mswap.bbd.sh
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://mswap.bbd.sh/
Submission Tags: @phish_report
Submission: On April 05 via api from FI — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on March 15th 2024. Valid for: 3 months.
This is the only time mswap.bbd.sh was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Uniswap (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6812:b46 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:50c0:800... 2606:50c0:8001::154 | 54113 (FASTLY) (FASTLY) | |
2 | 172.67.153.28 172.67.153.28 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 54.88.7.149 54.88.7.149 | 14618 (AMAZON-AES) (AMAZON-AES) | |
25 | 8 |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-7-149.compute-1.amazonaws.com
mainnet.infura.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
bbd.sh
mswap.bbd.sh |
799 KB |
4 |
infura.io
mainnet.infura.io — Cisco Umbrella Rank: 27594 |
522 B |
2 |
defiprime.com
defiprime.com |
10 KB |
2 |
githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4683 |
8 KB |
2 |
tryroll.com
app.tryroll.com |
10 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35 |
21 KB |
0 |
umaproject.org
Failed
umaproject.org Failed |
|
0 |
coingecko.com
Failed
www.coingecko.com Failed |
|
25 | 8 |
Domain | Requested by | |
---|---|---|
10 | mswap.bbd.sh |
mswap.bbd.sh
|
4 | mainnet.infura.io |
mswap.bbd.sh
|
2 | defiprime.com |
mswap.bbd.sh
|
2 | raw.githubusercontent.com |
mswap.bbd.sh
|
2 | app.tryroll.com |
mswap.bbd.sh
|
1 | www.google-analytics.com |
mswap.bbd.sh
|
0 | umaproject.org Failed |
mswap.bbd.sh
|
0 | www.coingecko.com Failed |
mswap.bbd.sh
|
25 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bbd.sh GTS CA 1P5 |
2024-03-15 - 2024-06-13 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
tryroll.com Cloudflare Inc ECC CA-3 |
2024-01-27 - 2024-12-31 |
a year | crt.sh |
*.github.io DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-03-15 - 2025-03-14 |
a year | crt.sh |
defiprime.com E1 |
2024-03-14 - 2024-06-12 |
3 months | crt.sh |
*.infura.io Amazon RSA 2048 M02 |
2023-11-29 - 2024-12-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mswap.bbd.sh/
Frame ID: 76FB49E37307D6258DF2FC329779A38C
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Uniswap InterfaceDetected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
mswap.bbd.sh/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.f04942fe.chunk.css
mswap.bbd.sh/static/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.3a216566.chunk.js
mswap.bbd.sh/static/js/ |
1 MB 436 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.b8cbba3a.chunk.js
mswap.bbd.sh/static/js/ |
348 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
en.json
mswap.bbd.sh/locales/ |
4 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.5827780d.svg
mswap.bbd.sh/static/media/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wordmark.b75565ae.svg
mswap.bbd.sh/static/media/ |
107 KB 33 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
en-US.json
mswap.bbd.sh/locales/ |
153 B 489 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
v_0_0_0.json
www.coingecko.com/tokens_list/uniswap/defi_100/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tokens.json
app.tryroll.com/ |
16 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
compound.tokenlist.json
raw.githubusercontent.com/compound-finance/token-list/master/ |
25 KB 4 KB |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
defiprime.tokenlist.json
defiprime.com/ |
22 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
uma.tokenlist.json
umaproject.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
099fc58e0de9451d80b18d7c74caa7c1
mainnet.infura.io/v3/ |
90 B 261 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
099fc58e0de9451d80b18d7c74caa7c1
mainnet.infura.io/v3/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Inter-roman.var.90e8f61d.woff2
mswap.bbd.sh/static/media/ |
221 KB 221 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
v_0_0_0.json
www.coingecko.com/tokens_list/uniswap/defi_100/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tokens.json
app.tryroll.com/ |
16 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
compound.tokenlist.json
raw.githubusercontent.com/compound-finance/token-list/master/ |
25 KB 4 KB |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
defiprime.tokenlist.json
defiprime.com/ |
22 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
uma.tokenlist.json
umaproject.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
099fc58e0de9451d80b18d7c74caa7c1
mainnet.infura.io/v3/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
099fc58e0de9451d80b18d7c74caa7c1
mainnet.infura.io/v3/ |
90 B 261 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.png
mswap.bbd.sh/ |
7 KB 7 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.coingecko.com
- URL
- https://www.coingecko.com/tokens_list/uniswap/defi_100/v_0_0_0.json
- Domain
- umaproject.org
- URL
- https://umaproject.org/uma.tokenlist.json
- Domain
- www.coingecko.com
- URL
- https://www.coingecko.com/tokens_list/uniswap/defi_100/v_0_0_0.json
- Domain
- umaproject.org
- URL
- https://umaproject.org/uma.tokenlist.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Uniswap (Crypto Exchange)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackJsonp@uniswap/interface object| regeneratorRuntime function| setImmediate function| clearImmediate object| scCGSHMRCache string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bbd.sh/ | Name: _ga Value: GA1.2.557550335.1712328321 |
|
.bbd.sh/ | Name: _gid Value: GA1.2.1155088323.1712328321 |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.tryroll.com
defiprime.com
mainnet.infura.io
mswap.bbd.sh
raw.githubusercontent.com
umaproject.org
www.coingecko.com
www.google-analytics.com
umaproject.org
www.coingecko.com
172.67.153.28
188.114.97.3
2606:4700::6812:b46
2606:50c0:8001::154
2a00:1450:4001:813::200e
2a06:98c1:3121::3
54.88.7.149
0ada3fcb6d23286f44d3d25bfaefe446158ba659d875033a03600a3f0a6ae661
10174434dbe479c08b32ce3b42b70e7c6336647d29e4393483158d590d35c325
1264930ffa407937b1486ae664841287ada5961471c40f25e8a94d962c1d08c6
2099b0c9285fc7b610857f891e252a08f6c0e273b1614a1d6e2f74cd7e08d1df
414648afaa14fe736635bd028b45a87bcb3ea8ba078fead51b5ef0f320b06997
64dbdcf0bf0488a0036b872f3fb9acb85c6354a661abeb54f57f85caf6400737
64efcbf0bcf051f7c50b131d27f6aeeb25df502a3d07d11acc4f4259f6e01075
7324d6640c3e5b2f314258fe6113ebbe974e458035ce82436eb5889d1335f430
9714ebb32e37727cd1b10f4025b94f0d11d82bd489632e3f236d0425ad45f169
a7c23707e191b848cf7636633fdc4a1f6782e950efc7f7e5d89f6876d93220ad
b8e5fc78cc13c39d7b6040a18239c1e50352520f8a205b179afaa48ff31e8549
bd7a6976bd35ec63c5b4d7da9863689ad8dc088906b0a92015a79d20aa93dc6c
cf47cb3417636580384fe35a484a1b183bcea3e56b74dbe0c1aa4860882224fc
d0c2be4e059bb158e7576b4f4ada95cc4ffc517bd427aa992535acbb5ab80cd2
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd