helldemon.cryptoliveton.com Open in urlscan Pro
154.53.41.189 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://helldemon.cryptoliveton.com/
Effective URL:
https://helldemon.cryptoliveton.com/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On October 22 via api (October 22nd 2023, 5:07:39 pm UTC) from DE — Scanned from DE

Summary HTTP 20 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 20 HTTP transactions. The main IP is 154.53.41.189, located in St Louis, United States and belongs to NL-811-40021, US. The main domain is helldemon.cryptoliveton.com.
TLS certificate: Issued by R3 on October 22nd 2023. Valid for: 3 months.

This is the only time helldemon.cryptoliveton.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Uniswap (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 9	154.53.41.189 154.53.41.189	40021 (NL-811-40021) (NL-811-40021)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
6	18.232.205.232 18.232.205.232	14618 (AMAZON-AES) (AMAZON-AES)
20	6

9 154.53.41.189 (St Louis, United States) 1 redirects

ASN40021 (NL-811-40021, US)
PTR: vmi744542.contaboserver.net

helldemon.cryptoliveton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.232.205.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-205-232.compute-1.amazonaws.com

sepolia.infura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	cryptoliveton.com 1 redirects helldemon.cryptoliveton.com	3 MB
6	infura.io sepolia.infura.io — Cisco Umbrella Rank: 672732	683 B
2	gstatic.com fonts.gstatic.com	39 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	134 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2250	262 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49	951 B
20	6

	Domain	Requested by
9	helldemon.cryptoliveton.com	1 redirects helldemon.cryptoliveton.com
6	sepolia.infura.io	helldemon.cryptoliveton.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagmanager.com	helldemon.cryptoliveton.com www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	fonts.googleapis.com	helldemon.cryptoliveton.com
20	6

This site contains links to these domains. Also see Links.

Domain
pancakeswap.finance

Subject Issuer	Validity	Valid
helldemon.cryptoliveton.com R3	`2023-10-22` - `2024-01-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.infura.io Amazon RSA 2048 M01	`2023-02-28` - `2024-01-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://helldemon.cryptoliveton.com/
Frame ID: 6EE7DA01E1569AA172D82DBC654A5E1E
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home | Islamic Finance - $1.000

Page URL History Show full URLs

http://helldemon.cryptoliveton.com/ HTTP 301
https://helldemon.cryptoliveton.com/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

20
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

2962 kB
Transfer

3197 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://pancakeswap.finance/swap?outputCurrency=0x0e09fabb73bd3ade0a17ecc321fd13a19e81ce82
Title: $1.000

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://helldemon.cryptoliveton.com/ HTTP 301
https://helldemon.cryptoliveton.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
helldemon.cryptoliveton.com/
Redirect Chain

http://helldemon.cryptoliveton.com/
https://helldemon.cryptoliveton.com/

5 KB
3 KB

350ms
119ms

Document
text/html

154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: fc2bc8ee41d519175a89bfc60eb012dd672bbc286a949f29e774286b34eb2abc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: public, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 22 Oct 2023 17:07:33 GMT
ETag: W/"12ee-18b5b146850"
Last-Modified: Mon, 23 Oct 2023 05:49:06 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
X-Powered-By: Express

Redirect headers

Connection: keep-alive
Content-Length: 178
Content-Type: text/html
Date: Sun, 22 Oct 2023 17:07:33 GMT
Location: https://helldemon.cryptoliveton.com/
Server: nginx/1.18.0 (Ubuntu)

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
951 B 40ms
18ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Kanit:wght@400;600&display=swap

Requested by

Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2109ee2b3cfcd3c8f9834655a8863949318813ed4dfa4c9713f11f7b2bff7388

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 22 Oct 2023 17:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 22 Oct 2023 17:07:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 22 Oct 2023 17:07:33 GMT

GET
H/1.1 200
OK 3.ecdd39c8.chunk.css
helldemon.cryptoliveton.com/static/css/ 21 KB
21 KB 231ms
230ms Stylesheet
text/css 154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL: https://helldemon.cryptoliveton.com/static/css/3.ecdd39c8.chunk.css
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 653a3dbcfae2dd0c19b0d3ebecfa74467a195489499fc1fb6fb059c58b02ac1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sun, 22 Oct 2023 17:07:33 GMT
Last-Modified: Mon, 23 Oct 2023 05:49:06 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"545f-18b5b146850"
Content-Type: text/css; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21599

