app.iccswap.com
Open in
urlscan Pro
2606:4700:3033::6815:371c
Malicious Activity!
Public Scan
Effective URL: https://app.iccswap.com/
Submission: On January 20 via api from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 18th 2020. Valid for: a year.
This is the only time app.iccswap.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Uniswap (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.199.108.153 185.199.108.153 | 54113 (FASTLY) (FASTLY) | |
1 8 | 2606:4700:303... 2606:4700:3033::6815:371c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 18.210.239.248 18.210.239.248 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 151.101.112.133 151.101.112.133 | 54113 (FASTLY) (FASTLY) | |
2 | 157.230.103.136 157.230.103.136 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 185.199.111.153 185.199.111.153 | 54113 (FASTLY) (FASTLY) | |
2 | 2a00:1450:400... 2a00:1450:4001:815::200e | 15169 (GOOGLE) (GOOGLE) | |
4 | 52.202.107.119 52.202.107.119 | 14618 (AMAZON-AES) (AMAZON-AES) | |
24 | 9 |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-239-248.compute-1.amazonaws.com
app.tryroll.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-107-119.compute-1.amazonaws.com
ropsten.infura.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
iccswap.com
1 redirects
app.iccswap.com |
752 KB |
4 |
infura.io
ropsten.infura.io |
5 KB |
3 |
google-analytics.com
www.google-analytics.com |
19 KB |
2 |
umaproject.org
umaproject.org |
2 KB |
2 |
defiprime.com
defiprime.com |
5 KB |
2 |
githubusercontent.com
raw.githubusercontent.com |
8 KB |
2 |
tryroll.com
app.tryroll.com |
9 KB |
1 |
github.io
1 redirects
iccswap.github.io |
237 B |
0 |
coingecko.com
Failed
www.coingecko.com Failed |
|
24 | 9 |
Domain | Requested by | |
---|---|---|
8 | app.iccswap.com |
1 redirects
app.iccswap.com
|
4 | ropsten.infura.io |
app.iccswap.com
|
3 | www.google-analytics.com |
app.iccswap.com
www.google-analytics.com |
2 | umaproject.org |
app.iccswap.com
|
2 | defiprime.com |
app.iccswap.com
|
2 | raw.githubusercontent.com |
app.iccswap.com
|
2 | app.tryroll.com |
app.iccswap.com
|
1 | iccswap.github.io | 1 redirects |
0 | www.coingecko.com Failed |
app.iccswap.com
|
24 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.iccswap.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-18 - 2021-11-17 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-12-15 - 2021-03-09 |
3 months | crt.sh |
app.tryroll.com R3 |
2021-01-04 - 2021-04-04 |
3 months | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
*.defiprime.com R3 |
2021-01-06 - 2021-04-06 |
3 months | crt.sh |
umaproject.org R3 |
2020-12-26 - 2021-03-26 |
3 months | crt.sh |
*.infura.io Amazon |
2020-03-27 - 2021-04-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://app.iccswap.com/
Frame ID: 3CA78334DBC44644D1E8BBC5D61C2527
Requests: 24 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://iccswap.github.io/iccswap-interface-release
HTTP 301
http://app.iccswap.com/ HTTP 301
https://app.iccswap.com/ Page URL
Detected technologies
Ruby (Programming Languages) ExpandDetected patterns
- url /^https?:\/\/[^/]+\.github\.io\//i
Varnish (Cache Tools) Expand
Detected patterns
- headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Ruby on Rails (Web Frameworks) Expand
Detected patterns
- url /^https?:\/\/[^/]+\.github\.io\//i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
GitHub Pages (CDN) Expand
Detected patterns
- url /^https?:\/\/[^/]+\.github\.io\//i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: ICCSWAP
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://iccswap.github.io/iccswap-interface-release
HTTP 301
http://app.iccswap.com/ HTTP 301
https://app.iccswap.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
app.iccswap.com/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.996ad921.chunk.css
app.iccswap.com/static/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.a0edd3f4.chunk.js
app.iccswap.com/static/js/ |
1 MB 433 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.5f2c7481.chunk.js
app.iccswap.com/static/js/ |
351 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
46 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.json
app.iccswap.com/locales/ |
4 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
