![](/screenshots/609afbeb-8686-4b46-b84e-22f3cf4ccd11.png)
robinhood-crypto-wallet.free.nf
Open in
urlscan Pro
185.27.134.34
Malicious Activity!
Public Scan
Effective URL: https://robinhood-crypto-wallet.free.nf/?i=2
Submission: On June 19 via api from US — Scanned from GB
Summary
TLS certificate: Issued by WR1 on June 19th 2024. Valid for: 3 months.
This is the only time robinhood-crypto-wallet.free.nf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Robinhood (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 185.27.134.34 185.27.134.34 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
2 | 13.227.219.5 13.227.219.5 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.156.60.100 108.156.60.100 | 16509 (AMAZON-02) (AMAZON-02) | |
14 | 4 |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
robinhood-crypto-wallet.free.nf |
ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-5.ams54.r.cloudfront.net
cdn.robinhood.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-156-60-100.ams1.r.cloudfront.net
robinhood.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
free.nf
robinhood-crypto-wallet.free.nf |
20 KB |
3 |
robinhood.com
cdn.robinhood.com — Cisco Umbrella Rank: 17801 robinhood.com — Cisco Umbrella Rank: 6465 |
412 KB |
0 |
moy.su
Failed
apps-obinhood-crypto-wallet.moy.su Failed |
|
14 | 3 |
Domain | Requested by | |
---|---|---|
5 | robinhood-crypto-wallet.free.nf |
robinhood-crypto-wallet.free.nf
|
2 | cdn.robinhood.com |
robinhood-crypto-wallet.free.nf
|
1 | robinhood.com | |
0 | apps-obinhood-crypto-wallet.moy.su Failed |
robinhood-crypto-wallet.free.nf
|
14 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
robinhood-crypto-wallet.free.nf WR1 |
2024-06-19 - 2024-09-17 |
3 months | crt.sh |
*.robinhood.com DigiCert TLS RSA SHA256 2020 CA1 |
2024-01-18 - 2025-02-17 |
a year | crt.sh |
robinhood.com Amazon RSA 2048 M03 |
2024-02-06 - 2025-03-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://robinhood-crypto-wallet.free.nf/?i=2
Frame ID: 11946F48E6EBA99E6FF2F6CC08C8A330
Requests: 14 HTTP requests in this frame
Screenshot
![](/screenshots/609afbeb-8686-4b46-b84e-22f3cf4ccd11.png)
Page Title
Log In | RobinhoodPage URL History Show full URLs
- https://robinhood-crypto-wallet.free.nf/?i=1 Page URL
- https://robinhood-crypto-wallet.free.nf/?i=2 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://robinhood-crypto-wallet.free.nf/?i=1 Page URL
- https://robinhood-crypto-wallet.free.nf/?i=2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
robinhood-crypto-wallet.free.nf/ |
843 B 701 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
robinhood-crypto-wallet.free.nf/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
robinhood-crypto-wallet.free.nf/ |
9 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
legacyStyles.54f4576ded752cf2cfa8.css
robinhood-crypto-wallet.free.nf/ |
94 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stayle.css
robinhood-crypto-wallet.free.nf/ |
27 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
App.8d455d3471c517adc757.css
cdn.robinhood.com/assets/generated_assets/webapp/web-platform-prefetch-sdp/member/ |
40 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9435691b466061dc75b0.jpg
cdn.robinhood.com/assets/generated_assets/webapp/web-platform-prefetch-sdp/member/ |
401 KB 402 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
8b42e3fc6d1d161d6fbd.woff2
apps-obinhood-crypto-wallet.moy.su/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
ece4dfe7c8753c6ed9e4.woff2
apps-obinhood-crypto-wallet.moy.su/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
f31b2ecb2f8e039d53bd.woff2
apps-obinhood-crypto-wallet.moy.su/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
eae2cabcf8266bed9e32.woff
apps-obinhood-crypto-wallet.moy.su/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
ba3ebea0939580614269.woff
apps-obinhood-crypto-wallet.moy.su/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
8ba279fa6846f41bb219.woff
apps-obinhood-crypto-wallet.moy.su/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
robinhood.com/ |
4 KB 5 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- apps-obinhood-crypto-wallet.moy.su
- URL
- https://apps-obinhood-crypto-wallet.moy.su/fonts/8b42e3fc6d1d161d6fbd.woff2
- Domain
- apps-obinhood-crypto-wallet.moy.su
- URL
- https://apps-obinhood-crypto-wallet.moy.su/fonts/ece4dfe7c8753c6ed9e4.woff2
- Domain
- apps-obinhood-crypto-wallet.moy.su
- URL
- https://apps-obinhood-crypto-wallet.moy.su/fonts/f31b2ecb2f8e039d53bd.woff2
- Domain
- apps-obinhood-crypto-wallet.moy.su
- URL
- https://apps-obinhood-crypto-wallet.moy.su/fonts/eae2cabcf8266bed9e32.woff
- Domain
- apps-obinhood-crypto-wallet.moy.su
- URL
- https://apps-obinhood-crypto-wallet.moy.su/fonts/ba3ebea0939580614269.woff
- Domain
- apps-obinhood-crypto-wallet.moy.su
- URL
- https://apps-obinhood-crypto-wallet.moy.su/fonts/8ba279fa6846f41bb219.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Robinhood (Financial)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
robinhood-crypto-wallet.free.nf/ | Name: __test Value: b13bae09baee6ea20fdc5cba11a0a792 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apps-obinhood-crypto-wallet.moy.su
cdn.robinhood.com
robinhood-crypto-wallet.free.nf
robinhood.com
apps-obinhood-crypto-wallet.moy.su
108.156.60.100
13.227.219.5
185.27.134.34
189d03682a6da08401278a20afadc730ed0048e8988a4cd2eaa054a36f6fc1fe
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
549b3e6c4a807afa38716f12c7282c1755d69e3eb6268e1d4f01f817450eda12
67bdd4ee5781262d8dcc6f78120d0d07f6f277c57aabdd4a3e38a023828124c0
692930bb156108b20c0ec637381a87f3ae168935df7b891c5fa9300cbb182824
9ff7ad461432be849c2fe8936aa46010a74c0ee8aac9a38f42857eafe5ce7c77
d94ee7e0d70ca2074c1d040a373731061200dc94aa3b218a9264f0511f603c78
f2413a8bddf0d54c3a1080c123f4f51db1eeb03310f548a75f5ce1466aaaa30e