2ODQxODcifQ%3D%3D; expires=Mon, 23-Mar-2020 20:46:36 GMT; Max-Age=7200; path=/; httponly
manifest.1579963466642.js
blockchain-com.su/
5 KB
5 KB
Script
General
Full URL
http://blockchain-com.su/manifest.1579963466642.js
Requested by
Host: blockchain-com.su
URL: http://blockchain-com.su/
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
ae499568e1c949b511bca7a0e3c8864431d39d14dbd48dc57f5bcb5b92a2a8ce

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:36 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"13db-5a18668a4f064"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5083
vendor.3675b08de4.js
blockchain-com.su/
11 MB
11 MB
Script
General
Full URL
http://blockchain-com.su/vendor.3675b08de4.js
Requested by
Host: blockchain-com.su
URL: http://blockchain-com.su/
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
a2583e01edd31056364b261843d80ec95b731dae33fbf54c0705433510f86bf7

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:37 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"b7a4bf-5a18668a486eb"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12035263
app.f01d2df46f.js
blockchain-com.su/
539 B
795 B
Script
General
Full URL
http://blockchain-com.su/app.f01d2df46f.js
Requested by
Host: blockchain-com.su
URL: http://blockchain-com.su/
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
4e2faa376a72ff66dccd52d9ebfc78df1e5f856c6677fb3179b8dc2084b0ce40

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:37 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"21b-5a18668a486eb"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
539
vendors~zxcvbn.896b178896.js
blockchain-com.su/
810 KB
810 KB
Script
General
Full URL
http://blockchain-com.su/vendors~zxcvbn.896b178896.js
Requested by
Host: blockchain-com.su
URL: http://blockchain-com.su/manifest.1579963466642.js
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
bdd8eeeeef787ae6a47f7a7b1bad48fae9d3c1948ecbb64b14920dd7a617d4b2

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:39 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"ca8d0-5a18668a50004"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
829648
wallet-options-v4.json
blockchain-com.su/resources/
12 KB
12 KB
Fetch
General
Full URL
http://blockchain-com.su/resources/wallet-options-v4.json
Requested by
Host: blockchain-com.su
URL: http://blockchain-com.su/vendor.3675b08de4.js
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
9db76a26a52d2c9cd6898b89a3b22467463c064b89084a33f6e3803b5204b643

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:39 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:37 GMT
Server
nginx/1.16.1
ETag
"303d-5a18668ab4196"
Content-Type
application/json
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12349
matomo
blockchain-com.su/public/proxy.php/walletHelper/wallet-helper/ Frame 1B9A
Redirect Chain
  • http://blockchain-com.su/proxy.php/walletHelper/wallet-helper/matomo/
  • http://blockchain-com.su/public/proxy.php/walletHelper/wallet-helper/matomo
0
187 B
Document
General
Full URL
http://blockchain-com.su/public/proxy.php/walletHelper/wallet-helper/matomo
Requested by
Host: blockchain-com.su
URL: http://blockchain-com.su/vendor.3675b08de4.js
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host
blockchain-com.su
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://blockchain-com.su/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://blockchain-com.su/

Response headers

Server
nginx/1.16.1
Date
Mon, 23 Mar 2020 18:46:45 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
X-Powered-By
PHP/7.3.15

Redirect headers

Server
nginx/1.16.1
Date
Mon, 23 Mar 2020 18:46:45 GMT
Content-Type
text/html; charset=iso-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
Location
http://blockchain-com.su/public/proxy.php/walletHelper/wallet-helper/matomo
blockchain-vector.svg
blockchain-com.su/img/
3 KB
3 KB
Image
General
Full URL
http://blockchain-com.su/img/blockchain-vector.svg
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
80590d042214e493b02569a4411130c05055ae7cabfce3875af5f95de728daf9

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:45 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"a19-5a18668a4aa13"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2585
apple-app-store-badge.svg
blockchain-com.su/img/
201 KB
202 KB
Image
General
Full URL
http://blockchain-com.su/img/apple-app-store-badge.svg
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
84ce7559188190b8d41473867822b5dad5a35e39b18cc34f5fb6999b97a9258a

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:45 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"32581-5a18668a4c56b"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
206209
google-play-badge.svg
blockchain-com.su/img/
9 KB
9 KB
Image
General
Full URL
http://blockchain-com.su/img/google-play-badge.svg
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
92fa4a2749c258e16f6be4e09d7e0b1c4f052d5b999ca5ff543fbd3dffcd72d3

Request headers

Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:45 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"2445-5a18668a4e4ac"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9285
Inter-Medium-a381cfb3175a21bb6d97b55f1e1e74d3.otf
blockchain-com.su/fonts/
227 KB
227 KB
Font
General
Full URL
http://blockchain-com.su/fonts/Inter-Medium-a381cfb3175a21bb6d97b55f1e1e74d3.otf
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
136f99ea23bd03d1b20e410c58c04fa9a720deccfdcf41e42af4e84eccc43b13

Request headers

Origin
http://blockchain-com.su
Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:45 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"38b60-5a18668a4021b"
Content-Type
application/vnd.oasis.opendocument.formula-template
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
232288
Inter-SemiBold-c285bc5012025a237827762c8e2ade02.otf
blockchain-com.su/fonts/
227 KB
228 KB
Font
General
Full URL
http://blockchain-com.su/fonts/Inter-SemiBold-c285bc5012025a237827762c8e2ade02.otf
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
e540fd1257265c8ae13f6ff70af1af80b469af8f42deed8491c3c0be712ba10e

Request headers

Origin
http://blockchain-com.su
Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:45 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"38d90-5a18668a3fa4b"
Content-Type
application/vnd.oasis.opendocument.formula-template
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
232848
icomoon-ddc370ed8aaee37481c3b1369aaa432a.ttf
blockchain-com.su/fonts/
28 KB
29 KB
Font
General
Full URL
http://blockchain-com.su/fonts/icomoon-ddc370ed8aaee37481c3b1369aaa432a.ttf
Protocol
HTTP/1.1
Server
92.63.197.244 , Russian Federation, ASN60307 (HVFOPSERVER-AS, UA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
95562daa4edb665da90aeefc73689e1ff863a0672d91f159a43a05b0340b64ab

Request headers

Origin
http://blockchain-com.su
Referer
http://blockchain-com.su/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Mar 2020 18:46:45 GMT
Last-Modified
Mon, 23 Mar 2020 14:25:36 GMT
Server
nginx/1.16.1
ETag
"71f8-5a18668a415a3"
Content-Type
application/font-sfnt
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29176

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Blockchain (Crypto Exchange)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| NONCE object| webpackJsonp object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| __SECRET_EMOTION__ object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ object| scCGSHMRCache object| intlTelInputUtils function| insertParam function| setNativeValue function| createTestXlmAccounts function| zxcvbn

0 Cookies

8 Console Messages

Source Level URL
Text
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
=======================================================
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
%c Wallet version 4.25.18 font-size: 18px;
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
=======================================================
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
%c STOP!! background: #F00; color: #FFF; font-size: 24px;
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
%c This browser feature is intended for developers. font-size: 18px;
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
%c If someone told you to copy-paste something here, font-size: 18px;
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
%c it is a scam and will give them access to your money! font-size: 18px;
console-api log URL: http://blockchain-com.su/vendor.3675b08de4.js(Line 326)
Message:
TypeError: Cannot read property 'contentWindow' of null