v_0_0_0.json
www.coingecko.com/tokens_list/iccswap/defi_100/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tokens.json
app.tryroll.com/ |
14 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
compound.tokenlist.json
raw.githubusercontent.com/compound-finance/token-list/master/ |
24 KB 4 KB |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
defiprime.tokenlist.json
defiprime.com/ |
12 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uma.tokenlist.json
umaproject.org/ |
2 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en-US.json
app.iccswap.com/locales/ |
9 KB 5 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
collect
www.google-analytics.com/j/ |
2 B 388 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
c1c81ee2287f46549f4551952fe908c1
ropsten.infura.io/v3/ |
2 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
c1c81ee2287f46549f4551952fe908c1
ropsten.infura.io/v3/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
v_0_0_0.json
www.coingecko.com/tokens_list/iccswap/defi_100/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tokens.json
app.tryroll.com/ |
14 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
compound.tokenlist.json
raw.githubusercontent.com/compound-finance/token-list/master/ |
24 KB 4 KB |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
defiprime.tokenlist.json
defiprime.com/ |
12 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uma.tokenlist.json
umaproject.org/ |
2 KB 817 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Inter-roman.var.57fa490c.woff2
app.iccswap.com/static/media/ |
219 KB 220 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
collect
www.google-analytics.com/ |
35 B 122 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
c1c81ee2287f46549f4551952fe908c1
ropsten.infura.io/v3/ |
3 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
c1c81ee2287f46549f4551952fe908c1
ropsten.infura.io/v3/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.coingecko.com
- URL
- https://www.coingecko.com/tokens_list/iccswap/defi_100/v_0_0_0.json
- Domain
- www.coingecko.com
- URL
- https://www.coingecko.com/tokens_list/iccswap/defi_100/v_0_0_0.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Uniswap (Crypto Exchange)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| webpackJsonp@iccswap/interface object| regeneratorRuntime object| scCGSHMRCache function| setImmediate function| clearImmediate string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.iccswap.com/ | Name: _gid Value: GA1.2.542035218.1611130947 |
|
.iccswap.com/ | Name: _gat Value: 1 |
|
.iccswap.com/ | Name: _ga Value: GA1.2.1167037529.1611130947 |
|
.iccswap.com/ | Name: __cfduid Value: d50f7c3c4b1a72d6812bb8146c5861df01611130946 |
79 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.iccswap.com
app.tryroll.com
defiprime.com
iccswap.github.io
raw.githubusercontent.com
ropsten.infura.io
umaproject.org
www.coingecko.com
www.google-analytics.com
www.coingecko.com
151.101.112.133
157.230.103.136
18.210.239.248
185.199.108.153
185.199.111.153
2606:4700:3033::6815:371c
2a00:1450:4001:800::200e
2a00:1450:4001:815::200e
52.202.107.119
065d089abbed56f6505e9207203e6d727e968dab0f8ff667ed165061fdf5b1a0
25786840c367d5efff67e4f39fec95c119bccf251fac4eec0479fae0809fde72
25999021f50f412f989766e9657feead5aedaa2205d929d1c7470a4250221fa1
29a54065710b91d134150ac91a824abe2505abfe790bc2e67f6a7bbd4e3f2ef1
815d2785c4071e5aa9a7cfd96411fbc21543e4bc1d210e9f916300d4202c4138
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
92422411564e87ca1f8f222a363a67033c3bb4b13294efb2e4163271b3cc4dfc
92b9477faf0fee81fac029c72d7d2bd5981207611e62d7725e63b0549aae250f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4635bb54a70bc7e1a67453090f478f9cae9dd54bf2e9284c878ddba8347bbb1
a48c6afcbf339c8807a7ad4e47a072227ff337f6ded581da00314fcaf35e3c8e
ae4e33a9052c95a03c260e34394bb833003e0f4cfea3a364f523623f68ec2821
b448cb222f0ec2fffc5cb87373fff1576896f73e9700e002d18c872b0245af13
c16891abae55d7e9b076658be5b2d7089411201271e066d2ac50f6d829624b51
c483324a4e9881deadeb8735ad86dbbecc5942b5b1be22973ce6dd6c0b7f73a2
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ed38b29cfa2fc0d12d0ed4ed265228de9bd4c733d1ce007b54b4655928697420
f04f89ad9d4d1a4e84531986d45ecff9d2a46395f8732e29f203d915eb25310b