GET
H/1.1 200
OK 3.000889e9.chunk.js Show response
helldemon.cryptoliveton.com/static/js/ 2 MB
2 MB 463ms
234ms Script
application/javascript 154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL: https://helldemon.cryptoliveton.com/static/js/3.000889e9.chunk.js
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 9bc3f1cf47c418a340e664dff799e3b5e85634e7056b91df4219a0684af703c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sun, 22 Oct 2023 17:07:33 GMT
Last-Modified: Mon, 23 Oct 2023 05:49:06 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"1e527b-18b5b146850"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1987195

GET
H/1.1 200
OK main.05835f12.chunk.js Show response
helldemon.cryptoliveton.com/static/js/ 705 KB
705 KB 464ms
235ms Script
application/javascript 154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL: https://helldemon.cryptoliveton.com/static/js/main.05835f12.chunk.js
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: ef2807669955fb2dec32ffd562d674a60ca448ee6965681eb1730c657750d73d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sun, 22 Oct 2023 17:07:33 GMT
Last-Modified: Mon, 23 Oct 2023 05:49:06 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"b03ed-18b5b146850"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 721901

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 169 KB
61 KB 46ms
22ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PXLD3XW

Requested by

Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0efe0d441d4491a3ede1efc8439504205ce36222dc031792341bdcf70765efec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sun, 22 Oct 2023 17:07:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62576
x-xss-protection: 0
last-modified: Sun, 22 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 22 Oct 2023 17:07:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 198 KB
73 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RX6DKWFGNQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXLD3XW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6d8d45f6db3b5a0cae2ba0293867df89a457a13a48ff6818b6395ff33d038f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sun, 22 Oct 2023 17:07:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 74567
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 22 Oct 2023 17:07:33 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
262 B 36ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-RX6DKWFGNQ&gtm=45je3ai0&_p=367956968&cid=697037129.1697994454&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697994453&sct=1&seg=0&dl=https%3A%2F%2Fhelldemon.cryptoliveton.com%2F&dt=Islamic%20Finance&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RX6DKWFGNQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 Oct 2023 17:07:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://helldemon.cryptoliveton.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nKKZ-Go6G5tXcraVGwA.woff2
fonts.gstatic.com/s/kanit/v15/ 19 KB
19 KB 34ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/kanit/v15/nKKZ-Go6G5tXcraVGwA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Kanit:wght@400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae7b918efe7cd287651e014ed269c923e1a925c8eee1a474ad11184f04659d3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://helldemon.cryptoliveton.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Fri, 20 Oct 2023 07:08:11 GMT
x-content-type-options: nosniff
age: 208764
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19388
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 20:53:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Oct 2024 07:08:11 GMT

GET
H2 200 nKKU-Go6G5tXcr5KPxWnVaE.woff2
fonts.gstatic.com/s/kanit/v15/ 19 KB
20 KB 31ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/kanit/v15/nKKU-Go6G5tXcr5KPxWnVaE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Kanit:wght@400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7196c3002f08704f9f99de95b6357969a512eaa9a766eee693921dce72927cea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://helldemon.cryptoliveton.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 18:57:15 GMT
x-content-type-options: nosniff
age: 252620
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19572
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 20:50:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Oct 2024 18:57:15 GMT

GET
H/1.1 200
OK logo.png
helldemon.cryptoliveton.com/ 88 KB
88 KB 126ms
125ms Image
image/png 154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://helldemon.cryptoliveton.com/logo.png
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: dd2eb7356f17a7f5daebba3a21eb5cb25afa678f45724040d9fe0ea87830a159

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sun, 22 Oct 2023 17:07:35 GMT
Last-Modified: Fri, 01 Sep 2023 14:05:34 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"15ed1-18a51103fb0"
Content-Type: image/png
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89809

GET
H/1.1 200
OK base.svg
helldemon.cryptoliveton.com/images/ 865 B
1 KB 126ms
125ms Image
image/svg+xml 154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://helldemon.cryptoliveton.com/images/base.svg
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: d79a035c2ee9f2712c9b0d90c92f13ef9d171649ad5248d1e1813678d728ac49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sun, 22 Oct 2023 17:07:35 GMT
Last-Modified: Tue, 29 Aug 2023 16:19:48 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"361-18a421810a0"
Content-Type: image/svg+xml
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 865

GET
H/1.1 200
OK eth.png
helldemon.cryptoliveton.com/images/ 4 KB
4 KB 124ms
123ms Image
image/png 154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://helldemon.cryptoliveton.com/images/eth.png
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: cc1944a3d800b5cbede23e8acdf984598757033c891d54fbfdaab6f0644b4e32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helldemon.cryptoliveton.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sun, 22 Oct 2023 17:07:35 GMT
Last-Modified: Fri, 13 Oct 2023 06:45:58 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"f72-18b27c8e070"
Content-Type: image/png
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3954

GET
H/1.1 206
Partial Content swap.mp3
helldemon.cryptoliveton.com/ 23 KB
23 KB 336ms
232ms Media
audio/mpeg 154.53.41.189
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL: https://helldemon.cryptoliveton.com/swap.mp3
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 154.53.41.189 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi744542.contaboserver.net
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 3206235e5cbbf590ad623878726801ae2341bb40b11d60d8298f2649e121226e

Request headers

Referer: https://helldemon.cryptoliveton.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Range: bytes=0-

Response headers

Date: Sun, 22 Oct 2023 17:07:35 GMT
Last-Modified: Fri, 03 Dec 2021 08:01:00 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"5a80-17d7f4f8e60"
Content-Type: audio/mpeg
Content-Range: bytes 0-23167/23168
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23168

POST
H2 200 bfda5cc67dbd415c95a9bc204129984e Show response
sepolia.infura.io/v3/ 45 B
191 B 111ms
111ms Fetch
application/json 18.232.205.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sepolia.infura.io/v3/bfda5cc67dbd415c95a9bc204129984e
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/static/js/3.000889e9.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.205.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-205-232.compute-1.amazonaws.com
Software: /
Resource Hash: 89566b9b38622fe76ee328939bc4ab7fdde006ad790ac2bc7377b9580b736e50

Request headers

Referer: https://helldemon.cryptoliveton.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: application/json

Response headers

access-control-allow-origin: https://helldemon.cryptoliveton.com
date: Sun, 22 Oct 2023 17:07:35 GMT
content-length: 45
vary: Origin, Accept-Encoding
content-type: application/json

OPTIONS
H2 200 bfda5cc67dbd415c95a9bc204129984e
sepolia.infura.io/v3/ 0
0 463ms
105ms Preflight 18.232.205.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sepolia.infura.io/v3/bfda5cc67dbd415c95a9bc204129984e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.205.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-205-232.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://helldemon.cryptoliveton.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://helldemon.cryptoliveton.com
access-control-max-age: 86400
content-length: 0
date: Sun, 22 Oct 2023 17:07:35 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 bfda5cc67dbd415c95a9bc204129984e
sepolia.infura.io/v3/ 0
0 109ms
109ms Preflight 18.232.205.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sepolia.infura.io/v3/bfda5cc67dbd415c95a9bc204129984e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.205.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-205-232.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://helldemon.cryptoliveton.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://helldemon.cryptoliveton.com
access-control-max-age: 86400
content-length: 0
date: Sun, 22 Oct 2023 17:07:35 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 bfda5cc67dbd415c95a9bc204129984e Show response
sepolia.infura.io/v3/ 45 B
191 B 110ms
110ms Fetch
application/json 18.232.205.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sepolia.infura.io/v3/bfda5cc67dbd415c95a9bc204129984e
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/static/js/3.000889e9.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.205.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-205-232.compute-1.amazonaws.com
Software: /
Resource Hash: 808f890445aad1ccc79f6f6032c4ccd63ea21d1561f56801e5c40070228cfc63

Request headers

Referer: https://helldemon.cryptoliveton.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: application/json

