lbiockchain.com Open in urlscan Pro
185.222.203.25 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.swimed.xyz/xDhSvhRP
Effective URL:
https://lbiockchain.com/
Submission: On August 07 via api (August 7th 2019, 3:00:56 am UTC) from CA

Summary HTTP 20 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 185.222.203.25, located in Ukraine and belongs to UVL2-ASN, UA. The main domain is lbiockchain.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 24th 2019. Valid for: 3 months.

This is the only time lbiockchain.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Blockchain (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.241.29.106 162.241.29.106	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
10	185.222.203.25 185.222.203.25	204725 (UVL2-ASN) (UVL2-ASN)
10	104.27.191.157 104.27.191.157	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
20	2

1 162.241.29.106 (Provo, United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-241-29-106.unifiedlayer.com

www.swimed.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.222.203.25 (Ukraine)

ASN204725 (UVL2-ASN, UA)

lbiockchain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.27.191.157 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

blockchain.cdn-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cdn-scripts.com blockchain.cdn-scripts.com	1 MB
10	lbiockchain.com lbiockchain.com	48 KB
1	swimed.xyz 1 redirects www.swimed.xyz	780 B
20	3

	Domain	Requested by
10	blockchain.cdn-scripts.com	lbiockchain.com blockchain.cdn-scripts.com
10	lbiockchain.com	lbiockchain.com blockchain.cdn-scripts.com
1	www.swimed.xyz	1 redirects
20	3

This site contains links to these domains. Also see Links.

Domain
github.com

Subject Issuer	Validity	Valid
lbiockchain.com Let's Encrypt Authority X3	`2019-07-24` - `2019-10-22`	3 months	crt.sh
sni219398.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-05` - `2020-02-11`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://lbiockchain.com/
Frame ID: 9B19EC9FB6DE2E26B649E1FEC86303C6
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.swimed.xyz/xDhSvhRP HTTP 302
https://lbiockchain.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

1451 kB
Transfer

4425 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/blockchain/My-Wallet-V3-Frontend/releases
Title:

Search URL Search Domain Scan URL

URL: https://github.com/blockchain/My-Wallet-V3/releases
Title: (MyWallet v4.16.4)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.swimed.xyz/xDhSvhRP HTTP 302
https://lbiockchain.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
lbiockchain.com/
Redirect Chain

http://www.swimed.xyz/xDhSvhRP
https://lbiockchain.com/

3 KB
1 KB

1572ms
493ms

Document
text/html

185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://lbiockchain.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: bd782de8bbb3f1c63570b4673494be8a1dbf813328e0da63ceb39e07de26198e

Request headers

Host: lbiockchain.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx
Date: Wed, 07 Aug 2019 03:00:24 GMT
Content-Type: text/html
Last-Modified: Thu, 11 Jul 2019 18:58:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5d2786df-b67"
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Wed, 07 Aug 2019 03:00:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 07 Aug 2019 03:00:12 GMT
Location: https://lbiockchain.com
Pragma: no-cache
Set-Cookie: _subid=r57dt4nl4b0d8nrr3pe0;Expires=Saturday, 07-Sep-2019 03:00:12 GMT;Max-Age=2678400;Path=/ 98761=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNTY1MTQ2ODEyfSxcImNhbXBhaWduc1wiOntcIjhcIjoxNTY1MTQ2ODEyfSxcInRpbWVcIjoxNTY1MTQ2ODEyfSJ9.HgoyNceZMprzVVONVJoC-clpTx_gvxS5kjW8TI-6X8o;Expires=Saturday, 07-Sep-2019 03:00:12 GMT;Max-Age=2678400;Path=/
X-Content-Type-Options: nosniff

GET
H2 200 landing.js Show response
blockchain.cdn-scripts.com/js/ 587 KB
160 KB 15533ms
48ms Script
application/javascript 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/js/landing.js

Requested by

Host: lbiockchain.com
URL: https://lbiockchain.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0dfcda73643918ac6068556c32c31c60bf61ef09d6619403ea063cc9836d029

