bl0ci.com Open in urlscan Pro
160.119.254.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://bl0ci.com/em/micro.php
Submission: On December 06 via api (December 6th 2023, 9:57:50 pm UTC) from US — Scanned from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 160.119.254.114, located in South Africa and belongs to Host-Africa-AS, ZA. The main domain is bl0ci.com.

This is the only time bl0ci.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
15	160.119.254.114 160.119.254.114	328364 (Host-Afri...) (Host-Africa-AS)
6	212.23.222.194 212.23.222.194	201814 (MEVSPACE) (MEVSPACE)
21	3

15 160.119.254.114 (South Africa)

ASN328364 (Host-Africa-AS, ZA)

bl0ci.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 212.23.222.194 (Poland)

ASN201814 (MEVSPACE, PL)

strox.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	bl0ci.com bl0ci.com	120 KB
6	strox.nl strox.nl	331 KB
21	2

	Domain	Requested by
15	bl0ci.com	bl0ci.com
6	strox.nl	bl0ci.com
21	2

This site contains no links.

Subject Issuer	Validity	Valid
strox.nl R3	`2023-12-05` - `2024-03-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://bl0ci.com/em/micro.php
Frame ID: 3228B660894EAF80BC9C8CA58BC8EA2C
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

My Account: Wallet

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

29 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

451 kB
Transfer

583 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request micro.php Show response bl0ci.com/em/	12 KB 5 KB	630ms 267ms	Document text/html	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `74a777a57d37b8e8d57d065b3a294a6cd0d42c07c69eea6a49afb568736ceebd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate connection Keep-Alive content-encoding gzip content-length 4634 content-type text/html; charset=UTF-8 date Wed, 06 Dec 2023 21:57:43 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding
GET H/1.1	200 OK	css2.css bl0ci.com/em/css/	565 B 704 B	265ms 264ms	Stylesheet text/css	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/css2.css Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `3bc9eb45e54675f062678c8f05798879ca1a6419f6dd3079279d25d3726fc076` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "235-65119b30-17a63c;gz" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 334 expires Wed, 13 Dec 2023 21:57:43 GMT
GET H/1.1	200 OK	css.css bl0ci.com/em/css/	9 KB 1 KB	266ms 263ms	Stylesheet text/css	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/css.css Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `6d2b3b4a31fa8016502b0d8c30f34b65b6fb5a703bdb3580678738ef22c57e7a` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "2358-65119b30-17a63b;gz" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 791 expires Wed, 13 Dec 2023 21:57:43 GMT
GET H/1.1	200 OK	csspage2.css bl0ci.com/em/css/	17 KB 4 KB	513ms 255ms	Stylesheet text/css	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/csspage2.css Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `3ce342b3f2f2082136f189387a24e3356513edb56be3a5d330f4b14a2b890bbe` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "422d-65119b30-17a63d;gz" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 3257 expires Wed, 13 Dec 2023 21:57:43 GMT
GET H/1.1	200 OK	jquery-3.3.1.min.php Show response bl0ci.com/em/css/	85 KB 30 KB	519ms 262ms	Script text/html	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/jquery-3.3.1.min.php Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip server LiteSpeed connection Keep-Alive content-length 30351 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H/1.1	200 OK	modernizr.min.js Show response bl0ci.com/em/css/	11 KB 5 KB	529ms 262ms	Script application/x-javascript	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/modernizr.min.js Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe` Request headers Referer Origin http://bl0ci.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "2b4c-65119b30-17a643;gz" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 4511 expires Wed, 13 Dec 2023 21:57:43 GMT
GET H/1.1	200 OK	cardadr.php Show response bl0ci.com/em/css/	3 KB 1 KB	532ms 265ms	Script text/html	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/cardadr.php Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `c036a0505f8ec9937750d860e4454d5c0848d6208198f61ed3f04876ffaa9aaf` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip server LiteSpeed connection Keep-Alive content-length 1094 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H/1.1	200 OK	jquery.ccvalid.php Show response bl0ci.com/em/css/	7 KB 2 KB	532ms 266ms	Script text/html	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/jquery.ccvalid.php Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip server LiteSpeed connection Keep-Alive content-length 1912 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H/1.1	200 OK	jquery.mask.min.js Show response bl0ci.com/em/css/	8 KB 4 KB	530ms 264ms	Script application/x-javascript	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/jquery.mask.min.js Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:43 GMT content-encoding gzip last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "1ff9-65119b30-17a642;gz" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 3396 expires Wed, 13 Dec 2023 21:57:43 GMT
GET H/1.1	200 OK	imask.min.js Show response bl0ci.com/em/css/	45 KB 13 KB	767ms 256ms	Script application/x-javascript	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/imask.min.js Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:44 GMT content-encoding gzip last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "b217-65119b30-17a63f;gz" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 12865 expires Wed, 13 Dec 2023 21:57:44 GMT
GET H/1.1	200 OK	warning.png bl0ci.com/em/css/	4 KB 4 KB	263ms 261ms	Image image/png	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Show image Full URL http://bl0ci.com/em/css/warning.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `48edd52e523c142aa7635626d0bc620622c45ff1e6f8e91930123d044013b12e` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:44 GMT last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "fde-65119b30-17a648;;;" content-type image/png cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 4062 expires Wed, 13 Dec 2023 21:57:44 GMT
GET H/1.1	200 OK	verifymail2.css bl0ci.com/em/css/	4 KB 2 KB	262ms 262ms	Stylesheet text/css	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Full URL http://bl0ci.com/em/css/verifymail2.css Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `2730b67f3355a4d67725e61377bacdc6c2dc94a4bb0c1deddf0046b1dd7e52c2` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:44 GMT content-encoding gzip last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "10ce-65119b30-17a647;gz" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 1418 expires Wed, 13 Dec 2023 21:57:44 GMT
GET H/1.1	200 OK	ppip.png bl0ci.com/em/css/	10 KB 10 KB	266ms 265ms	Image image/png	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Show image Full URL http://bl0ci.com/em/css/ppip.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `9d09ae64daba8b02cc84a1ef05eba2625f889dc5e444979465f650cbc4ddd4ba` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:44 GMT last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "26f4-65119b30-17a645;;;" content-type image/png cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 9972 expires Wed, 13 Dec 2023 21:57:44 GMT
GET H/1.1	200 OK	plaid-logo-black-bg.png bl0ci.com/em/css/	37 KB 38 KB	267ms 266ms	Image image/png	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Show image Full URL http://bl0ci.com/em/css/plaid-logo-black-bg.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `485cca5970e0bab9bc9569ed4e2bf329f94633837e3c1fb6f28694762a34ae04` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:44 GMT last-modified Mon, 25 Sep 2023 14:37:36 GMT server LiteSpeed etag "951c-65119b30-17a644;;;" content-type image/png cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 38172 expires Wed, 13 Dec 2023 21:57:44 GMT
GET H/1.1	200 OK	uydgu.duyd.png bl0ci.com/em/css/	1 KB 2 KB	279ms 275ms	Image image/png	160.119.254.114 Host-Africa-AS
General Check archive.org Show headers Download Go to Show image Full URL http://bl0ci.com/em/css/uydgu.duyd.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/micro.php Protocol HTTP/1.1 Server 160.119.254.114 , South Africa, ASN328364 (Host-Africa-AS, ZA), Reverse DNS Software LiteSpeed / Resource Hash `e5db88ea2322863ca17817b99d60006c625a31cff0dad49cf05d3c6d16a75c17` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/em/micro.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 21:57:44 GMT last-modified Mon, 25 Sep 2023 20:50:42 GMT server LiteSpeed etag "5c6-6511f2a2-17a646;;;" content-type image/png cache-control public, max-age=604800 connection Keep-Alive accept-ranges bytes content-length 1478 expires Wed, 13 Dec 2023 21:57:44 GMT
GET H/1.1	200 OK	desktop.png strox.nl/we_files/pics/	326 KB 326 KB	649ms 256ms	Image image/png	212.23.222.194 MEVSPACE
General Check archive.org Show headers Download Go to Show image Full URL https://strox.nl/we_files/pics/desktop.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/css/csspage2.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 212.23.222.194 , Poland, ASN201814 (MEVSPACE, PL), Reverse DNS Software nginx/1.20.1 / Resource Hash `d96648547657e2ddba21b29f39c4ab71a06d3d277d0ee5b7a174303e73e497fe` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 21:57:44 GMT Last-Modified Sun, 22 Aug 2021 08:50:16 GMT Server nginx/1.20.1 ETag "51624-5ca21fd4d8200" Upgrade h2,h2c Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 333348
GET H/1.1	200 OK	verified.png strox.nl/we_files/lib/pics/	838 B 1 KB	524ms 131ms	Image image/png	212.23.222.194 MEVSPACE
General Check archive.org Show headers Download Go to Show image Full URL https://strox.nl/we_files/lib/pics/verified.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/css/csspage2.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 212.23.222.194 , Poland, ASN201814 (MEVSPACE, PL), Reverse DNS Software nginx/1.20.1 / Resource Hash `c43d971c0eef736bae54dcbaab480cc68201261d8818bb7c95a67304d25610fa` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 21:57:44 GMT Last-Modified Thu, 27 May 2021 20:09:06 GMT Server nginx/1.20.1 ETag "346-5c35554ce5c80" Upgrade h2,h2c Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 838
GET H/1.1	200 OK	protected.png strox.nl/we_files/lib/pics/	886 B 1 KB	524ms 130ms	Image image/png	212.23.222.194 MEVSPACE
General Check archive.org Show headers Download Go to Show image Full URL https://strox.nl/we_files/lib/pics/protected.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/css/csspage2.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 212.23.222.194 , Poland, ASN201814 (MEVSPACE, PL), Reverse DNS Software nginx/1.20.1 / Resource Hash `4f8a1775c3e6df5aa00a232418859ddd665b9e0fb5fbc9e7bea454e686d0fd42` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 21:57:44 GMT Last-Modified Thu, 27 May 2021 20:09:06 GMT Server nginx/1.20.1 ETag "376-5c35554ce5c80" Upgrade h2,h2c Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 886
GET H/1.1	200 OK	ownership.png strox.nl/we_files/lib/pics/	736 B 996 B	524ms 130ms	Image image/png	212.23.222.194 MEVSPACE
General Check archive.org Show headers Download Go to Show image Full URL https://strox.nl/we_files/lib/pics/ownership.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/css/csspage2.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 212.23.222.194 , Poland, ASN201814 (MEVSPACE, PL), Reverse DNS Software nginx/1.20.1 / Resource Hash `107402e53df51a2d6c42982e9ccfdcd2932566954b914cc976f5cfff59595141` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 21:57:44 GMT Last-Modified Thu, 27 May 2021 20:09:06 GMT Server nginx/1.20.1 ETag "2e0-5c35554ce5c80" Upgrade h2,h2c Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 736
GET H/1.1	200 OK	credit-card.png strox.nl/we_files/lib/pics/	783 B 1 KB	522ms 130ms	Image image/png	212.23.222.194 MEVSPACE
General Check archive.org Show headers Download Go to Show image Full URL https://strox.nl/we_files/lib/pics/credit-card.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/css/csspage2.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 212.23.222.194 , Poland, ASN201814 (MEVSPACE, PL), Reverse DNS Software nginx/1.20.1 / Resource Hash `4b5f57a1d4e51b7315d6cbdf54e145b2988929b3a4cd46111968a8ee3a80bc23` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 21:57:44 GMT Last-Modified Thu, 27 May 2021 20:09:06 GMT Server nginx/1.20.1 ETag "30f-5c35554ce5c80" Upgrade h2,h2c Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 783
GET H/1.1	200 OK	done.png strox.nl/we_files/lib/pics/	684 B 944 B	522ms 131ms	Image image/png	212.23.222.194 MEVSPACE
General Check archive.org Show headers Download Go to Show image Full URL https://strox.nl/we_files/lib/pics/done.png Requested by Host: bl0ci.com URL: http://bl0ci.com/em/css/csspage2.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 212.23.222.194 , Poland, ASN201814 (MEVSPACE, PL), Reverse DNS Software nginx/1.20.1 / Resource Hash `7364a7e3cdc47920c689b449bb59b493f3eb408c6da48a79fd2a0e21b05ec3a7` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 21:57:44 GMT Last-Modified Thu, 27 May 2021 20:09:06 GMT Server nginx/1.20.1 ETag "2ac-5c35554ce5c80" Upgrade h2,h2c Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 684
GET DATA	200 OK	truncated /	425 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4bf8a807015b26253ef3acebbbc85c182e3ab6c0b959bd47503970688069179c` Request headers accept-language en-US,en;q=0.9 Referer http://bl0ci.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bl0ci.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: go8iol9hlc26dnis72ap6s97eb

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bl0ci.com
strox.nl
160.119.254.114
212.23.222.194
107402e53df51a2d6c42982e9ccfdcd2932566954b914cc976f5cfff59595141
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2730b67f3355a4d67725e61377bacdc6c2dc94a4bb0c1deddf0046b1dd7e52c2
3bc9eb45e54675f062678c8f05798879ca1a6419f6dd3079279d25d3726fc076
3ce342b3f2f2082136f189387a24e3356513edb56be3a5d330f4b14a2b890bbe
485cca5970e0bab9bc9569ed4e2bf329f94633837e3c1fb6f28694762a34ae04
48edd52e523c142aa7635626d0bc620622c45ff1e6f8e91930123d044013b12e
4b5f57a1d4e51b7315d6cbdf54e145b2988929b3a4cd46111968a8ee3a80bc23
4bf8a807015b26253ef3acebbbc85c182e3ab6c0b959bd47503970688069179c
4f8a1775c3e6df5aa00a232418859ddd665b9e0fb5fbc9e7bea454e686d0fd42
6d2b3b4a31fa8016502b0d8c30f34b65b6fb5a703bdb3580678738ef22c57e7a
7364a7e3cdc47920c689b449bb59b493f3eb408c6da48a79fd2a0e21b05ec3a7
74a777a57d37b8e8d57d065b3a294a6cd0d42c07c69eea6a49afb568736ceebd
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
9d09ae64daba8b02cc84a1ef05eba2625f889dc5e444979465f650cbc4ddd4ba
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
c036a0505f8ec9937750d860e4454d5c0848d6208198f61ed3f04876ffaa9aaf
c43d971c0eef736bae54dcbaab480cc68201261d8818bb7c95a67304d25610fa
ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d96648547657e2ddba21b29f39c4ab71a06d3d277d0ee5b7a174303e73e497fe
e5db88ea2322863ca17817b99d60006c625a31cff0dad49cf05d3c6d16a75c17

bl0ci.com Open in urlscan Pro 160.119.254.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

21 Requests

29 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

451 kBTransfer

583 kBSize

1 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

Indicators

bl0ci.com Open in urlscan Pro
160.119.254.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

29 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

451 kB
Transfer

583 kB
Size

1
Cookies

21 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!