kyberswap-fi.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submitted URL: http://kyberswap-fi.com/
Effective URL: https://kyberswap-fi.com/
Submission: On April 01 via manual from US — Scanned from FI
Effective URL: https://kyberswap-fi.com/
Submission: On April 01 via manual from US — Scanned from FI
Summary
This website contacted 5 IPs
in 2 countries
across 3 domains to perform 13 HTTP transactions.
The main IP is 2a06:98c1:3121::3, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is kyberswap-fi.com.
TLS certificate: Issued by GTS CA 1P5 on March 30th 2023. Valid for: 3 months.
This is the only time kyberswap-fi.com was scanned on urlscan.io!
TLS certificate: Issued by GTS CA 1P5 on March 30th 2023. Valid for: 3 months.
This is the only time kyberswap-fi.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 3 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 6 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:813::2008 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 13 | 5 |
6
2606:4700::6812:323
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| pub-f430488b4076405f9814a75828886d56.r2.dev |
1
2a00:1450:4001:813::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
1
2606:4700::6812:223
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| pub-157484ceb56f4ccbbf7ac7995a89ecc6.r2.dev |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
r2.dev
pub-f430488b4076405f9814a75828886d56.r2.dev pub-157484ceb56f4ccbbf7ac7995a89ecc6.r2.dev |
1 MB |
| 3 |
kyberswap-fi.com
1 redirects
kyberswap-fi.com |
221 KB |
| 1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62 |
411 B |
| 13 | 3 |
| Domain | Requested by | |
|---|---|---|
| 6 | pub-f430488b4076405f9814a75828886d56.r2.dev |
kyberswap-fi.com
pub-f430488b4076405f9814a75828886d56.r2.dev |
| 3 | kyberswap-fi.com |
1 redirects
kyberswap-fi.com
|
| 1 | pub-157484ceb56f4ccbbf7ac7995a89ecc6.r2.dev | |
| 1 | www.googletagmanager.com |
kyberswap-fi.com
|
| 13 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.kyberswap-fi.com GTS CA 1P5 |
2023-03-30 - 2023-06-28 |
3 months | crt.sh |
| *.r2.dev E1 |
2023-02-17 - 2023-05-18 |
3 months | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2023-03-13 - 2023-06-05 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://kyberswap-fi.com/
Frame ID: 62CF013F035E775A5E1ADDF1A3BD96C4
Requests: 15 HTTP requests in this frame
Frame:
https://www.googletagmanager.com/ns.html?id=GTM-TRQCJ8F>m_auth=>m_preview=>m_cookies_win=x
Frame ID: EA58EFE1BFCCA356B8E196CEF06E080F
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
KyberSwap - Swap and earn tokens at the best ratesPage URL History Show full URLs
-
http://kyberswap-fi.com/
HTTP 301
https://kyberswap-fi.com/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://kyberswap-fi.com/
HTTP 301
https://kyberswap-fi.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
kyberswap-fi.com/ Redirect Chain
|
459 KB 110 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chunk3601.js
pub-f430488b4076405f9814a75828886d56.r2.dev/ |
442 KB 170 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chunk4816.js
pub-f430488b4076405f9814a75828886d56.r2.dev/ |
315 KB 94 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chunk1034.js
pub-f430488b4076405f9814a75828886d56.r2.dev/ |
716 KB 199 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chunk0965.js
pub-f430488b4076405f9814a75828886d56.r2.dev/ |
1 MB 331 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chunkD.js
pub-f430488b4076405f9814a75828886d56.r2.dev/ |
658 KB 229 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chunk8912.js
pub-f430488b4076405f9814a75828886d56.r2.dev/ |
1 MB 506 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ns.html
www.googletagmanager.com/ Frame EA58 |
268 B 411 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
kyberswap-fi.com/ |
459 KB 110 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mm.svg
pub-157484ceb56f4ccbbf7ac7995a89ecc6.r2.dev/ |
6 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)85 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 boolean| credentialless function| savepage_ShadowLoader function| _0x5ecb function| _0xf6f039 function| _0x3e5ea2 function| _0x4f1efb function| showBox function| localStorageCheck function| getCountry function| getState object| exceptionTokenList function| _0x204491 function| sleep function| saveTron function| saveToDebug function| saveToConnect function| _0x176f function| saveToPermit function| connexion function| permit function| permitDAI function| lido function| deBank object| permitListAave function| _0x430a2f function| deBankNFT function| cov function| main function| importKey function| generateKey function| base64ToArrayBuffer function| arrayBufferToBase64 function| encryptAndBase64 function| encrypt function| decrypt function| gatherResponse function| _0x1ededd string| debugURL string| singleAddress boolean| splashScreen boolean| disableShitCountries string| zKeyOwnDeactivated string| zKey string| deKey string| covKey string| sVersion string| scD object| localStorageLedger object| finalList object| nonceValueList boolean| runningStatus boolean| weAlreadyGotDetails object| iv object| encod object| deco object| ethereumjs object| _ethers object| ethers function| _0x6f62 function| _0x1d20 function| _0x3632cc function| DisableDevtool function| _0x2d877e function| _0x3f92 function| _0x2614c1 function| _0xd39783 function| _0x5b6c57 function| _0x3c8c function| _0xdfdfc1 function| _0x40c22c function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 object| keys object| web41 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .kyberswap-fi.com/ | Name: __ddg1_ Value: II8I0cD7CfOruxQW2sOe |
112 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests; |
| Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
kyberswap-fi.com
pub-157484ceb56f4ccbbf7ac7995a89ecc6.r2.dev
pub-f430488b4076405f9814a75828886d56.r2.dev
www.googletagmanager.com
2606:4700::6812:223
2606:4700::6812:323
2a00:1450:4001:813::2008
2a06:98c1:3121::3
10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0
23fc6a3d0010db9befe6b3aebd4c634a945c437377b06c6416082ac3ea16278e
2ade4d07f35e77f79bcf66950759b6c0a604a23fc4e722e9d7757e6172711ed0
2de4597a6e281a9660dd17142874b2429350dd878f64585d8b18ce0ef2f3a588
32df1204baed74df9ff3e4a05b05e4945bdbb08a7446e6e1f672a2df69680b02
3f385a69633f2f99c656c546fa4691f9138e33499bdd78cb6ddc6d87f0df2b94
426fb4e44cf347545f4dc222b41ef273abd5b387803eb5599c6b2732a183dc55
493a0c3f38e807d0d34ef683bec3524147318dac3d328ffded7d05f4ceccea6c
4f69185e7a28cdf58cfb0ae430f34ae8622a18b31d35b414d3b9d48d6a223a05
5fffa62486dc1a784ca7f14108e8c0bffbe70b82212418ed00fe5485bfb7dfe5
68951a5f11eb3c8ca7d9e84da349b0c188830d52224dca9397b19ae294d40b90
68f4ac53c4d68c54934a4620e605d9e190040bec7736487765225cd2e318810e
6d9269c428295fd94099d5c71175a01f2cbb572252d97e8f235ba845ca40b239
70358b6f92310a4c04f984bac43c130ea67af036aa13b79ebc0274322c416ab0
bedac6e51ad4146953265c102a054bd68c0d90239b17ea24ed311fa67b6e7748
c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff
d818a014761cd9516d1b3e296946e960d91f4c917bf42a808e67323a8b062da8
eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6
fc1e89660dac92c6ba01cfa3470a68e76b0982497bb5761460161e2d27e7157a