urlscan.io logo urlscan.io
SecurityTrails logo

app.unlswap.ae.org Open in urlscan Pro
185.178.208.184  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.services.uniswop.website/
Effective URL: https://app.unlswap.ae.org/Swap/
Submission: On November 19 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 3 HTTP transactions. The main IP is 185.178.208.184, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is app.unlswap.ae.org.
TLS certificate: Issued by R3 on November 18th 2021. Valid for: 3 months.
This is the only time app.unlswap.ae.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Uniswap (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
1 1 185.178.208.138 57724 (DDOS-GUARD)
1 1 178.159.36.39 213058 (PIHL-AS)
1 2 185.178.208.184 57724 (DDOS-GUARD)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 185.199.109.133 54113 (FASTLY)
3 4
1    185.178.208.138 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net
www.services.uniswop.website
1    178.159.36.39 (Russian Federation)

ASN213058 (PIHL-AS, RU)
app.unlswap.cash
2    185.178.208.184 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net
app.unlswap.ae.org
1    2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    185.199.109.133 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-133.github.com
raw.githubusercontent.com
Apex Domain
Subdomains		 Transfer
2 ae.org
app.unlswap.ae.org
214 KB
1 githubusercontent.com
raw.githubusercontent.com
222 KB
1 jquery.com
code.jquery.com
83 KB
1 unlswap.cash
app.unlswap.cash
228 B
1 uniswop.website
www.services.uniswop.website
247 B
3 5
Domain Requested by
2 app.unlswap.ae.org 1 redirects
1 raw.githubusercontent.com app.unlswap.ae.org
1 code.jquery.com app.unlswap.ae.org
1 app.unlswap.cash 1 redirects
1 www.services.uniswop.website 1 redirects
3 5

This site contains links to these domains. Also see Links.

Domain
etherscan.io
Subject Issuer Validity Valid
app.unlswap.ae.org
R3		 2021-11-18 -
2022-02-16		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA		 2020-05-06 -
2022-04-14		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://app.unlswap.ae.org/Swap/
Frame ID: 19DEC957405E397C524BE544ADD3D169
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Uniswap Interfacelogo

Page URL History Show full URLs

  1. https://www.services.uniswop.website/ HTTP 302
    http://app.unlswap.cash/swap/online.php?utm= HTTP 302
    https://app.unlswap.ae.org/?swap=1 HTTP 302
    https://app.unlswap.ae.org/Swap/ Page URL

Page Statistics

3
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

519 kB
Transfer

1037 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.services.uniswop.website/ HTTP 302
    http://app.unlswap.cash/swap/online.php?utm= HTTP 302
    https://app.unlswap.ae.org/?swap=1 HTTP 302
    https://app.unlswap.ae.org/Swap/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.unlswap.ae.org/Swap/
Redirect Chain
  • https://www.services.uniswop.website/
  • http://app.unlswap.cash/swap/online.php?utm=
  • https://app.unlswap.ae.org/?swap=1
  • https://app.unlswap.ae.org/Swap/
337 KB
214 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.unlswap.ae.org/Swap/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.184 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
a6fb4cf7f5e2cb48a931ea5728a15e4786773b4a702b0326ab6379ff043488a4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
ddos-guard
content-security-policy
upgrade-insecure-requests;
date
Fri, 19 Nov 2021 02:51:54 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
content-encoding
gzip

Redirect headers

server
ddos-guard
content-security-policy
upgrade-insecure-requests;
date
Fri, 19 Nov 2021 02:51:54 GMT
content-type
text/html
location
https://app.unlswap.ae.org/Swap/
content-encoding
br
vary
Accept-Encoding
jquery-3.6.0.js
code.jquery.com/ 		282 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.js
Requested by
Host: app.unlswap.ae.org
URL: https://app.unlswap.ae.org/Swap/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239

Request headers

Referer
https://app.unlswap.ae.org/
Origin
https://app.unlswap.ae.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 02:51:54 GMT
content-encoding
gzip
last-modified
Tue, 02 Mar 2021 17:27:20 GMT
server
nginx
etag
W/"603e7578-46744"
vary
Accept-Encoding
x-hw
1637290314.dop003.am5.t,1637290314.cds207.am5.hn,1637290314.cds145.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
84714
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc1944a3d800b5cbede23e8acdf984598757033c891d54fbfdaab6f0644b4e32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		112 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
62367d960f6827a816ba4f698c0caa2f3a4b4672988edbb2117353b7efc48d24

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a3334c32aaf5b8be377ae81e6e05786db64bbbbfed043d7949068e6d2f5d28fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		52 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85fd12d6a61ad3b62d33d03b1c6e7bb972df88b5898edb2a862dc5a11ac54b1c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2f3a43d895a857a42a92ecc58dae85737012add5e0014ff36f02b8ce631681b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44085e7930857e21210a08de58043d36f33c3f653962a8da2f13f972b6c23e58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
Inter-roman.var.woff2
raw.githubusercontent.com/rsms/inter/master/docs/font-files/ 		222 KB
222 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://raw.githubusercontent.com/rsms/inter/master/docs/font-files/Inter-roman.var.woff2
Requested by
Host: app.unlswap.ae.org
URL: https://app.unlswap.ae.org/Swap/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-133.github.com
Software
/
Resource Hash
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.unlswap.ae.org/
Origin
https://app.unlswap.ae.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fastly-request-id
b29f92c9fa27e0080c654a4b15d1b636b03e982b
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
x-cache-hits
0
vary
Authorization,Accept-Encoding,Origin
content-length
227180
x-xss-protection
1; mode=block
x-served-by
cache-hhn4044-HHN
x-github-request-id
E240:4F1B:23583D:250880:6197114A
x-timer
S1637290315.766482,VS0,VE87
x-frame-options
deny
date
Fri, 19 Nov 2021 02:51:54 GMT
source-age
0
strict-transport-security
max-age=31536000
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"b573d651f196306b40892652d31ab5605a3c931d30be96af1a4478e1ef4c2ff9"
accept-ranges
bytes
expires
Fri, 19 Nov 2021 02:56:54 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Uniswap (Crypto Exchange)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| vib

3 Cookies

Domain/Path Name / Value
.uniswop.website/ Name: __ddg1
Value: P3AQqORNt48h5iUEkWCC
.unlswap.ae.org/ Name: __ddg1
Value: 62BX8KbcubHIHoo5720M
app.unlswap.ae.org/ Name: 315d6b690058c6dbacae26dbe0e490f8
Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;