bluekit.su

https://bluekit.su/

172.67.186.119 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

—

HTTP

200 · 35.2s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "bluekit - your phishing kit"

Save

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

bluekit.su

Unknown

technology | finance | ecommerce | social_media | other · 4/29/2026

Summary

The page at bluekit.su presents branding for a phishing kit service with explicit references in the page title and content. Visuals show a dashboard-like UI and branding that mimics legitimate analytics dashboards, and the HTML title explicitly states 'bluekit - your phishing kit'. However, the domain bluekit.su does not belong to a widely recognized legitimate brand, and the content centers on phishing-kit capabilities. The site uses dynamic SPA-like behavior with numerous external scripts and Cloudflare fronting requests, suggesting an intentionally hosted phishing tooling platform rather than a legitimate first-party service, but the evidence primarily indicates impersonation of intent rather than a direct credential-collection page on a known brand. Given the evidence, classify as potential credential-phishing/abuse platform with impersonation indicators, but the data does not conclusively show a live credential submission form on this domain in the static HTML.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://bluekit.su/cdn-cgi/rum?, https://bluekit.su/cdn-cgi/challenge-platform/h/g/jsd/oneshot/a80f1640690f/0.5647010643265475:1777378311:gK4lA1YeGP_hEKVDqUMpxAHmL3hbJnd7ewk_vzedcEk/9f3643ccddd7e69c.

▸Distinctive asset clues: rocket-loader.min.js, 0bwofn5_qzn1~.js, 11_7gtyx.9m5g.css, 16-2pyq9-p~3g.css, image.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 50

Hosts: 2

Domains: 2

Observed Signals (0)

Observed Indicators (1)

▸Page title and description explicitly reference phishing kit

Risk AssessmentUsed in abuse reports

The scan indicates a hosted phishing tooling platform with strong indicators of credential-phishing-oriented UI (title 'your phishing kit' and dashboard-like branding). The static HTML contains no login form, but the SPA nature means credentials could be captured via dynamically rendered forms. The presence of multiple external script files, numerous resource loads, and POST requests to anti-bot endpoints suggests intent to deploy and operate a phishing toolkit rather than legitimate analytics. Given the branding and observed network behavior, this site should be treated as malicious and impersonation-focused; monitor and consider takedown actions if abuse confirmation is established.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence