URL: http://www.ecss.co.id/2FA.php
Submission: On May 05 via automatic, source openphish — Scanned from AU

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 180.92.192.27, located in Australia and belongs to AS45671-NET-AU Wholesale Services Provider, AU. The main domain is www.ecss.co.id.
This is the only time www.ecss.co.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Blockchain (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
11 180.92.192.27 45671 (AS45671-N...)
2 2 104.16.13.151 13335 (CLOUDFLAR...)
1 104.16.156.132 13335 (CLOUDFLAR...)
17 3
Apex Domain
Subdomains
Transfer
11 ecss.co.id
www.ecss.co.id
772 KB
2 blockchain.info
blockchain.info — Cisco Umbrella Rank: 64490
1 KB
1 blockchain.com
www.blockchain.com — Cisco Umbrella Rank: 215701
17 3
Domain Requested by
11 www.ecss.co.id www.ecss.co.id
2 blockchain.info 2 redirects www.ecss.co.id
1 www.blockchain.com www.ecss.co.id
17 3

This site contains links to these domains. Also see Links.

Domain
blockchain.info
www.blockchain.com
blog.blockchain.com
support.blockchain.com
github.com
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://www.ecss.co.id/2FA.php
Frame ID: FA77F3190E2A9787054D1EEBE1A9C1AF
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

Bitcoin Wallet - BlockchainBitcoin Wallet - Blockchain

Page Statistics

17
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

772 kB
Transfer

3070 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://blockchain.info/wallet/img/puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg HTTP 302
  • https://blockchain.info/https://login.blockchain.com/ HTTP 301
  • https://www.blockchain.com/https:/login.blockchain.com/

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 2FA.php
www.ecss.co.id/
33 KB
10 KB
Document
General
Full URL
http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
2bc17b09847c16b1f3747ba3608b39de298fc149ebc828457853883c30a7d426

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 05 May 2023 03:21:33 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding
landing-39c58368569aed6656da9b39f5e4c0e8a5cfc8f1.min.js.download
www.ecss.co.id/css/
581 KB
166 KB
Script
General
Full URL
http://www.ecss.co.id/css/landing-39c58368569aed6656da9b39f5e4c0e8a5cfc8f1.min.js.download
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
2fd6d8cd981ab03c47e7a213355e4f7e171d8263fceace9478ffb957a9016b94

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/2FA.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 23 Jun 2017 19:40:04 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
wallet-30a5a96d69c745cb8309a25b6f9909ece8739bc7.css
www.ecss.co.id/css/
374 KB
59 KB
Stylesheet
General
Full URL
http://www.ecss.co.id/css/wallet-30a5a96d69c745cb8309a25b6f9909ece8739bc7.css
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
eb92a18192ae4063ffd9d4c4839f046704a64667192090a4713fedf962eaa375

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/2FA.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 23 Jun 2017 19:56:58 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
60273
my-wallet-9dd30907c99837fdca8a635309567056fd9e69c6.min.js.download
www.ecss.co.id/css/
1 MB
269 KB
Script
General
Full URL
http://www.ecss.co.id/css/my-wallet-9dd30907c99837fdca8a635309567056fd9e69c6.min.js.download
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
68c2ddf1018bf8d8f5d6317112534381b10e04131b58f1dd838cf5545d12786b

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/2FA.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 23 Jun 2017 19:40:04 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
wallet-fe7f7f7c191a810cc11ea208f1ac786b205f02c8.min.js.download
www.ecss.co.id/css/
912 KB
233 KB
Script
General
Full URL
http://www.ecss.co.id/css/wallet-fe7f7f7c191a810cc11ea208f1ac786b205f02c8.min.js.download
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
a51dbf8ec46a405fd5e1fae5015b1e0d455725af663e874a819cbdfda0bbbc2e

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/2FA.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 23 Jun 2017 19:40:04 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
blockchain-vector-f1208a2b904ce045df3239b1922104bd3fc6a7c1.svg
www.ecss.co.id/css/
2 KB
1 KB
Image
General
Full URL
http://www.ecss.co.id/css/blockchain-vector-f1208a2b904ce045df3239b1922104bd3fc6a7c1.svg
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/2FA.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 23 Jun 2017 19:40:04 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1004
spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
www.ecss.co.id/css/
404 B
646 B
Image
General
Full URL
http://www.ecss.co.id/css/spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/2FA.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Last-Modified
Fri, 23 Jun 2017 19:40:04 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
404
/
www.blockchain.com/https:/login.blockchain.com/
Redirect Chain
  • https://blockchain.info/wallet/img/puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg
  • https://blockchain.info/https://login.blockchain.com/
  • https://www.blockchain.com/https:/login.blockchain.com/
0
0
Image
General
Full URL
https://www.blockchain.com/https:/login.blockchain.com/
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/css/wallet-30a5a96d69c745cb8309a25b6f9909ece8739bc7.css
Protocol
H2
Server
104.16.156.132 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Redirect headers

date
Fri, 05 May 2023 03:21:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-original-host
blockchain.info
x-blockchain-cp-f
zk85 0.000 ba3ff93d88a965edd20e6b16595e1f64
content-length
162
x-xss-protection
1; mode=block
x-request-id
ba3ff93d88a965edd20e6b16595e1f64
server
cloudflare
x-blockchain-server
BlockchainFE/1.0
content-type
text/html
location
https://www.blockchain.com/https:/login.blockchain.com/
x-blockchain-language
en
x-blockchain-language-id
0:0:1 (en:en:en)
cf-ray
7c25daaaccf8aad1-SYD
Montserrat-Light.ttf
blockchain.info/wallet/fonts/montserrat/
0
0

