airdrop.aaveprotocol.app
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission: On December 04 via automatic, source phishtank — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on December 3rd 2022. Valid for: 3 months.
This is the only time airdrop.aaveprotocol.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Aave (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:7aaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:303... 2606:4700:3034::6815:27b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
nftbox.cfd
nftbox.cfd |
2 MB |
5 |
aaveprotocol.app
airdrop.aaveprotocol.app |
|
2 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 926 |
545 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 242 |
152 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 759 |
83 KB |
0 |
xn--aav-5qa.com
Failed
xn--aav-5qa.com Failed |
|
16 | 6 |
Domain | Requested by | |
---|---|---|
5 | nftbox.cfd |
airdrop.aaveprotocol.app
nftbox.cfd |
5 | airdrop.aaveprotocol.app |
airdrop.aaveprotocol.app
|
2 | unpkg.com |
airdrop.aaveprotocol.app
|
2 | cdnjs.cloudflare.com |
airdrop.aaveprotocol.app
|
1 | code.jquery.com |
airdrop.aaveprotocol.app
|
0 | xn--aav-5qa.com Failed |
airdrop.aaveprotocol.app
|
16 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
aave.com |
github.com |
docs.aave.com |
snapshot.org |
aavegrants.org |
aavenews.substack.com |
zapper.fi |
defisaver.com |
zerion.io |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.aaveprotocol.app GTS CA 1P5 |
2022-12-03 - 2023-03-03 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
*.nftbox.cfd GTS CA 1P5 |
2022-11-05 - 2023-02-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://airdrop.aaveprotocol.app/
Frame ID: FB156BF7416961F0710325655E4D4BAF
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Aave - Open Source Liquidity ProtocolAave - Open Source Liquidity ProtocolDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Aave Protocol
Search URL Search Domain Scan URL
Title: Docs
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Visit Docs
Search URL Search Domain Scan URL
Title: How to create Snapshot
Search URL Search Domain Scan URL
Title: Apply for a Grant
Search URL Search Domain Scan URL
Title: Subscribe to Aave News
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: Zapper
Search URL Search Domain Scan URL
Title: Defi Saver
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
airdrop.aaveprotocol.app/ |
3 MB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.js
code.jquery.com/ |
282 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ethers.umd.min.js
cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ |
719 KB 124 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webpack.js
airdrop.aaveprotocol.app/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
airdrop.aaveprotocol.app/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills.js
airdrop.aaveprotocol.app/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.min.js
unpkg.com/@walletconnect/web3-provider@1.2.1/dist/umd/ |
1 MB 354 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
unpkg.com/web3modal@1.9.0/dist/ |
418 KB 190 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
airdrop.aaveprotocol.app/Aave%20-%20Open%20Source%20Liquidity%20Protocol_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
xn--aav-5qa.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.js
nftbox.cfd/static/js/ |
8 MB 2 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/ |
88 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
406 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
103 KB 103 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
103 KB 103 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
104 KB 104 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
97 KB 97 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
rates
nftbox.cfd/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
logs
nftbox.cfd/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rates
nftbox.cfd/api/ |
52 B 525 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
logs
nftbox.cfd/api/ |
23 B 524 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
448 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- xn--aav-5qa.com
- URL
- https://xn--aav-5qa.com/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Aave (Crypto)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery object| _ethers object| ethers function| setImmediate function| clearImmediate object| WalletConnectProvider object| Web3Modal function| savepage_ShadowLoader function| webpackHotUpdateethereum_crypto_drainer_v1_frontend object| __REACT_DEVTOOLS_GLOBAL_HOOK__ boolean| __reactRefreshInjected function| CoinbaseWalletSDK function| CoinbaseWalletProvider function| WalletLink function| WalletLinkProvider object| regeneratorRuntime function| updateWeb3Modal3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.aaveprotocol.app/ | Name: __ddg1_ Value: Q51his1QralWtRKHJ0f7 |
|
airdrop.aaveprotocol.app/ | Name: ref Value: No |
|
airdrop.aaveprotocol.app/ | Name: user Value: connected |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
airdrop.aaveprotocol.app
cdnjs.cloudflare.com
code.jquery.com
nftbox.cfd
unpkg.com
xn--aav-5qa.com
xn--aav-5qa.com
2001:4de0:ac18::1:a:1a
2606:4700:3034::6815:27b
2606:4700::6810:7aaf
2606:4700::6811:190e
2a06:98c1:3120::3
05e0ca3f38966965b3400dc05db506c462ebf67ed71a9e9d3e28f7672647e0a6
0d6bb1db32cd796935856fc4b6155206c8fafc62c7b9b82194aaf9801f3193cb
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
16fcfd9aac26b3f38265866e72db353779ae839192d1c2943672bbb9916f2c0e
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6
1de840916dd1d4e91e6128830977fff16e6e044998fa68eac3eb01334c7855be
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
4d17514e4c6ec3082d1321979a48ca6975a2fa1682a8e633a320fcff5e1a67c2
5480952751c8ed74be6f99a84dab4852975bf88099fdb96ef661084700f2bb59
67ad2454feca6eb213f4a70cc588137e6bd21ad95c0eda2709faa2317ff90359
73f246049508215d1dc1b232dfc451282266b3073f6578ec94882dcd981da835
761b0ce335a262440ebeb2b1817bcc858f947895d05426fd651a4db54472a95f
95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618
9991625109fae255b27bdc17f1eb4f2e860f2744da216b50e4523eeca3451887
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a9a2502021a88cb7593fe591f2da0519a97ba22cdefae89988c9019d99eef899
b71bb4537d8a488ab30889808b0dff7366cb5ac722037d4cd069564c8a765530
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7
d0e4aa89ec94a8ec49637d646f810036c7d4f913a168f7e042584a5bad0dcf8e
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6