blockchain-validation-sso.cloudns.cl Open in urlscan Pro
160.153.45.136  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request emailvalidate.php Show response blockchain-validation-sso.cloudns.cl/validate/sso/mywallet/	51 KB 5 KB	485ms 170ms	Document text/html	160.153.45.136 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://blockchain-validation-sso.cloudns.cl/validate/sso/mywallet/emailvalidate.php?gguid= Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.45.136 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-160-153-45-136.ip.secureserver.net Software Apache / PHP/7.2.32 Resource Hash a6a8e115eb1ec093e193656c8f57d1547ada2e10dc554f025f31c966466010e1 Request headers :method GET :authority blockchain-validation-sso.cloudns.cl :scheme https :path /validate/sso/mywallet/emailvalidate.php?gguid= pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 14 Apr 2021 01:20:03 GMT server Apache x-powered-by PHP/7.2.32 vary Accept-Encoding,User-Agent content-encoding gzip content-length 5440 content-type text/html; charset=UTF-8
GET H2	200	open_sans.min.css webmail.gesatech.net/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/	6 KB 591 B	545ms 272ms	Stylesheet text/css	169.48.214.129 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://webmail.gesatech.net/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css Requested by Host: blockchain-validation-sso.cloudns.cl URL: https://blockchain-validation-sso.cloudns.cl/validate/sso/mywallet/emailvalidate.php?gguid= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 169.48.214.129 Triangle, United States, ASN36351 (SOFTLAYER, US), Reverse DNS gesatech.net Software Apache / Resource Hash 919e3b6b5b80ecdfb3c87b5e3aa55f174c21a79ed75c63de2dab20394ff7a676 Request headers Referer https://blockchain-validation-sso.cloudns.cl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 14 Apr 2021 01:20:04 GMT content-encoding gzip last-modified Wed, 04 Dec 2013 21:20:30 GMT server Apache content-type text/css cache-control max-age=5184000, public content-length 536 expires Sun, 13 Jun 2021 01:20:04 GMT
GET H2	200	style_v2_optimized.css webmail.gesatech.net/cPanel_magic_revision_1592230533/unprotected/cpanel/	139 KB 32 KB	419ms 145ms	Stylesheet text/css	169.48.214.129 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://webmail.gesatech.net/cPanel_magic_revision_1592230533/unprotected/cpanel/style_v2_optimized.css Requested by Host: blockchain-validation-sso.cloudns.cl URL: https://blockchain-validation-sso.cloudns.cl/validate/sso/mywallet/emailvalidate.php?gguid= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 169.48.214.129 Triangle, United States, ASN36351 (SOFTLAYER, US), Reverse DNS gesatech.net Software Apache / Resource Hash 04b0fb7b7d643042ad0e148e318e79dfe0ecf8d5f1858d8183f37fe323f7a309 Request headers Referer https://blockchain-validation-sso.cloudns.cl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 14 Apr 2021 01:20:04 GMT content-encoding gzip last-modified Fri, 05 Mar 2021 06:31:07 GMT server Apache content-type text/css cache-control max-age=5184000, public content-length 32592 expires Sun, 13 Jun 2021 01:20:04 GMT
GET H2	200	bc-logo.svg login.blockchain.com/img/	6 KB 5 KB	214ms 122ms	Image image/svg+xml	104.16.40.77 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://login.blockchain.com/img/bc-logo.svg Requested by Host: blockchain-validation-sso.cloudns.cl URL: https://blockchain-validation-sso.cloudns.cl/validate/sso/mywallet/emailvalidate.php?gguid= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.40.77 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a6fdd6df66992c94ee619a7d602b16fcd06ae091df353643df482b89883062fb Security Headers Name Value Content-Security-Policy img-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://blockchain.info *.googleusercontent.com *.zendesk.com data: blob: android-webview-video-poster:; script-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info 'nonce-37kqf0A8MVO1sNbpewwgUvE1aYi75RO2'; style-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info 'nonce-37kqf0A8MVO1sNbpewwgUvE1aYi75RO2'; child-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://verify.isignthis.com https://wallet-helper.blockchain.com blob:; frame-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://verify.isignthis.com https://blockchain.info https://wallet-helper.blockchain.com https://magic.veriff.me/ https://pay.coinify.com; connect-src data: https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://blockchain.info https://api.blockchain.info wss://ws.blockchain.info/nabu-gateway/markets/quotes wss://ws.blockchain.info/coins wss://ws.blockchain.info/inv wss://ws.blockchain.info/eth/inv wss://ws.blockchain.info/bch/inv https://wallet-helper.blockchain.com https://verify.isignthis.com https://shapeshift.io https://app-api.coinify.com https://pay.coinify.com https://api.sfox.com https://quotes.sfox.com https://sfox-kyc.s3.amazonaws.com https://manager.api.live.ledger.com wss://api.ledgerwallet.com https://horizon.stellar.org https://friendbot.stellar.org https://bitpay.com https://pay.every-pay.eu https://static.zdassets.com https://ekr.zdassets.com https://blockchain.zendesk.com; object-src 'none'; media-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://storage.googleapis.com/bc_public_assets/ data: mediastream: blob:; font-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://blockchain-validation-sso.cloudns.cl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 14 Apr 2021 01:20:04 GMT via 1.1 google x-content-type-options nosniff cf-cache-status MISS x-original-host login.blockchain.com x-cache-status MISS bed50b99c9a226755f8bd3f02445a0fa cf-request-id 096f8fdaf400001d06cf97b000000001 strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br x-xss-protection 1; mode=block x-request-id e379e338345bdfae0c9c24193fabc804 server cloudflare x-blockchain-cp-b wallet-frontend x-blockchain-server BlockchainFE/1.0 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml x-blockchain-cp-f f0zn 0.026 - e379e338345bdfae0c9c24193fabc804 cache-control no-cache content-security-policy img-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://blockchain.info *.googleusercontent.com *.zendesk.com data: blob: android-webview-video-poster:; script-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info 'nonce-37kqf0A8MVO1sNbpewwgUvE1aYi75RO2'; style-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info 'nonce-37kqf0A8MVO1sNbpewwgUvE1aYi75RO2'; child-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://verify.isignthis.com https://wallet-helper.blockchain.com blob:; frame-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://verify.isignthis.com https://blockchain.info https://wallet-helper.blockchain.com https://magic.veriff.me/ https://pay.coinify.com; connect-src data: https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://blockchain.info https://api.blockchain.info wss://ws.blockchain.info/nabu-gateway/markets/quotes wss://ws.blockchain.info/coins wss://ws.blockchain.info/inv wss://ws.blockchain.info/eth/inv wss://ws.blockchain.info/bch/inv https://wallet-helper.blockchain.com https://verify.isignthis.com https://shapeshift.io https://app-api.coinify.com https://pay.coinify.com https://api.sfox.com https://quotes.sfox.com https://sfox-kyc.s3.amazonaws.com https://manager.api.live.ledger.com wss://api.ledgerwallet.com https://horizon.stellar.org https://friendbot.stellar.org https://bitpay.com https://pay.every-pay.eu https://static.zdassets.com https://ekr.zdassets.com https://blockchain.zendesk.com; object-src 'none'; media-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info https://storage.googleapis.com/bc_public_assets/ data: mediastream: blob:; font-src https://login.blockchain.com https://wallet-frontend.prod.blockchain.info https://wallet-frontend-pre-release.prod.blockchain.info; x-blockchain-language en x-blockchain-language-id 0:0:1 (en:en:en) cf-ray 63f91c0b29ab1d06-CPH