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3330
cf-polished: origSize=601937
status: 200
vary: Accept-Encoding
last-modified: Tue, 02 Jul 2019 09:32:06 GMT
server: cloudflare
etag: W/"5d1b2496-29b2f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
expires: Sat, 07 Sep 2019 03:00:40 GMT
cache-control: public, max-age=2678400
cf-ray: 5026006bd9a4d8e1-AMS
cf-bgj: minify

GET
H2 200 wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css
blockchain.cdn-scripts.com/css/ 341 KB
53 KB 15532ms
47ms Stylesheet
text/css 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/css/wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css

Requested by

Host: lbiockchain.com
URL: https://lbiockchain.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9b2e83b0d6d3ed61fd30a0db715cc802d0bc7579c500a8b87ca64cb06f1fc9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3330
cf-polished: origSize=430291
status: 200
vary: Accept-Encoding
last-modified: Wed, 05 Jun 2019 06:38:46 GMT
server: cloudflare
etag: W/"5cf76376-1063b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
expires: Sat, 07 Sep 2019 03:00:40 GMT
cache-control: public, max-age=2678400
cf-ray: 5026006bd9a3d8e1-AMS
cf-bgj: minify

GET
H/1.1 200
OK wallet-894030f2ac4dfab32a7a59a36d7c6d4375dmodal.css
lbiockchain.com/css/ 886 B
780 B 182ms
180ms Stylesheet
text/css 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://lbiockchain.com/css/wallet-894030f2ac4dfab32a7a59a36d7c6d4375dmodal.css
Requested by: Host: lbiockchain.com
URL: https://lbiockchain.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: 7bbf16b0fb574e73f01ad16a907da86c4109cd17ef3bcbf7cea20588cd617b42

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 07 Aug 2019 03:00:25 GMT
Content-Encoding: gzip
Last-Modified: Sat, 28 Apr 2018 00:53:04 GMT
Server: nginx
ETag: "5ae3c5f0-20d"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Content-Length: 525

GET
H/1.1 200
OK spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
lbiockchain.com/wallet/img/ 404 B
635 B 375ms
193ms Image
image/gif 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbiockchain.com/wallet/img/spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
Requested by: Host: lbiockchain.com
URL: https://lbiockchain.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 07 Aug 2019 03:00:25 GMT
Last-Modified: Thu, 23 Nov 2017 20:42:42 GMT
Server: nginx
ETag: "5a1732c2-194"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 404

GET
H2 200 Montserrat-Light-c9a052247c6d35610d7f1ad4dcd4e0e046ab5b35.ttf
blockchain.cdn-scripts.com/fonts/montserrat/ 138 KB
139 KB 68ms
22ms Font
application/octet-stream 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/fonts/montserrat/Montserrat-Light-c9a052247c6d35610d7f1ad4dcd4e0e046ab5b35.ttf

Requested by

Host: lbiockchain.com
URL: https://lbiockchain.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

614215fb55fe398cd82ea2ae0568b325ad8c10fdc5abe9829874825da47a70b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://blockchain.cdn-scripts.com/css/wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css
Origin: https://lbiockchain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3823
status: 200
vary: Accept-Encoding
last-modified: Sat, 28 Apr 2018 00:55:00 GMT
server: cloudflare
etag: W/"5ae3c664-d626"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 5026006cae62d8c5-AMS
expires: Sat, 07 Sep 2019 03:00:41 GMT

GET
H/1.1 200
OK en-d95c068e0449c36f87e6e0d2cba7805dee9de74c.json Show response
lbiockchain.com/locales/ 124 KB
36 KB 1636ms
297ms XHR
application/json 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://lbiockchain.com/locales/en-d95c068e0449c36f87e6e0d2cba7805dee9de74c.json
Requested by: Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: 18ca3c795d764018f0436a5f7f6793c9142755b3fc6dd818bb00315f06d53fed

Request headers

Accept: application/json, text/plain, */*
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Wed, 07 Aug 2019 03:00:42 GMT
Content-Encoding: gzip
Last-Modified: Sat, 06 Jan 2018 02:37:04 GMT
Server: nginx
ETag: W/"5a503650-1ee01"
Vary: Accept-Encoding
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK landing-c749c6b15afa5f99f961bbfd0cabaa74c7783a75.html Show response
lbiockchain.com/ 4 KB
2 KB 2080ms
244ms XHR
text/html 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://lbiockchain.com/landing-c749c6b15afa5f99f961bbfd0cabaa74c7783a75.html
Requested by: Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: 8b23791eb263f5d597ffc632da45856c10fd6137151c8c8f6179ebb09b662171

Request headers

Accept: text/html
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Wed, 07 Aug 2019 03:00:43 GMT
Content-Encoding: gzip
Last-Modified: Sun, 23 Jun 2019 17:22:36 GMT
Server: nginx
ETag: W/"5d0fb55c-10d2"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 my-wallet-24250e07ef53ba73fc1844c76c5ac405de2a7b5d.min.js Show response
blockchain.cdn-scripts.com/js/ 1 MB
335 KB 25ms
24ms Script
application/javascript 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/js/my-wallet-24250e07ef53ba73fc1844c76c5ac405de2a7b5d.min.js

Requested by

Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

503903b5f96973d3b57358ccb9331879f838535ea5d81fd23b6cc25f512f5b95

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3330
status: 200
vary: Accept-Encoding
last-modified: Tue, 02 Jul 2019 09:32:06 GMT
server: cloudflare
etag: W/"5d1b2496-5d359"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 5026006dcc01d8e1-AMS
expires: Sat, 07 Sep 2019 03:00:41 GMT

GET
H2 200 wallet-87206b5a5607f010957ba1497f7cdc0e3a08e330.min.js Show response
blockchain.cdn-scripts.com/js/ 1 MB
319 KB 29ms
28ms Script
application/javascript 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/js/wallet-87206b5a5607f010957ba1497f7cdc0e3a08e330.min.js

Requested by

Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4867fa3a517796b5b71acc7ad93fcd8a1055fb80ae6c87a1dcebdc06f3ccd691

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3330
status: 200
vary: Accept-Encoding
last-modified: Tue, 02 Jul 2019 09:32:06 GMT
server: cloudflare
etag: W/"5d1b2496-56bd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 5026006dcc03d8e1-AMS
expires: Sat, 07 Sep 2019 03:00:41 GMT

GET
H/1.1 200
OK spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
lbiockchain.com/wallet/img/ 404 B
635 B 2312ms
195ms Image
image/gif 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbiockchain.com/wallet/img/spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
Requested by: Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 07 Aug 2019 03:00:43 GMT
Last-Modified: Thu, 23 Nov 2017 20:42:42 GMT
Server: nginx
ETag: "5a1732c2-194"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 404

GET
H/1.1 200
OK wallet-options.json Show response
lbiockchain.com/Resources/ 8 KB
2 KB 1984ms
530ms XHR
application/json 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://lbiockchain.com/Resources/wallet-options.json
Requested by: Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx / Express
Resource Hash: da6a3d55c12db24686384ae584f790fcf2299fbb1f80d33b9ba13b2507f54dab

Request headers

Accept: application/json, text/plain, */*
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Wed, 07 Aug 2019 03:00:43 GMT
Content-Encoding: gzip
ETag: W/"1f59-GNEs7jpmTZX28rrX0uIxqko9MzU"
Server: nginx
X-Powered-By: Express
Vary: Accept-Encoding, Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *, *
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg
blockchain.cdn-scripts.com/img/ 2 KB
585 B 19ms
18ms Image
image/svg+xml 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blockchain.cdn-scripts.com/img/puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg

Requested by

Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/wallet-87206b5a5607f010957ba1497f7cdc0e3a08e330.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6baf8288b770f9020b1e7faa6f2e1eeaab60a0246ae161f898f8a495b54dc2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blockchain.cdn-scripts.com/css/wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3329
status: 200
strict-transport-security: max-age=0; includeSubDomains; preload
last-modified: Thu, 23 Nov 2017 20:42:28 GMT
server: cloudflare
etag: W/"5a1732b4-610"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 50260070bf7dd8e1-AMS
expires: Sat, 07 Sep 2019 03:00:41 GMT

GET
H2 200 icomoon-bbeea83c082ef376f422e18cfc5a51d4dbc4c0f7.ttf
blockchain.cdn-scripts.com/fonts/icomoon/ 20 KB
20 KB 19ms
18ms Font
application/octet-stream 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/fonts/icomoon/icomoon-bbeea83c082ef376f422e18cfc5a51d4dbc4c0f7.ttf

Requested by

Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/wallet-87206b5a5607f010957ba1497f7cdc0e3a08e330.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b66b42dc92c2c49529091965da3c2188573363f95ef5d02955011caa2da12d83

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://blockchain.cdn-scripts.com/css/wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css
Origin: https://lbiockchain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3810
status: 200
vary: Accept-Encoding
last-modified: Sat, 28 Apr 2018 00:54:58 GMT
server: cloudflare
etag: W/"5ae3c662-2edf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 50260070ba7cd8c5-AMS
expires: Sat, 07 Sep 2019 03:00:41 GMT

GET
H/1.1 200
OK white-blockchain-f1208a2b904ce045df3239b1922104bd3fc6a7c1.svg
lbiockchain.com/img/ 2 KB
3 KB 2364ms
197ms Image
image/svg+xml 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbiockchain.com/img/white-blockchain-f1208a2b904ce045df3239b1922104bd3fc6a7c1.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: 79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 07 Aug 2019 03:00:43 GMT
Last-Modified: Thu, 23 Nov 2017 20:42:20 GMT
Server: nginx
ETag: "5a1732ac-9df"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2527

GET
H/1.1 200
OK blue-logo-ea5f627851cb67fcdb31b3907dd0f7ddcd7ea4cf.svg
lbiockchain.com/img/ 1 KB
1 KB 2558ms
192ms Image
image/svg+xml 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbiockchain.com/img/blue-logo-ea5f627851cb67fcdb31b3907dd0f7ddcd7ea4cf.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: 2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 07 Aug 2019 03:00:44 GMT
Last-Modified: Thu, 23 Nov 2017 20:42:28 GMT
Server: nginx
ETag: "5a1732b4-448"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1096

GET
H/1.1 200
OK spinner-e4a46decfba6453e9878a28d2601302caa2a932d.gif
lbiockchain.com/img/ 404 B
635 B 1512ms
147ms Image
image/gif 185.222.203.25
UVL2-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbiockchain.com/img/spinner-e4a46decfba6453e9878a28d2601302caa2a932d.gif
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.222.203.25 , Ukraine, ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software: nginx /
Resource Hash: ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://lbiockchain.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 07 Aug 2019 03:00:44 GMT
Last-Modified: Thu, 21 Dec 2017 19:09:34 GMT
Server: nginx
ETag: "5a3c06ee-194"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 404

GET
H2 200 GillSans-Light-c0a09b9787926ae232f83ff876d60505b246e53f.ttf
blockchain.cdn-scripts.com/fonts/gillsans/ 98 KB
99 KB 19ms
19ms Font
application/octet-stream 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/fonts/gillsans/GillSans-Light-c0a09b9787926ae232f83ff876d60505b246e53f.ttf

Requested by

Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e508b3206cc9b91d3de3c2164822bf0cb48188f670b45d9b56df000ef2b83e53

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://blockchain.cdn-scripts.com/css/wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css
Origin: https://lbiockchain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3809
status: 200
vary: Accept-Encoding
last-modified: Sat, 28 Apr 2018 00:54:58 GMT
server: cloudflare
etag: W/"5ae3c662-dae2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 50260070ba84d8c5-AMS
expires: Sat, 07 Sep 2019 03:00:41 GMT

GET
H2 200 Montserrat-Medium-048c1d630e877f93900a0f3cda6da402be372e60.ttf
blockchain.cdn-scripts.com/fonts/montserrat/ 138 KB
138 KB 24ms
24ms Font
application/octet-stream 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/fonts/montserrat/Montserrat-Medium-048c1d630e877f93900a0f3cda6da402be372e60.ttf

Requested by

Host: blockchain.cdn-scripts.com
URL: https://blockchain.cdn-scripts.com/js/landing.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5390d2f87ce6d5998fa6967c38a32585777eb9da7960baa950fe7ce1bbc367b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://blockchain.cdn-scripts.com/css/wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css
Origin: https://lbiockchain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3809
status: 200
vary: Accept-Encoding
last-modified: Sat, 28 Apr 2018 00:55:00 GMT
server: cloudflare
etag: W/"5ae3c664-d831"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 50260070ba89d8c5-AMS
expires: Sat, 07 Sep 2019 03:00:41 GMT

GET
H2 200 Montserrat-Regular-e3c31495d670354502bd0ec9761ab23be7baedf3.ttf
blockchain.cdn-scripts.com/fonts/montserrat/ 138 KB
139 KB 19ms
19ms Font
application/octet-stream 104.27.191.157
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blockchain.cdn-scripts.com/fonts/montserrat/Montserrat-Regular-e3c31495d670354502bd0ec9761ab23be7baedf3.ttf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.27.191.157 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

90eedce294890d6ac7988025c482194c8e03c8153beb868ae53f1ee13b7d48b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://blockchain.cdn-scripts.com/css/wallet-b189823ae5d3ff61afd8f9be93b8e6e7463582a7.css
Origin: https://lbiockchain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 07 Aug 2019 03:00:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3810
status: 200
vary: Accept-Encoding
last-modified: Sat, 28 Apr 2018 00:55:00 GMT
server: cloudflare
etag: W/"5ae3c664-d526"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 5026007849c3d8c5-AMS
expires: Sat, 07 Sep 2019 03:00:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Blockchain (Crypto Exchange)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://blockchain.cdn-scripts.com/js/landing.js(Line 16) Message: Using My-Wallet-V3 Frontend %s and My-Wallet-V3 v%s, connecting to %s

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blockchain.cdn-scripts.com
lbiockchain.com
www.swimed.xyz
104.27.191.157
162.241.29.106
185.222.203.25
18ca3c795d764018f0436a5f7f6793c9142755b3fc6dd818bb00315f06d53fed
2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8
4867fa3a517796b5b71acc7ad93fcd8a1055fb80ae6c87a1dcebdc06f3ccd691
503903b5f96973d3b57358ccb9331879f838535ea5d81fd23b6cc25f512f5b95
5390d2f87ce6d5998fa6967c38a32585777eb9da7960baa950fe7ce1bbc367b2
614215fb55fe398cd82ea2ae0568b325ad8c10fdc5abe9829874825da47a70b9
79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470
7bbf16b0fb574e73f01ad16a907da86c4109cd17ef3bcbf7cea20588cd617b42
8b23791eb263f5d597ffc632da45856c10fd6137151c8c8f6179ebb09b662171
90eedce294890d6ac7988025c482194c8e03c8153beb868ae53f1ee13b7d48b8
b66b42dc92c2c49529091965da3c2188573363f95ef5d02955011caa2da12d83
bd782de8bbb3f1c63570b4673494be8a1dbf813328e0da63ceb39e07de26198e
da6a3d55c12db24686384ae584f790fcf2299fbb1f80d33b9ba13b2507f54dab
e508b3206cc9b91d3de3c2164822bf0cb48188f670b45d9b56df000ef2b83e53
e6baf8288b770f9020b1e7faa6f2e1eeaab60a0246ae161f898f8a495b54dc2d
e9b2e83b0d6d3ed61fd30a0db715cc802d0bc7579c500a8b87ca64cb06f1fc9d
ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305
f0dfcda73643918ac6068556c32c31c60bf61ef09d6619403ea063cc9836d029

lbiockchain.com Open in urlscan Pro 185.222.203.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

1451 kBTransfer

4425 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

34 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

lbiockchain.com Open in urlscan Pro
185.222.203.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

1451 kB
Transfer

4425 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!