pacmannft.xyz
Open in
urlscan Pro
141.95.37.116
Malicious Activity!
Public Scan
Submission Tags: @phantomxsec
Submission: On August 20 via manual from US — Scanned from FR
Summary
This is the only time pacmannft.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 141.95.37.116 141.95.37.116 | 16276 (OVH) (OVH) | |
3 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:5514 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 23.106.160.200 23.106.160.200 | 7203 (LEASEWEB-...) (LEASEWEB-USA-SFO) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
5 | 2606:4700::68... 2606:4700::6810:7aaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 7 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
pacmannft.xyz
pacmannft.xyz |
559 KB |
5 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 868 |
852 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 219 |
14 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 422 |
117 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 615 |
30 KB |
1 |
ascendednft.site
ascendednft.site |
8 KB |
19 | 6 |
Domain | Requested by | |
---|---|---|
7 | pacmannft.xyz |
pacmannft.xyz
code.jquery.com |
5 | unpkg.com |
pacmannft.xyz
|
3 | cdnjs.cloudflare.com |
pacmannft.xyz
|
2 | cdn.jsdelivr.net |
pacmannft.xyz
|
1 | code.jquery.com |
pacmannft.xyz
|
1 | ascendednft.site |
pacmannft.xyz
|
19 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
ascendednft.site R3 |
2022-08-08 - 2022-11-06 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://pacmannft.xyz/
Frame ID: 7E1F824C2F2F9D565C66D0688AFDB1A9
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Pacman XYZDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
pacmannft.xyz/ |
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
pacmannft.xyz/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/ |
156 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spin.min.css
cdnjs.cloudflare.com/ajax/libs/spin.js/4.1.0/ |
320 B 471 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spin.umd.js
ascendednft.site/ |
7 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ethereumjs-tx-1.3.3.min.js
cdn.jsdelivr.net/gh/ethereumjs/browser-builds/dist/ethereumjs-tx/ |
315 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3.min.js
unpkg.com/web3@1.2.11/dist/ |
1 MB 294 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
unpkg.com/web3modal@1.9.0/dist/ |
418 KB 190 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.min.js
unpkg.com/evm-chains@0.2.0/dist/umd/ |
22 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.min.js
unpkg.com/@walletconnect/web3-provider@1.2.1/dist/umd/ |
1 MB 354 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fortmatic.js
unpkg.com/fortmatic@2.0.6/dist/ |
35 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
async.min.js
cdnjs.cloudflare.com/ajax/libs/async/3.2.4/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
pacmannft.xyz/ |
219 KB 220 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.jpg
pacmannft.xyz/ |
167 KB 167 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
retrogaming.ttf
pacmannft.xyz/ |
30 KB 31 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getPriceData.php
pacmannft.xyz/ |
122 KB 122 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postAddr.php
pacmannft.xyz/ |
0 244 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)83 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| Spin function| $ function| jQuery object| ethereumjs function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 object| Web3Modal object| evmChains object| WalletConnectProvider function| Fortmatic object| async function| _0x4a5ebf function| _0x434996 object| _0x11e425 object| _0x19a10f object| _0x1b8cde object| _0x1fd72f object| _0x3e1e6f string| _0x3348f8 string| _0x2c0254 string| _0x2f0a5a string| _0x530ba2 string| _0x44dece string| _0x31ff4e string| _0x2b2797 string| _0xfdd114 string| _0x38f9b8 string| _0x3b98e8 number| _0x12b51f number| _0x4df18c string| _0x4b4b7a string| _0x242328 object| _0x267bf3 undefined| _0x3ba413 boolean| _0x3c3d55 object| _0x30a164 undefined| _0x215559 undefined| _0x4898ee undefined| _0x42dca0 number| _0x17640e function| _0x483510 function| _0x322463 function| _0x2f4825 function| _0x454c2c function| _0x4b2ee3 function| _0x4e9fda function| _0x24791d function| _0x4938d8 function| _0x28c811 function| _0x397408 function| _0x2f144d function| _0x5004ea function| _0x4bfbef function| _0x5e70 function| _0x575ae6 function| _0x44c98a function| _0x16b09e function| _0x45bdc0 function| _0x583c32 function| _0x4cc3bd function| _0x27bf26 function| _0x1a5ee5 function| _0x1226ec function| _0x4d9e object| _0x3153f5 object| _0x272a16 object| _0x567dfd object| _0x371f6a object| _0x8bda7f object| _0x4439f4 object| _0x20e627 object| _0x34b0ee object| _0x4a2c94 function| _0x4229a8 function| updateWeb3Modal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ascendednft.site
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
pacmannft.xyz
unpkg.com
141.95.37.116
2001:4de0:ac18::1:a:2b
23.106.160.200
2606:4700::6810:5514
2606:4700::6810:7aaf
2606:4700::6811:190e
05e0ca3f38966965b3400dc05db506c462ebf67ed71a9e9d3e28f7672647e0a6
0b8822c2c385fdd4f64b5a815e662439aaba14f79aef4a5813e12ba122dd317c
10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0
1d0379dd77ad25552d64b70cd02d2d2833a1804214c1f482eb413fd2b8c115d4
2d64af181fb5efe66d11ab3ce8ba0502ca5be747f05e869f7753309262f8ce96
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
4d17514e4c6ec3082d1321979a48ca6975a2fa1682a8e633a320fcff5e1a67c2
57260df9b7b8c98913555b9221c91668e94b69f180335b5cd956be0884f772c3
67ad2454feca6eb213f4a70cc588137e6bd21ad95c0eda2709faa2317ff90359
6dcf1269a45ee98914d9c92fc26d6366039f9275f565fc64141372da9923b747
76b53cabc052c02e654a32d672b3b4c1e8bfc175b4bee4c3d29435166e0e6555
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7e5413dc49d7b1d00867fcc8342f8df992ddafb065e60738c34ba35f3c781fa1
8eee49e3d0f4e651f9f40adfd661861997715b99d5b88103ae44d248ca6b1751
d93c05813c158faf533a332c1b49f2a9f0432e0454fdefd1a2c9f11428b7a4e9
da52f9db5b4972cc6cabba72ca26c38001d9c1ec92a95214b90c13cba9bdfccd
df62886e23ee053efaad11b6b7932a55130c4edbe154def8bbf3b734bd11bf47
dfd827142124c0fab4b916a4c72dbf4c91a9069a150aa8be71d0566f6d612066
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd8b93fe30b95107b677b4c7dcdf8b6f0c830287be886858f428f9183a811e06
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e