GET H2	200	bg-pattern.svg login.blockchain.com/img/	300 KB 65 KB	123ms 42ms	Image image/svg+xml	104.16.40.77 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://login.blockchain.com/img/bg-pattern.svg Requested by Host: blockchain-validation-sso.cloudns.cl URL: https://blockchain-validation-sso.cloudns.cl/validate/sso/mywallet/emailvalidate.php?gguid= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.40.77 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2ba246c1d89fb2707ed8f1168ca7e7fc8a98c86242115fd71d1967e8d45a0802 Security Headers Name Value Content-Security-Policy img-src 'self' data: https://blockchain.info; style-src 'self' 'unsafe-inline'; frame-src 'none'; child-src 'none'; script-src 'self'; connect-src 'self' *.blockchain.info wss://*.blockchain.info https://blockchain.info wss://ws.blockchain.info; object-src 'none'; media-src 'none'; font-src 'none'; worker-src 'none'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://blockchain-validation-sso.cloudns.cl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 14 Apr 2021 01:20:04 GMT via 1.1 google x-content-type-options nosniff cf-cache-status HIT x-blockchain-application wallet age 14264936 x-original-host login.blockchain.com x-cache-status MISS 05d2bec1022b73cd72a887d96c7fac53 content-type image/svg+xml;charset=UTF-8 cf-request-id 096f8fdaf500001d06df944000000001 strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br x-xss-protection 1; mode=block x-request-id b7a625c232b1664b8bb2f9a37d5b3821 last-modified Thu, 08 Oct 2020 07:14:40 GMT server cloudflare x-blockchain-server BlockchainFE/1.0 etag W/"307051-1602141280000" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-language sv x-blockchain-cp-f z3zg 0.008 - b7a625c232b1664b8bb2f9a37d5b3821 cache-control public, max-age=31557600 content-security-policy img-src 'self' data: https://blockchain.info; style-src 'self' 'unsafe-inline'; frame-src 'none'; child-src 'none'; script-src 'self'; connect-src 'self' *.blockchain.info wss://*.blockchain.info https://blockchain.info wss://ws.blockchain.info; object-src 'none'; media-src 'none'; font-src 'none'; worker-src 'none'; x-blockchain-language sv x-blockchain-language-id 0:0:1 (en:en:sv) cf-ray 63f91c0b29ac1d06-CPH expires Thu, 14 Apr 2022 07:20:04 GMT
GET H2	200	notice-error.png webmail.gesatech.net/cPanel_magic_revision_1592229738/unprotected/cpanel/images/	1 KB 1 KB	138ms 138ms	Image image/png	169.48.214.129 SOFTLAYER
General Check archive.org Show headers Download Go to Show image Full URL https://webmail.gesatech.net/cPanel_magic_revision_1592229738/unprotected/cpanel/images/notice-error.png Requested by Host: webmail.gesatech.net URL: https://webmail.gesatech.net/cPanel_magic_revision_1592230533/unprotected/cpanel/style_v2_optimized.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 169.48.214.129 Triangle, United States, ASN36351 (SOFTLAYER, US), Reverse DNS gesatech.net Software Apache / Resource Hash bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd Request headers Referer https://webmail.gesatech.net/cPanel_magic_revision_1592230533/unprotected/cpanel/style_v2_optimized.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 14 Apr 2021 01:20:04 GMT cache-control max-age=5184000, public last-modified Mon, 15 Jun 2020 14:02:18 GMT server Apache content-type image/png content-length 1026 expires Sun, 13 Jun 2021 01:20:04 GMT
GET		OpenSans-Regular-webfont.woff webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0
GET		OpenSans-Semibold-webfont.woff webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0
GET		OpenSans-Semibold-webfont.ttf webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0
GET		OpenSans-Regular-webfont.ttf webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

webmail.gesatech.net

URL

https://webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff

Domain

webmail.gesatech.net

URL

https://webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff

Domain

webmail.gesatech.net

URL

https://webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.ttf

Domain

webmail.gesatech.net

URL

https://webmail.gesatech.net/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Blockchain (Crypto Exchange)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| DOM

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blockchain-validation-sso.cloudns.cl
login.blockchain.com
webmail.gesatech.net
webmail.gesatech.net
104.16.40.77
160.153.45.136
169.48.214.129
04b0fb7b7d643042ad0e148e318e79dfe0ecf8d5f1858d8183f37fe323f7a309
2ba246c1d89fb2707ed8f1168ca7e7fc8a98c86242115fd71d1967e8d45a0802
919e3b6b5b80ecdfb3c87b5e3aa55f174c21a79ed75c63de2dab20394ff7a676
a6a8e115eb1ec093e193656c8f57d1547ada2e10dc554f025f31c966466010e1
a6fdd6df66992c94ee619a7d602b16fcd06ae091df353643df482b89883062fb
bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd