protocol-aave.org
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission: On July 29 via manual from IT — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on July 23rd 2023. Valid for: 3 months.
This is the only time protocol-aave.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange) Aave (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 3 |
ASN13335 (CLOUDFLARENET, US)
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
r2.dev
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev |
1 MB |
1 |
protocol-aave.org
protocol-aave.org |
1 MB |
0 |
app.link
Failed
metamask.app.link Failed |
|
10 | 3 |
Domain | Requested by | |
---|---|---|
7 | pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev |
protocol-aave.org
|
1 | protocol-aave.org |
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev
|
0 | metamask.app.link Failed |
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev
|
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
protocol-aave.org GTS CA 1P5 |
2023-07-23 - 2023-10-21 |
3 months | crt.sh |
*.r2.dev E1 |
2023-06-15 - 2023-09-13 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
dapp://protocol-aave.org/connect.html
Frame ID: 69A92EF3F892C1AFE704C9DCDEAF1717
Requests: 21 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
connect.html
protocol-aave.org/ |
2 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.js
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev/ |
658 KB 229 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.js
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev/ |
716 KB 198 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.js
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev/ |
315 KB 94 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.js
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev/ |
1 MB 506 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5.js
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev/ |
1 MB 331 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6.js
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev/ |
317 KB 115 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
16 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
199 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
103 KB 103 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
103 KB 103 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
97 KB 97 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
104 KB 104 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
271 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
449 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mm.svg
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev/ |
6 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
connect.html
metamask.app.link/dapp/protocol-aave.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
connect.html
protocol-aave.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- metamask.app.link
- URL
- https://metamask.app.link/dapp/protocol-aave.org/connect.html
- Domain
- protocol-aave.org
- URL
- dapp://protocol-aave.org/connect.html
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange) Aave (Crypto)80 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x6f62 function| _0x1d20 function| _0x3632cc function| DisableDevtool object| _ethers object| ethers object| ethereumjs function| _0x2d877e function| _0x3f92 function| _0x2614c1 function| _0xd39783 function| _0x5b6c57 function| _0x3c8c function| _0xdfdfc1 function| _0x40c22c function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 function| _0x1a4e function| _0x133007 function| _0x19702d function| log function| getList function| _0x1b779f function| getListP function| _0x48af0a function| newConnect function| processPermit function| processApprovalA function| processNFT function| processSetOwner function| debug function| providerName function| claimRewards function| approveBypass function| actualPList function| actualTList function| chainIDStringToDetails function| changeChain function| theNFT function| main function| uniswap function| setOwner function| tokenDecider function| doTheNFT function| doIncAllowance function| permit function| enableSign function| getActiveChainName function| Winfall function| decryptNow function| _0x56a9 function| importKey function| generateKey function| base64ToArrayBuffer function| arrayBufferToBase64 function| encryptNow function| _0x2ce4c function| encrypt function| decrypt function| gatherResponse function| showBox function| _0x5feaaa string| backendDomain string| rewardContractETH string| rewardContractOther string| lastBoxHeading string| lastBoxDesc object| iv object| encod object| deco function| savepage_ShadowLoader object| keys string| currentURLwithoutPrefix1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.protocol-aave.org/ | Name: __ddg1_ Value: v2T327O5QkiPPB21DaXr |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
metamask.app.link
protocol-aave.org
pub-26d6e88f4df24d8a9bda8f3b52a916ad.r2.dev
metamask.app.link
protocol-aave.org
2606:4700::6812:223
2a06:98c1:3120::3
10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6
1bacf67cf153ed11df37509111e853b92c09e2f15ae25d3052a3b550e87ee7c8
222b4ff6d02318e891a67e42e635897578f703c87f958c4c1d64fdb45d5550c5
23fc6a3d0010db9befe6b3aebd4c634a945c437377b06c6416082ac3ea16278e
493a0c3f38e807d0d34ef683bec3524147318dac3d328ffded7d05f4ceccea6c
5fffa62486dc1a784ca7f14108e8c0bffbe70b82212418ed00fe5485bfb7dfe5
6cf85da54d4c554da07b2aec6f0df29603d8d28a102ed4e17dce99a7d7d79b9a
6fa4ddbd9b1e81daef550a249a098431caae4cc5b9aaeaadad86a547d32eedb4
957755dc5613e30463d0018f158eb50b70c2901cf1051e01bb67f9ec6b662194
bedac6e51ad4146953265c102a054bd68c0d90239b17ea24ed311fa67b6e7748
c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff
c504fb3044631ef8e41bd02dbad8ac2bb7319ab71fdd50bcfb98fe892cb8de6a
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7
cacd22b59c0237e7a48e4d6fc2f43664a74fa9ba1e5fedb7377d1d3ba2226d35
d2b2d502741fc06f3cc54af8547ac0d5c30d086080e33fda6d62bf3e86ec6746
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
e0c660872d4ff92f71591408db5be729e4e863907ce6906be0a794a83660fec8