Response headers

access-control-allow-origin: https://helldemon.cryptoliveton.com
date: Sun, 22 Oct 2023 17:07:35 GMT
content-length: 45
vary: Origin, Accept-Encoding
content-type: application/json

POST
H2 200 bfda5cc67dbd415c95a9bc204129984e Show response
sepolia.infura.io/v3/ 2 KB
301 B 111ms
111ms Fetch
application/json 18.232.205.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sepolia.infura.io/v3/bfda5cc67dbd415c95a9bc204129984e
Requested by: Host: helldemon.cryptoliveton.com
URL: https://helldemon.cryptoliveton.com/static/js/3.000889e9.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.205.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-205-232.compute-1.amazonaws.com
Software: /
Resource Hash: e9deaf5ca4ca61d7068ef9268c85201fa241632b8cd25c2968f4883628ac6fb0

Request headers

Referer: https://helldemon.cryptoliveton.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: application/json

Response headers

access-control-allow-origin: https://helldemon.cryptoliveton.com
date: Sun, 22 Oct 2023 17:07:36 GMT
content-encoding: gzip
content-length: 137
vary: Origin, Accept-Encoding
content-type: application/json

OPTIONS
H2 200 bfda5cc67dbd415c95a9bc204129984e
sepolia.infura.io/v3/ 0
0 106ms
106ms Preflight 18.232.205.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sepolia.infura.io/v3/bfda5cc67dbd415c95a9bc204129984e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.205.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-205-232.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://helldemon.cryptoliveton.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://helldemon.cryptoliveton.com
access-control-max-age: 86400
content-length: 0
date: Sun, 22 Oct 2023 17:07:35 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Uniswap (Crypto Exchange)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.cryptoliveton.com/	1970-01-21 01:15:54	Name: _ga_RX6DKWFGNQ Value: GS1.1.1697994453.1.0.1697994453.0.0.0
			.cryptoliveton.com/	1970-01-21 01:15:54	Name: _ga Value: GA1.1.697037129.1697994454

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
helldemon.cryptoliveton.com
region1.google-analytics.com
sepolia.infura.io
www.googletagmanager.com
154.53.41.189
18.232.205.232
2001:4860:4802:32::36
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2008
2a00:1450:4001:82b::2003
0efe0d441d4491a3ede1efc8439504205ce36222dc031792341bdcf70765efec
2109ee2b3cfcd3c8f9834655a8863949318813ed4dfa4c9713f11f7b2bff7388
3206235e5cbbf590ad623878726801ae2341bb40b11d60d8298f2649e121226e
653a3dbcfae2dd0c19b0d3ebecfa74467a195489499fc1fb6fb059c58b02ac1c
6d8d45f6db3b5a0cae2ba0293867df89a457a13a48ff6818b6395ff33d038f97
7196c3002f08704f9f99de95b6357969a512eaa9a766eee693921dce72927cea
808f890445aad1ccc79f6f6032c4ccd63ea21d1561f56801e5c40070228cfc63
89566b9b38622fe76ee328939bc4ab7fdde006ad790ac2bc7377b9580b736e50
9bc3f1cf47c418a340e664dff799e3b5e85634e7056b91df4219a0684af703c2
ae7b918efe7cd287651e014ed269c923e1a925c8eee1a474ad11184f04659d3e
cc1944a3d800b5cbede23e8acdf984598757033c891d54fbfdaab6f0644b4e32
d79a035c2ee9f2712c9b0d90c92f13ef9d171649ad5248d1e1813678d728ac49
dd2eb7356f17a7f5daebba3a21eb5cb25afa678f45724040d9fe0ea87830a159
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9deaf5ca4ca61d7068ef9268c85201fa241632b8cd25c2968f4883628ac6fb0
ef2807669955fb2dec32ffd562d674a60ca448ee6965681eb1730c657750d73d
fc2bc8ee41d519175a89bfc60eb012dd672bbc286a949f29e774286b34eb2abc

helldemon.cryptoliveton.com Open in urlscan Pro 154.53.41.189 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

67 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

2962 kBTransfer

3197 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

2 Cookies

Indicators

helldemon.cryptoliveton.com Open in urlscan Pro
154.53.41.189 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

2962 kB
Transfer

3197 kB
Size

2
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!