aforocfreebroimax.ml
Open in
urlscan Pro
2606:4700:3032::ac43:872a
Malicious Activity!
Public Scan
Effective URL: https://aforocfreebroimax.ml/p/swap?subid=7079-9831-20220503160632615703
Submission: On May 03 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 26th 2021. Valid for: a year.
This is the only time aforocfreebroimax.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3036::6815:211d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2606:4700:303... 2606:4700:3032::ac43:872a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 143.204.201.79 143.204.201.79 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 76.76.21.22 76.76.21.22 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2606:4700:303... 2606:4700:3037::6815:4393 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
24 | 7 |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-79.fra53.r.cloudfront.net
cdn.ethers.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
aforocfreebroimax.ml
aforocfreebroimax.ml |
2 MB |
4 |
pancakeswap.com
nodes.pancakeswap.com — Cisco Umbrella Rank: 136922 Failed |
|
4 |
pancakeswap.finance
tokens.pancakeswap.finance — Cisco Umbrella Rank: 139228 |
36 KB |
2 |
gstatic.com
fonts.gstatic.com |
38 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 432 |
31 KB |
1 |
ethers.io
cdn.ethers.io — Cisco Umbrella Rank: 320047 |
91 KB |
1 |
stouthalemar.tk
1 redirects
stouthalemar.tk |
1 KB |
24 | 7 |
Domain | Requested by | |
---|---|---|
7 | aforocfreebroimax.ml |
aforocfreebroimax.ml
|
4 | nodes.pancakeswap.com |
aforocfreebroimax.ml
|
4 | tokens.pancakeswap.finance |
aforocfreebroimax.ml
|
2 | fonts.gstatic.com |
aforocfreebroimax.ml
|
1 | ajax.googleapis.com |
aforocfreebroimax.ml
|
1 | cdn.ethers.io |
aforocfreebroimax.ml
|
1 | stouthalemar.tk | 1 redirects |
24 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
medium.com |
docs.pancakeswap.finance |
twitter.com |
t.me |
reddit.com |
instagram.com |
github.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-12-26 - 2022-12-25 |
a year | crt.sh |
ethers.io Amazon |
2021-12-02 - 2022-12-29 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-04-11 - 2022-07-04 |
3 months | crt.sh |
tokens.pancakeswap.finance R3 |
2022-04-14 - 2022-07-13 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-04-18 - 2022-07-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://aforocfreebroimax.ml/p/swap?subid=7079-9831-20220503160632615703
Frame ID: 0BB6C030688839868302D8915B5533DB
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Exchange | PancakeSwap - ...Page URL History Show full URLs
-
http://stouthalemar.tk/help/?15791650979726=
HTTP 302
https://aforocfreebroimax.ml/p/swap?subid=7079-9831-20220503160632615703 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
Title: Blog
Search URL Search Domain Scan URL
Title: Docs
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: Bahasa Indonesia
Search URL Search Domain Scan URL
Title: 中文
Search URL Search Domain Scan URL
Title: Tiếng Việt
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: русский
Search URL Search Domain Scan URL
Title: Türkiye
Search URL Search Domain Scan URL
Title: Português
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: Français
Search URL Search Domain Scan URL
Title: Announcements
Search URL Search Domain Scan URL
Title: Whale Alert
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://stouthalemar.tk/help/?15791650979726=
HTTP 302
https://aforocfreebroimax.ml/p/swap?subid=7079-9831-20220503160632615703 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
swap
aforocfreebroimax.ml/p/ Redirect Chain
|
92 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2.css
aforocfreebroimax.ml/p/Home%20_%20PancakeSwap%20-%20..._files/ |
3 KB 867 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.ecdd39c8.chunk.css
aforocfreebroimax.ml/p/Home%20_%20PancakeSwap%20-%20..._files/ |
21 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.5e7e5373.chunk.js
aforocfreebroimax.ml/p/Home%20_%20PancakeSwap%20-%20..._files/ |
2 MB 577 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.a9914825.chunk.js
aforocfreebroimax.ml/p/Home%20_%20PancakeSwap%20-%20..._files/ |
991 KB 209 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ethers-v4.min.js
cdn.ethers.io/scripts/ |
296 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pancakeswap-top-100.json
tokens.pancakeswap.finance/ |
28 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pancakeswap-extended.json
tokens.pancakeswap.finance/ |
79 KB 13 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pancakeswap-top-100.json
tokens.pancakeswap.finance/ |
28 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pancakeswap-extended.json
tokens.pancakeswap.finance/ |
79 KB 13 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nKKZ-Go6G5tXcraVGwA.woff2
fonts.gstatic.com/s/kanit/v7/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nKKU-Go6G5tXcr5KPxWnVaE.woff2
fonts.gstatic.com/s/kanit/v7/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
d8590ef4-7ed8-4ace-8fdf-5ce5527788a8
https://aforocfreebroimax.ml/ |
7 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
swap.mp3
aforocfreebroimax.ml/p/ |
92 KB 92 KB |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
help.svg
aforocfreebroimax.ml/p/images/ |
2 MB 2 MB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
nodes.pancakeswap.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
/
nodes.pancakeswap.com/ |
0 0 |
Preflight
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
nodes.pancakeswap.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
/
nodes.pancakeswap.com/ |
0 0 |
Preflight
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
/
nodes.pancakeswap.com/ |
0 0 |
Preflight
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
nodes.pancakeswap.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
nodes.pancakeswap.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
/
nodes.pancakeswap.com/ |
0 0 |
Preflight
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- nodes.pancakeswap.com
- URL
- https://nodes.pancakeswap.com/
- Domain
- nodes.pancakeswap.com
- URL
- https://nodes.pancakeswap.com/
- Domain
- nodes.pancakeswap.com
- URL
- https://nodes.pancakeswap.com/
- Domain
- nodes.pancakeswap.com
- URL
- https://nodes.pancakeswap.com/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| setImmediate function| clearImmediate object| ethers function| $ function| jQuery object| webpackJsonppancake-frontend object| regeneratorRuntime object| _ethers function| _ function| getcookie function| handler2 string| _subid_2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
aforocfreebroimax.ml/p | Name: ktr Value: 7079-9831-20220503160632615703 |
|
.stouthalemar.tk/ | Name: 00831 Value: %7B%22streams%22%3A%7B%229831%22%3A1651583192%7D%2C%22campaigns%22%3A%7B%227079%22%3A1651583192%7D%2C%22time%22%3A1651583192%7D |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aforocfreebroimax.ml
ajax.googleapis.com
cdn.ethers.io
fonts.gstatic.com
nodes.pancakeswap.com
stouthalemar.tk
tokens.pancakeswap.finance
nodes.pancakeswap.com
143.204.201.79
2606:4700:3032::ac43:872a
2606:4700:3036::6815:211d
2606:4700:3037::6815:4393
2a00:1450:4001:812::200a
2a00:1450:4001:831::2003
76.76.21.22
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
2f426ca96f459f9229cf53665db2de4ec82d15ce49f767915378d87f733ccf9a
45d92bae6f1c6c3f731b7cba2239003a6284978e546a80865d61d496c4f08e3c
551bb3e110a18211e27d5b3c7c7c6fcb4b7effdcf74099ee84d8fe79410452fd
6d44d24d01f66f6761763f0e7658047b6c08de3a9677951a067bacbdd3ee850d
856eb20adf6607e87d1e179ea2a4168dd8aef18fde4320b37e4cee7071ca93b0
bcb7cbdaf31799e0e32cb8a0fe17a61aba563fa0d3475a82bf6893dc43f4c3a4
c6943f64277136491891a83bf86e73a0df2b7031640f5b7661fd3421fe3b0c8f
d12738328a1d7099776909a749173db3f1fbfb94bcd18da8ef35be8a4f4aa0e2
d522ceba20f12d2594bca7ab06bc6cc877e8ee1c5d94c2ae3c3af0d90c38ccc6
de118191efd898f798dd43fe402e3e87a3d3fc211864a89ae350a8929968586c
def634b44436d1e006b02b68051da6df2bc1bfd4f5405bc93a03c46e034e8fa0
f3c51374ca5a103dc0e1ab8912141aa3fec91993eed4ab17704f7cb263e8c535