GillSans-Light.ttf
blockchain.info/wallet/fonts/gillsans/
0
0

Montserrat-Regular.ttf
blockchain.info/wallet/fonts/montserrat/
0
0

Montserrat-Medium.ttf
blockchain.info/wallet/fonts/montserrat/
0
0

en-99eb4338b89042c71ab5030ed208048eb0205cbb.json
www.ecss.co.id/locales/
39 KB
11 KB
XHR
General
Full URL
http://www.ecss.co.id/locales/en-99eb4338b89042c71ab5030ed208048eb0205cbb.json
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/css/landing-39c58368569aed6656da9b39f5e4c0e8a5cfc8f1.min.js.download
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
e4c9ee4c94917756bd553dd05c7eb4bf2ac4457a6e6ca1ae02345cd77d3c47a3

Request headers

Accept
application/json, text/plain, */*
Referer
http://www.ecss.co.id/2FA.php
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
landing-7ed0c0ee052c68f41c3ea7c63913ffc92cc93654.html
www.ecss.co.id/
39 KB
11 KB
XHR
General
Full URL
http://www.ecss.co.id/landing-7ed0c0ee052c68f41c3ea7c63913ffc92cc93654.html
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/css/landing-39c58368569aed6656da9b39f5e4c0e8a5cfc8f1.min.js.download
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
e4c9ee4c94917756bd553dd05c7eb4bf2ac4457a6e6ca1ae02345cd77d3c47a3

Request headers

Accept
text/html
Referer
http://www.ecss.co.id/2FA.php
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
wallet-options.json
www.ecss.co.id/Resources/
39 KB
11 KB
XHR
General
Full URL
http://www.ecss.co.id/Resources/wallet-options.json
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/css/landing-39c58368569aed6656da9b39f5e4c0e8a5cfc8f1.min.js.download
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
e4c9ee4c94917756bd553dd05c7eb4bf2ac4457a6e6ca1ae02345cd77d3c47a3

Request headers

Accept
application/json, text/plain, */*
Referer
http://www.ecss.co.id/2FA.php
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
icomoon.ttf
blockchain.info/wallet/fonts/icomoon/
0
0

blue-logo-ea5f627851cb67fcdb31b3907dd0f7ddcd7ea4cf.svg
www.ecss.co.id/css/
1 KB
874 B
Image
General
Full URL
http://www.ecss.co.id/css/blue-logo-ea5f627851cb67fcdb31b3907dd0f7ddcd7ea4cf.svg
Requested by
Host: www.ecss.co.id
URL: http://www.ecss.co.id/2FA.php
Protocol
HTTP/1.1
Server
180.92.192.27 , Australia, ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU),
Reverse DNS
Software
Apache /
Resource Hash
2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://www.ecss.co.id/2FA.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date
Fri, 05 May 2023 03:21:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 23 Jun 2017 19:40:04 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
571

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
blockchain.info
URL
https://blockchain.info/wallet/fonts/montserrat/Montserrat-Light.ttf
Domain
blockchain.info
URL
https://blockchain.info/wallet/fonts/gillsans/GillSans-Light.ttf
Domain
blockchain.info
URL
https://blockchain.info/wallet/fonts/montserrat/Montserrat-Regular.ttf
Domain
blockchain.info
URL
https://blockchain.info/wallet/fonts/montserrat/Montserrat-Medium.ttf
Domain
blockchain.info
URL
https://blockchain.info/wallet/fonts/icomoon/icomoon.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Blockchain (Crypto Exchange)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| pb_whitelist object| pb_blacklist function| inject object| angular number| ng339 function| browserDetection object| FileAPI object| Blockchain object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| System function| asap function| Observable object| regeneratorRuntime boolean| _babelPolyfill function| hasUserMedia function| QRCode function| compareVersions

0 Cookies

11 Console Messages

Source Level URL
Text
javascript error URL: http://www.ecss.co.id/2FA.php#/
Message:
Access to font at 'https://blockchain.info/wallet/fonts/montserrat/Montserrat-Light.ttf' from origin 'http://www.ecss.co.id' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://blockchain.info/wallet/fonts/montserrat/Montserrat-Light.ttf
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://www.ecss.co.id/2FA.php#/
Message:
Access to font at 'https://blockchain.info/wallet/fonts/montserrat/Montserrat-Medium.ttf' from origin 'http://www.ecss.co.id' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://blockchain.info/wallet/fonts/montserrat/Montserrat-Medium.ttf
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://www.ecss.co.id/2FA.php#/
Message:
Access to font at 'https://blockchain.info/wallet/fonts/montserrat/Montserrat-Regular.ttf' from origin 'http://www.ecss.co.id' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://blockchain.info/wallet/fonts/montserrat/Montserrat-Regular.ttf
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://www.ecss.co.id/2FA.php#/
Message:
Access to font at 'https://blockchain.info/wallet/fonts/gillsans/GillSans-Light.ttf' from origin 'http://www.ecss.co.id' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://blockchain.info/wallet/fonts/gillsans/GillSans-Light.ttf
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://www.ecss.co.id/2FA.php#/
Message:
Access to font at 'https://blockchain.info/wallet/fonts/icomoon/icomoon.ttf' from origin 'http://www.ecss.co.id' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://blockchain.info/wallet/fonts/icomoon/icomoon.ttf
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://www.blockchain.com/https:/login.blockchain.com/
Message:
Failed to load resource: the server responded with a status of 404 ()