www.ecss.co.id
Open in
urlscan Pro
180.92.192.27
Malicious Activity!
Public Scan
Submission: On May 05 via automatic, source openphish — Scanned from AU
Summary
This is the only time www.ecss.co.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Blockchain (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 180.92.192.27 180.92.192.27 | 45671 (AS45671-N...) (AS45671-NET-AU Wholesale Services Provider) | |
2 2 | 104.16.13.151 104.16.13.151 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.16.156.132 104.16.156.132 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 3 |
ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU)
www.ecss.co.id |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
ecss.co.id
www.ecss.co.id |
772 KB |
2 |
blockchain.info
2 redirects
blockchain.info — Cisco Umbrella Rank: 64490 |
1 KB |
1 |
blockchain.com
www.blockchain.com — Cisco Umbrella Rank: 215701 |
|
17 | 3 |
Domain | Requested by | |
---|---|---|
11 | www.ecss.co.id |
www.ecss.co.id
|
2 | blockchain.info |
2 redirects
www.ecss.co.id
|
1 | www.blockchain.com |
www.ecss.co.id
|
17 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
blockchain.info |
www.blockchain.com |
blog.blockchain.com |
support.blockchain.com |
github.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.ecss.co.id/2FA.php
Frame ID: FA77F3190E2A9787054D1EEBE1A9C1AF
Requests: 17 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: About
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: v1.18.2
Search URL Search Domain Scan URL
Title: (MyWallet v3.32.6)
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://blockchain.info/wallet/img/puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg HTTP 302
- https://blockchain.info/https://login.blockchain.com/ HTTP 301
- https://www.blockchain.com/https:/login.blockchain.com/
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
2FA.php
www.ecss.co.id/ |
33 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
landing-39c58368569aed6656da9b39f5e4c0e8a5cfc8f1.min.js.download
www.ecss.co.id/css/ |
581 KB 166 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallet-30a5a96d69c745cb8309a25b6f9909ece8739bc7.css
www.ecss.co.id/css/ |
374 KB 59 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
my-wallet-9dd30907c99837fdca8a635309567056fd9e69c6.min.js.download
www.ecss.co.id/css/ |
1 MB 269 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallet-fe7f7f7c191a810cc11ea208f1ac786b205f02c8.min.js.download
www.ecss.co.id/css/ |
912 KB 233 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blockchain-vector-f1208a2b904ce045df3239b1922104bd3fc6a7c1.svg
www.ecss.co.id/css/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
www.ecss.co.id/css/ |
404 B 646 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.blockchain.com/https:/login.blockchain.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Montserrat-Light.ttf
blockchain.info/wallet/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
GillSans-Light.ttf
blockchain.info/wallet/fonts/gillsans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
Montserrat-Regular.ttf
blockchain.info/wallet/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
Montserrat-Medium.ttf
blockchain.info/wallet/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
en-99eb4338b89042c71ab5030ed208048eb0205cbb.json
www.ecss.co.id/locales/ |
39 KB 11 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
landing-7ed0c0ee052c68f41c3ea7c63913ffc92cc93654.html
www.ecss.co.id/ |
39 KB 11 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallet-options.json
www.ecss.co.id/Resources/ |
39 KB 11 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icomoon.ttf
blockchain.info/wallet/fonts/icomoon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blue-logo-ea5f627851cb67fcdb31b3907dd0f7ddcd7ea4cf.svg
www.ecss.co.id/css/ |
1 KB 874 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- blockchain.info
- URL
- https://blockchain.info/wallet/fonts/montserrat/Montserrat-Light.ttf
- Domain
- blockchain.info
- URL
- https://blockchain.info/wallet/fonts/gillsans/GillSans-Light.ttf
- Domain
- blockchain.info
- URL
- https://blockchain.info/wallet/fonts/montserrat/Montserrat-Regular.ttf
- Domain
- blockchain.info
- URL
- https://blockchain.info/wallet/fonts/montserrat/Montserrat-Medium.ttf
- Domain
- blockchain.info
- URL
- https://blockchain.info/wallet/fonts/icomoon/icomoon.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Blockchain (Crypto Exchange)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| pb_whitelist object| pb_blacklist function| inject object| angular number| ng339 function| browserDetection object| FileAPI object| Blockchain object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| System function| asap function| Observable object| regeneratorRuntime boolean| _babelPolyfill function| hasUserMedia function| QRCode function| compareVersions0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blockchain.info
www.blockchain.com
www.ecss.co.id
blockchain.info
104.16.13.151
104.16.156.132
180.92.192.27
2bc17b09847c16b1f3747ba3608b39de298fc149ebc828457853883c30a7d426
2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8
2fd6d8cd981ab03c47e7a213355e4f7e171d8263fceace9478ffb957a9016b94
68c2ddf1018bf8d8f5d6317112534381b10e04131b58f1dd838cf5545d12786b
79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470
a51dbf8ec46a405fd5e1fae5015b1e0d455725af663e874a819cbdfda0bbbc2e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c9ee4c94917756bd553dd05c7eb4bf2ac4457a6e6ca1ae02345cd77d3c47a3
eb92a18192ae4063ffd9d4c4839f046704a64667192090a4713fedf962eaa375
ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305