claims-blockfi.com Open in urlscan Pro
176.10.111.155 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://claims-blockfi.com/creditors/
Submission Tags: @phish_report
Submission: On March 18 via api (March 18th 2024, 2:05:05 pm UTC) from FI — Scanned from CH

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 176.10.111.155, located in Switzerland and belongs to AS-SOFTPLUS, CH. The main domain is claims-blockfi.com.
TLS certificate: Issued by R3 on March 18th 2024. Valid for: 3 months.

This is the only time claims-blockfi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	176.10.111.155 176.10.111.155	51395 (AS-SOFTPLUS) (AS-SOFTPLUS)
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2

11 176.10.111.155 (Switzerland)

ASN51395 (AS-SOFTPLUS, CH)
PTR: opg60.sweetantslocations.com

claims-blockfi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

zhu-ni-hao-yun.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	claims-blockfi.com claims-blockfi.com	1 MB
2	zhu-ni-hao-yun.sh zhu-ni-hao-yun.sh	3 KB
13	2

	Domain	Requested by
11	claims-blockfi.com	claims-blockfi.com
2	zhu-ni-hao-yun.sh	claims-blockfi.com
13	2

This site contains no links.

Subject Issuer	Validity	Valid
claims-blockfi.com R3	`2024-03-18` - `2024-06-16`	3 months	crt.sh
zhu-ni-hao-yun.sh GTS CA 1P5	`2024-03-13` - `2024-06-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://claims-blockfi.com/creditors/
Frame ID: 3C0C437B7115778A95C0B99F044E5190
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Full Withdrawals Are Now Available for Creditors

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1506 kB
Transfer

2686 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response claims-blockfi.com/creditors/	79 KB 11 KB	101ms 36ms	Document text/html	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `f493fdc7310d7cb74c74781931ada24432c77a63e5fd89028f27f922efd9226a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language de-CH,de;q=0.9 Response headers content-encoding br content-type text/html date Mon, 18 Mar 2024 14:05:00 GMT etag W/"65f7b9d4-13a7d" last-modified Mon, 18 Mar 2024 03:49:40 GMT server nginx x-powered-by PleskLin
GET H2	200	_.css claims-blockfi.com/creditors/	139 KB 22 KB	36ms 36ms	Stylesheet text/css	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/_.css Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `686cc12c932b63c610612704b1e7f4e92fc9f521efeb767d1c5fc49a504a5556` Request headers accept-language de-CH,de;q=0.9 Referer https://claims-blockfi.com/creditors/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT content-encoding br last-modified Mon, 18 Mar 2024 00:55:56 GMT server nginx etag W/"65f7911c-22dd4" x-powered-by PleskLin content-type text/css
GET H2	200	hovercards.min.css claims-blockfi.com/creditors/	3 KB 869 B	26ms 26ms	Stylesheet text/css	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/hovercards.min.css Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad` Request headers accept-language de-CH,de;q=0.9 Referer https://claims-blockfi.com/creditors/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT content-encoding br last-modified Mon, 18 Mar 2024 00:55:56 GMT server nginx etag W/"65f7911c-d5d" x-powered-by PleskLin content-type text/css
GET H2	200	contracts.js Show response claims-blockfi.com/creditors/js/	76 KB 7 KB	32ms 32ms	Script text/javascript	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/js/contracts.js Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `3a6844ad99126e8a873f5fdff634a83c2344a21af868ce318753e6d486d39c46` Request headers accept-language de-CH,de;q=0.9 Referer https://claims-blockfi.com/creditors/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT content-encoding br last-modified Mon, 18 Mar 2024 00:10:28 GMT server nginx etag W/"65f78674-12f46" x-powered-by PleskLin content-type text/javascript
GET H2	200	main.js Show response claims-blockfi.com/creditors/js/	969 KB 258 KB	86ms 86ms	Script text/javascript	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/js/main.js Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `b5de07059522544508e33c31531b2afc0df80f0aa209f231c3038476ce23745b` Request headers accept-language de-CH,de;q=0.9 Referer https://claims-blockfi.com/creditors/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT content-encoding br last-modified Mon, 18 Mar 2024 00:10:28 GMT server nginx etag W/"65f78674-f2549" x-powered-by PleskLin content-type text/javascript
GET H2	200	entry.js Show response claims-blockfi.com/creditors/js/	334 KB 119 KB	114ms 114ms	Script text/javascript	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/js/entry.js Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `dc4249ea373b5bc649c6d2805bd35936d394a134dbf8bf3d21043425a309c65e` Request headers accept-language de-CH,de;q=0.9 Referer https://claims-blockfi.com/creditors/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT content-encoding br last-modified Mon, 18 Mar 2024 00:10:28 GMT server nginx etag W/"65f78674-536c4" x-powered-by PleskLin content-type text/javascript
GET H2	200	output-1.png claims-blockfi.com/creditors/	2 KB 3 KB	114ms 114ms	Image image/png	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Show image Full URL https://claims-blockfi.com/creditors/output-1.png Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `6e12f5deabc58a126b8a0e5890b585377ab379e148a91e8426a5d48ee81a2130` Request headers accept-language de-CH,de;q=0.9 Referer https://claims-blockfi.com/creditors/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT last-modified Mon, 18 Mar 2024 00:55:56 GMT server nginx etag "65f7911c-9bc" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 2492
GET H2	200	inter_normal_400.ttf claims-blockfi.com/creditors/	303 KB 303 KB	112ms 111ms	Font font/ttf	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/inter_normal_400.ttf Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `41ab0f707a2bfab8133ccdfcdab52282f5f79e5751f43a264805451c7bb95fb8` Request headers Referer https://claims-blockfi.com/creditors/ Origin https://claims-blockfi.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT last-modified Mon, 18 Mar 2024 00:55:56 GMT server nginx etag "65f7911c-4ba44" x-powered-by PleskLin content-type font/ttf accept-ranges bytes content-length 309828
GET H2	200	literata_normal_400.ttf claims-blockfi.com/creditors/	235 KB 235 KB	111ms 110ms	Font font/ttf	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/literata_normal_400.ttf Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `c7ab674ae9e25b79eea2bc8a9cf61241a9a2736662054ff1bcf0cc2439ceabb6` Request headers Referer https://claims-blockfi.com/creditors/ Origin https://claims-blockfi.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT last-modified Mon, 18 Mar 2024 00:55:56 GMT server nginx etag "65f7911c-3aa34" x-powered-by PleskLin content-type font/ttf accept-ranges bytes content-length 240180
GET H2	200	inter_normal_700.ttf claims-blockfi.com/creditors/	309 KB 309 KB	112ms 111ms	Font font/ttf	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/inter_normal_700.ttf Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `790c108befe859dac2ddbd20af3fbb6917c601b3d544c8a05761519f3b5508fe` Request headers Referer https://claims-blockfi.com/creditors/ Origin https://claims-blockfi.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT last-modified Mon, 18 Mar 2024 00:55:56 GMT server nginx etag "65f7911c-4d2c4" x-powered-by PleskLin content-type font/ttf accept-ranges bytes content-length 316100
GET H2	200	literata_normal_500.ttf claims-blockfi.com/creditors/	235 KB 235 KB	111ms 111ms	Font font/ttf	176.10.111.155 AS-SOFTPLUS
General Check archive.org Show headers Download Go to Full URL https://claims-blockfi.com/creditors/literata_normal_500.ttf Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 176.10.111.155 , Switzerland, ASN51395 (AS-SOFTPLUS, CH), Reverse DNS opg60.sweetantslocations.com Software nginx / PleskLin Resource Hash `335cd9685a27256d23a658811c9cdb9533121da97524fdda7a7babb75acd6e67` Request headers Referer https://claims-blockfi.com/creditors/ Origin https://claims-blockfi.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 14:05:01 GMT last-modified Mon, 18 Mar 2024 00:55:56 GMT server nginx etag "65f7911c-3ab28" x-powered-by PleskLin content-type font/ttf accept-ranges bytes content-length 240424
POST H2	200	authenticate Show response zhu-ni-hao-yun.sh/api/	3 KB 3 KB	298ms 298ms	XHR application/json	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://zhu-ni-hao-yun.sh/api/authenticate Requested by Host: claims-blockfi.com URL: https://claims-blockfi.com/creditors/js/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `37e849c96e94f766505e55f000d0f3712bf425b3defa52148a4310cb7cba8dbf` Request headers Accept application/json, text/plain, / Referer https://claims-blockfi.com/ accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Content-Type application/json Response headers date Mon, 18 Mar 2024 14:05:02 GMT ratelimit-reset 60 content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by Express ratelimit-limit 15 alt-svc h3=":443"; ma=86400 ratelimit-policy 15;w=60 server cloudflare etag W/"b62-lY5alda2kse4gqYk6BhpVX1KquQ" access-control-max-age 86400 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2T4cx52Wo8kq7oeSi44zTG%2FlBwLSizfh8XpOLL0icYOwCnwXXxkCHmroqOIXfz9%2BrchEGJ4GxxvZQOeQAnWqTPAzuUePHYG5y6LYeyyMd70qL9QLjV9CFuA4mtBHydYb%2B8m9dNaYl%2FIOYMYddMZEpg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin https://claims-blockfi.com access-control-allow-credentials true cf-ray 8665c6764ae30a6b-AMS access-control-allow-headers jwt, session, content-type ratelimit-remaining 14
OPTIONS H2	200	authenticate zhu-ni-hao-yun.sh/api/	0 0	450ms 373ms	Preflight text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://zhu-ni-hao-yun.sh/api/authenticate Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://claims-blockfi.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers jwt, session, content-type access-control-allow-origin https://claims-blockfi.com access-control-max-age 86400 allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8665c673ffc10a6b-AMS content-encoding br content-type text/html; charset=utf-8 date Mon, 18 Mar 2024 14:05:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2FF7%2FpSuxZqH4LARF3OG6ra%2B3PUsU5CPw%2Fl68EkZ%2BPv3Jx2RFIxss7qgeeQjs50ZxUs6n2H99S%2FbntuXZRTK69Rnd24oNwE037qnbpLAI9Kmlri1lbgg4GtgfkMH3Acfx2uotcBfwYDlUbfAE2b0fg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

claims-blockfi.com
zhu-ni-hao-yun.sh
176.10.111.155
2a06:98c1:3120::3
2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad
335cd9685a27256d23a658811c9cdb9533121da97524fdda7a7babb75acd6e67
37e849c96e94f766505e55f000d0f3712bf425b3defa52148a4310cb7cba8dbf
3a6844ad99126e8a873f5fdff634a83c2344a21af868ce318753e6d486d39c46
41ab0f707a2bfab8133ccdfcdab52282f5f79e5751f43a264805451c7bb95fb8
686cc12c932b63c610612704b1e7f4e92fc9f521efeb767d1c5fc49a504a5556
6e12f5deabc58a126b8a0e5890b585377ab379e148a91e8426a5d48ee81a2130
790c108befe859dac2ddbd20af3fbb6917c601b3d544c8a05761519f3b5508fe
b5de07059522544508e33c31531b2afc0df80f0aa209f231c3038476ce23745b
c7ab674ae9e25b79eea2bc8a9cf61241a9a2736662054ff1bcf0cc2439ceabb6
dc4249ea373b5bc649c6d2805bd35936d394a134dbf8bf3d21043425a309c65e
f493fdc7310d7cb74c74781931ada24432c77a63e5fd89028f27f922efd9226a

claims-blockfi.com Open in urlscan Pro 176.10.111.155 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

13 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1506 kBTransfer

2686 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

0 Cookies

Indicators

claims-blockfi.com Open in urlscan Pro
176.10.111.155 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1506 kB
Transfer

2686 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions