bl0ckchain.netlify.app

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2a05:d014:275:cb02::c8, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is bl0ckchain.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on December 21st 2022. Valid for: a year.

This is the only time bl0ckchain.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Blockchain (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::ac43:9e23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a05:d014:275... 2a05:d014:275:cb02::c8	16509 (AMAZON-02) (AMAZON-02)
6	1

1 2606:4700:3037::ac43:9e23 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

blockchainbonus.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a05:d014:275:cb02::c8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

bl0ckchain.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	netlify.app bl0ckchain.netlify.app	232 KB
1	blockchainbonus.online 1 redirects blockchainbonus.online	530 B
6	2

	Domain	Requested by
6	bl0ckchain.netlify.app	bl0ckchain.netlify.app
1	blockchainbonus.online	1 redirects
6	2

This site contains links to these domains. Also see Links.

Domain
www.blockchain.com
support.blockchain.com
github.com

Subject Issuer	Validity	Valid
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-21` - `2024-01-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://bl0ckchain.netlify.app/
Frame ID: 968859EA551DF6E48E406C6B4ED0A3B0
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Blockchain.com | Recover

Page URL History Show full URLs

https://blockchainbonus.online/ HTTP 302
https://bl0ckchain.netlify.app/ Page URL

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

^https?://[^/]+\.netlify\.(?:com|app)/

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

232 kB
Transfer

362 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.blockchain.com/

Search URL Search Domain Scan URL

URL: https://support.blockchain.com/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://github.com/blockchain/blockchain-wallet-v4-frontend/releases
Title: Version 4.76.8

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blockchainbonus.online/ HTTP 302
https://bl0ckchain.netlify.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
bl0ckchain.netlify.app/
Redirect Chain

https://blockchainbonus.online/
https://bl0ckchain.netlify.app/

27 KB
4 KB

152ms
122ms

Document
text/html

2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bl0ckchain.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

c1471fc7ccf039cee3ae7d3f57e828c8f83e4a1963e2e78c067e79af29444e4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 19 May 2023 08:38:11 GMT
etag: "38c6f00148cac79e5d9231b927b7d215-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01H0SJHJFPCZWCA8ATCAWAJXWM

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7c9b05afae6d1b36-FRA
date: Fri, 19 May 2023 08:38:11 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
location: https://bl0ckchain.netlify.app/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFetVoHr2OUZbZhH8fbUPWgkH7tYpY3B5K2MaZKTXqM62EifS%2FquQ75BIHdWe0WJC1vaUs2JfptbQDsUT0kCIci3VbMwqGknXLeOU%2FKdUMlNLtVRjASOP12L%2BKueyWAblEj1Zs1XFbr9r09Vh5oXnbe65Z%2F9"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 bc-logo.svg
bl0ckchain.netlify.app/img/ 6 KB
3 KB 121ms
120ms Image
image/svg+xml 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bl0ckchain.netlify.app/img/bc-logo.svg

Requested by

Host: bl0ckchain.netlify.app
URL: https://bl0ckchain.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

a6fdd6df66992c94ee619a7d602b16fcd06ae091df353643df482b89883062fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bl0ckchain.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-nf-request-id: 01H0SJHKC5BGDEWT0ECV1E2CMZ
date: Fri, 19 May 2023 08:38:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 0
etag: "95232621813a555501c62ca3a5bcd5a5-ssl"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 2742

GET
H2 200 bg-pattern.svg
bl0ckchain.netlify.app/img/ 125 KB
22 KB 179ms
178ms Image
image/svg+xml 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bl0ckchain.netlify.app/img/bg-pattern.svg

Requested by

Host: bl0ckchain.netlify.app
URL: https://bl0ckchain.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

5cb6b6de41e6999a4033374049e31c8a2dbbb9b34f71ad259f7e98e778a65d25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bl0ckchain.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-nf-request-id: 01H0SJHKC96HFN70JG7DG7MS24
date: Fri, 19 May 2023 08:38:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 0
etag: "852561df5a3319ea10d4508314f28e2a-ssl"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 21932

GET
H2 200 Inter-Medium.woff2
bl0ckchain.netlify.app/fonts/ 90 KB
90 KB 190ms
190ms Font
font/woff2 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bl0ckchain.netlify.app/fonts/Inter-Medium.woff2

Requested by

Host: bl0ckchain.netlify.app
URL: https://bl0ckchain.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

5318bfdab8a3f02bded9e17590e698dc1fe4da0eccbd9045ea8945f9c76fb2ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://bl0ckchain.netlify.app/
Origin: https://bl0ckchain.netlify.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-nf-request-id: 01H0SJHKCAEJQ8JNQ9PVS6GAJX
date: Fri, 19 May 2023 08:38:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 0
etag: "a4aaa0729c81d4b044477f8b5c78a350-ssl"
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 92008

GET
H2 200 icomoon.ttf
bl0ckchain.netlify.app/fonts/ 24 KB
24 KB 179ms
178ms Font
font/ttf 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bl0ckchain.netlify.app/fonts/icomoon.ttf

Requested by

Host: bl0ckchain.netlify.app
URL: https://bl0ckchain.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

398f040b3b0cba2e7e66d73f68f307260d00d47aba1949b563ab287db7077c58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://bl0ckchain.netlify.app/
Origin: https://bl0ckchain.netlify.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-nf-request-id: 01H0SJHKCGTR3J0M2XK8DS635T
date: Fri, 19 May 2023 08:38:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 0
etag: "ad5b04504a90e1ea64572f3e461e2a38-ssl"
content-type: font/ttf
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 24460

GET
H2 200 Inter-SemiBold.woff2
bl0ckchain.netlify.app/fonts/ 90 KB
90 KB 195ms
194ms Font
font/woff2 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bl0ckchain.netlify.app/fonts/Inter-SemiBold.woff2

Requested by

Host: bl0ckchain.netlify.app
URL: https://bl0ckchain.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

be5795d8e44c1d48d10f10ce6f285fe950b5f36596c721bd0e12c9f088cea22a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://bl0ckchain.netlify.app/
Origin: https://bl0ckchain.netlify.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-nf-request-id: 01H0SJHKCGBB5TQSJN0QWB7T87
date: Fri, 19 May 2023 08:38:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 0
etag: "c466fbaf9d1a877bb368a7006fc29eed-ssl"
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 91996

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Blockchain (Crypto Exchange)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bl0ckchain.netlify.app
blockchainbonus.online
2606:4700:3037::ac43:9e23
2a05:d014:275:cb02::c8
398f040b3b0cba2e7e66d73f68f307260d00d47aba1949b563ab287db7077c58
5318bfdab8a3f02bded9e17590e698dc1fe4da0eccbd9045ea8945f9c76fb2ff
5cb6b6de41e6999a4033374049e31c8a2dbbb9b34f71ad259f7e98e778a65d25
a6fdd6df66992c94ee619a7d602b16fcd06ae091df353643df482b89883062fb
be5795d8e44c1d48d10f10ce6f285fe950b5f36596c721bd0e12c9f088cea22a
c1471fc7ccf039cee3ae7d3f57e828c8f83e4a1963e2e78c067e79af29444e4d

bl0ckchain.netlify.app Open in urlscan Pro 2a05:d014:275:cb02::c8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

232 kBTransfer

362 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

bl0ckchain.netlify.app Open in urlscan Pro
2a05:d014:275:cb02::c8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

232 kB
Transfer

362 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!