xn--localitcoins-bh4f.net
Open in
urlscan Pro
Puny
localḅitcoins.net IDN
185.180.196.9
Malicious Activity!
Public Scan
URL:
http://xn--localitcoins-bh4f.net/accounts/login/
Submission: On September 18 via automatic, source phishtank
Submission: On September 18 via automatic, source phishtank
Summary
This website contacted 5 IPs
in 3 countries
across 5 domains to perform 18 HTTP transactions.
The main IP is 185.180.196.9, located in
Meppel, Netherlands and
belongs to HOSTING-SOLUTIONS - Hosting Solution Ltd., US.
The main domain is xn--localitcoins-bh4f.net.
This is the only time xn--localitcoins-bh4f.net was scanned on urlscan.io!
This is the only time xn--localitcoins-bh4f.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LocalBitcoins (Crypto Exchange)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 3 | 185.180.196.9 185.180.196.9 | 14576 (HOSTING-S...) (HOSTING-SOLUTIONS - Hosting Solution Ltd.) | |
| 8 | 104.16.59.73 104.16.59.73 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1b | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
| 5 | 2a00:1450:400... 2a00:1450:4001:81f::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:817::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 18 | 5 |
3
185.180.196.9
(Meppel, Netherlands)
ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US)
PTR: hosting.king-servers.com
ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US)
PTR: hosting.king-servers.com
| xn--localitcoins-bh4f.net |
2
2001:4de0:ac19::1:b:1b
(Netherlands)
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
| stackpath.bootstrapcdn.com |
5
2a00:1450:4001:81f::2004
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| www.google.com |
1
2a00:1450:4001:817::2003
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| www.gstatic.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
localbitcoins.net
localbitcoins.net |
98 KB |
| 5 |
google.com
www.google.com |
543 B |
| 3 |
xn--localitcoins-bh4f.net
1 redirects
xn--localitcoins-bh4f.net |
13 KB |
| 2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
82 KB |
| 1 |
gstatic.com
www.gstatic.com |
92 KB |
| 18 | 5 |
| Domain | Requested by | |
|---|---|---|
| 8 | localbitcoins.net |
xn--localitcoins-bh4f.net
|
| 5 | www.google.com |
xn--localitcoins-bh4f.net
www.gstatic.com |
| 3 | xn--localitcoins-bh4f.net |
1 redirects
xn--localitcoins-bh4f.net
|
| 2 | stackpath.bootstrapcdn.com |
xn--localitcoins-bh4f.net
|
| 1 | www.gstatic.com |
www.google.com
|
| 18 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| localbitcoinschain.com |
| www.facebook.com |
| twitter.com |
| www.instagram.com |
| www.reddit.com |
| www.weibo.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ssl882677.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-07-31 - 2020-02-06 |
6 months | crt.sh |
| *.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
| www.google.com GTS CA 1O1 |
2019-08-23 - 2019-11-21 |
3 months | crt.sh |
| *.google.com GTS CA 1O1 |
2019-09-05 - 2019-11-28 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
http://xn--localitcoins-bh4f.net/accounts/login/
Frame ID: 39249F1DA138730DB43C1FC62144B680
Requests: 16 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcCZLMUAAAAAOaTSHGwr13TEndoNCuDjpBloGYN&co=aHR0cDovL3huLS1sb2NhbGl0Y29pbnMtYmg0Zi5uZXQ6ODA.&hl=en&v=v1566858990656&size=normal&cb=ru3dwvedg774
Frame ID: CB6313BC8867D5B529CE91A433E3691B
Requests: 1 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1566858990656&k=6LcCZLMUAAAAAOaTSHGwr13TEndoNCuDjpBloGYN&cb=oyipqc2vl1a1
Frame ID: C507760D204DCFF92D9666195189E4E0
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://xn--localitcoins-bh4f.net/accounts/login
HTTP 301
http://xn--localitcoins-bh4f.net/accounts/login/ Page URL
Detected technologies
Python
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)/i
Django
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
reCAPTCHA
(Captchas)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<div[^>]+class="g-recaptcha"/i
- script /\/recaptcha\/api\.js/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
URL: https://localbitcoinschain.com/
Title: Block Explorer
Title: Block Explorer
Search URL Search Domain Scan URL
URL: https://www.facebook.com/pages/Localbitcoinscom/266849920086274?notif_t=page_new_likes
Title: Facebook
Title: Facebook
Search URL Search Domain Scan URL
URL: https://twitter.com/LocalBitcoins
Title: Twitter
Title: Twitter
Search URL Search Domain Scan URL
URL: https://www.instagram.com/localbitcoins/
Title: Instagram
Title: Instagram
Search URL Search Domain Scan URL
URL: http://www.reddit.com/r/localbitcoins/
Title: Reddit
Title: Reddit
Search URL Search Domain Scan URL
URL: http://www.weibo.com/localbitcoins/
Title: Chinese Blog
Title: Chinese Blog
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://xn--localitcoins-bh4f.net/accounts/login
HTTP 301
http://xn--localitcoins-bh4f.net/accounts/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
xn--localitcoins-bh4f.net/accounts/login/ Redirect Chain
|
12 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.ec3bb52a00e1.css
localbitcoins.net/cached-static/bootstrap/css/ |
118 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fa.css
xn--localitcoins-bh4f.net/accounts/login/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.7bb7fe5de0c7.css
localbitcoins.net/cached-static/ |
47 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
quickform.96d6bb50f184.css
localbitcoins.net/cached-static/ |
1006 B 580 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap-extensions.ac6fa260a89d.css
localbitcoins.net/cached-static/ |
354 B 318 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.12.4.min.4f252523d4af.js
localbitcoins.net/cached-static/thirdparty/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
site-logo-500.b39d9369a078.png
localbitcoins.net/cached-static/img/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
api.js
www.google.com/recaptcha/ |
714 B 543 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
site-logo_grey.2c59226a8ab9.png
localbitcoins.net/cached-static/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.5869c96cc8f1.js
localbitcoins.net/cached-static/bootstrap/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
recaptcha_ajax.js
www.google.com/recaptcha/api/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ |
75 KB 75 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/api2/v1566858990656/ |
264 KB 92 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
recaptcha_ajax.js
www.google.com/recaptcha/api/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame CB63 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bframe
www.google.com/recaptcha/api2/ Frame C507 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LocalBitcoins (Crypto Exchange)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha object| jQuery1124025397310744389645 object| exchange object| closure_lm_7200670 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
localbitcoins.net
stackpath.bootstrapcdn.com
www.google.com
www.gstatic.com
xn--localitcoins-bh4f.net
104.16.59.73
185.180.196.9
2001:4de0:ac19::1:b:1b
2a00:1450:4001:817::2003
2a00:1450:4001:81f::2004
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
367f9b51471361b5a005527a43ffb128af086f04adc5062ed3550a28a0b3bc16
37a89af2005df7b717ef3af9344b9b51ebf852a67f140948ddbfa06774cc77aa
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
782e6b597a5445ea3ef8db7342fc24bad2d3c71390bf3ce73c8cb2bc1438c711
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9aca5ee7a3383665350e2d3f85a7799c0db04e36faeef8c157c5314214721aee
ba2640d8360024fad5c871c94e8edc308e1c08a270332e2de949e8cc566404c9
bd3cad6b7ba79270dee54a5ba1482ac6b522b147dc8f9d04791050711ada7865
c2b59b919476aad6c691af0f8f45e3dca6bd9363a704d39a15f020e6dc1ee316
d7469d50242ce2eb7b87b5968dc370472c9337b1a2a95606877b2a3fe6240ab5
fedd2b741ffb042ad1d323fc6533f0ba7e150dc07c6a8bf350eff1d716a3ce5d