br-shabeshlft.online Open in urlscan Pro
2606:4700:3032::ac43:c842  Malicious Activity! Public Scan

URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Submission: On December 29 via manual from FI — Scanned from FI

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3032::ac43:c842, located in United States and belongs to CLOUDFLARENET, US. The main domain is br-shabeshlft.online.
TLS certificate: Issued by GTS CA 1P5 on December 24th 2022. Valid for: 3 months.
This is the only time br-shabeshlft.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 13.32.27.24 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
11 6
Apex Domain
Subdomains
Transfer
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 488
705 KB
4 br-shabeshlft.online
br-shabeshlft.online
42 KB
1 walletconnect.org
registry.walletconnect.org — Cisco Umbrella Rank: 516849
45 KB
1 shapeshift.com
app.shapeshift.com
87 KB
1 ethers.io
cdn.ethers.io — Cisco Umbrella Rank: 318789
198 KB
11 5
Domain Requested by
4 cdn.jsdelivr.net br-shabeshlft.online
4 br-shabeshlft.online br-shabeshlft.online
1 registry.walletconnect.org cdn.jsdelivr.net
1 app.shapeshift.com br-shabeshlft.online
1 cdn.ethers.io br-shabeshlft.online
11 5

This site contains links to these domains. Also see Links.

Domain
shapeshift.zendesk.com
Subject Issuer Validity Valid
*.br-shabeshlft.online
GTS CA 1P5
2022-12-24 -
2023-03-24
3 months crt.sh
ethers.io
Amazon
2022-10-31 -
2023-11-28
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-02 -
2023-06-01
a year crt.sh
shapeshift.com
Cloudflare Inc ECC CA-3
2022-05-12 -
2023-05-11
a year crt.sh
*.walletconnect.org
GTS CA 1P5
2022-11-17 -
2023-02-15
3 months crt.sh

This page contains 1 frames:

Primary Page: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Frame ID: F9FC35CAD30383007F3497DDB91DF161
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Connect Wallet | ShapeShift

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

11
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

6
IPs

1
Countries

1077 kB
Transfer

3960 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
br-shabeshlft.online/
10 KB
3 KB
Document
General
Full URL
https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:c842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
79694df18be9fb945fa006bdcb79eadaf70734644c23f3417577ce0df32ec1b0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7812610c6f6e0c09-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 29 Dec 2022 12:01:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5vyibPcA%2FMg0IREBfRMHJQ1r54VKhiDHMaz9u66lhMKhZVV%2FZDOsU7y6gK5k%2BGaIoZuB1g0wPNnsdqpADbxg1gCERElYBhur8pt1UmpW0PgN75KVhaM6gebl%2B8Wh5NWH5E1nS8pzu6V%2BbRInEx7vr6GDhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
estilo.css
br-shabeshlft.online/shapeshift/
34 KB
5 KB
Stylesheet
General
Full URL
https://br-shabeshlft.online/shapeshift/estilo.css
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:c842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14a2725184876da31bc7e6a80ebefbb1891d540d303e86697221aab89af4bed2

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:06 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 25 Dec 2022 10:59:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63a82d24-89df"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qp0zHVkq6gHWGPQIN6SmN9bi94rYhCerEaMTaN9T4s%2BbyuhNwcn7vGEV9ZbQtVy05R7O3HzzsF%2B1kgUT5P5r4Tb%2BptWwcFmVYGpQ5%2Bdy9nDPFIYjknn%2F%2BZ1QYUJcOhOxoyR64koZQP7n3i%2BeqDzfY%2BQH6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
7812610e08670c09-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jquery-3.6.1.min.js
br-shabeshlft.online/js/
88 KB
32 KB
Script
General
Full URL
https://br-shabeshlft.online/js/jquery-3.6.1.min.js
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:c842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
131c0d82967fed05e1920e519e0ea6ec91ab97b7c40480f72f8af8680bba1f0a

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:06 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 25 Dec 2022 10:59:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63a82d1e-15e3f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hw2nofCcTtYKrVX9fITER%2BJ%2F4gRpF4vD1MbJWXgNCRZ5CUdCyqx4Lm5WzHya4%2Fx2MQEIAN9%2BtaIiuN4Al3%2Bvke3B%2FW6agzSkpn7iHyuGZOnTfvFOo7sC3Z1p94Zv24JdMX%2FKhr4Q1BAetOAHJCak4mS93w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7812610e08680c09-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ethers-5.2.umd.min.js
cdn.ethers.io/lib/
716 KB
198 KB
Script
General
Full URL
https://cdn.ethers.io/lib/ethers-5.2.umd.min.js
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id
3StspTE73ijjMFvXMjx4rHtfrweE9frC
content-encoding
gzip
via
1.1 0a4e8f7c3d348e526848328c55dd452a.cloudfront.net (CloudFront)
date
Wed, 28 Dec 2022 18:58:58 GMT
last-modified
Thu, 20 May 2021 21:33:05 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
age
61502
etag
W/"50ed955cf32ac8e4e1daa0fac8fcde98"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-cf-id
o9Bhq-iABt6cR70vXHvOjGI-weuziIoffHS8jaGUC4j7vz3B1JM-rw==
web3.min.js
cdn.jsdelivr.net/npm/web3@latest/dist/
1 MB
350 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/web3@latest/dist/web3.min.js
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71d7328c8b5a399aac329a83d86b51058c01e0e0414fc4577dabfc79c518c6d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
25665
x-jsd-version
1.8.1
content-encoding
br
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230054-FRA, cache-yyz4523-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"163759-IwpZDBwarMNpRlZFtitwZD1oxeo"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r65tL11w0JQoxSZBkuE6S2mo5%2FzlNt%2BPTsoEyXzU5v9APCbZIzfInjQsYEXmwe2eYY8f5A169nLQI1vPD%2F%2FPu0HLWPE3Xj3g%2FnVkM7%2FmNigWJ98BbCLnCEAMI1GZr9FxhUnbJ%2F%2BVZ5i1frC6m1s%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
7812610e6921d995-HEL
index.min.js
cdn.jsdelivr.net/npm/@walletconnect/web3-provider@1.7.1/dist/umd/
733 KB
195 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/@walletconnect/web3-provider@1.7.1/dist/umd/index.min.js
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
249f824f34fd0715ba6210535decaab795ce238de0dcdf9ffb40a5d6b2ea0369
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
11069155
x-jsd-version
1.7.1
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19154-FRA, cache-iad-kiad7000144-IAD
x-jsd-version-type
version
server
cloudflare
etag
W/"b72ae-I2VpOtfGa9/GSavEcSax34GI2zI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u7AzYDDSOCD8sUD8Vam75HqXIQapqIsiv8L9erzGv3WXIowytrGOEZRhNCl3fkXURFMHxOv%2Fk1vNFji0KlAXq4AjqZT11Naaw5PVs1lJfQOKY4B14qZjLG6JRnsYF3Wk%2F6SJqNSWDzIhXjI0tQo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
7812610e6924d995-HEL
ethereumjs-tx-1.3.3.min.js
cdn.jsdelivr.net/gh/ethereumjs/browser-builds/dist/ethereumjs-tx/
315 KB
92 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/ethereumjs/browser-builds/dist/ethereumjs-tx/ethereumjs-tx-1.3.3.min.js
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
426
x-jsd-version
master
content-encoding
br
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19134-FRA, cache-cdg20721-CDG
x-jsd-version-type
branch
server
cloudflare
etag
W/"4edeb-1sQW5dFT9QD3rGbSWitz20WGetQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ne6fMfgJ5iWeM3j2uc2wHVAMZnD9aDLeX5zypTao0nBtLV5Zxmdso90relMX0zLlFFug7EqoHoJjfy3sVwHb03kyyg7KKA3mKDBPjORIYIPoeGBdc6gYCMD69iExHq%2Bjp%2BRCgMggzhQhy%2BYpbs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
7812610e6925d995-HEL
keccak256.js
cdn.jsdelivr.net/npm/keccak256@latest/
292 KB
68 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/keccak256@latest/keccak256.js
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88f4993e7e84aef5f7260bf1846558cdac02db313a3b2ab3eaa3deeda85fed31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
9392
x-jsd-version
1.0.6
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19183-FRA, cache-iad-kiad7000045-IAD
x-jsd-version-type
version
server
cloudflare
etag
W/"48f2d-XYSplk+1Z6bB7lJslSty4v/cISA"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OgpMvLfBsyJztMqhBfnvXWZII8BEvB4oCsQMOIyfq0WpvYU8nqv6h4R2OwSVxWSwN8wh6psJy9MkfVbxxo3hJFKEZuTcmHmLfgHCsHNym290Fm8Un8gR3r1JJ4M40CIp23TLVgqkOrw0a10D14%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
7812610e6928d995-HEL
script.min.js
br-shabeshlft.online/js/
8 KB
3 KB
Script
General
Full URL
https://br-shabeshlft.online/js/script.min.js?v=10
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:c842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9a7269bfcef6f6bca7b66b8ac23af7051c1c4725255553ed3d8e215f99bddfc

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:06 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 25 Dec 2022 10:59:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63a82d1e-1ef0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DebibTr0ifTGhhmMWWJK%2FJOntWAXj3IUlPb5Hl8HtaqIChy8eKsgsm5pZzNw2LcacZih23RPFa3S%2BkboHNzaR%2FvVcmL2atcbmIQCPizTyu4KPRzxMEy2DCaxupIsQalLpStd8omrMxABpd%2B90SDJqndgnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7812610e086f0c09-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
aurorabg.3757627048c7ef6096ef.jpg
app.shapeshift.com/static/media/
85 KB
87 KB
Image
General
Full URL
https://app.shapeshift.com/static/media/aurorabg.3757627048c7ef6096ef.jpg
Requested by
Host: br-shabeshlft.online
URL: https://br-shabeshlft.online/shapeshift/estilo.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3757627048c7ef6096ef630a3992be94c01ff181f1f61162b7fccb72daa44bec
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://br-shabeshlft.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'none'
cdn-pullzone
699547
referrer-policy
no-referrer
cf-bgj
h2pri
cdn-proxyver
1.03
x-ipfs-roots
bafybeihwxqk64xhzxvfmbrlfibqomvevgji7wkyqdcgfyil6w44qm4fn5u,QmWS6db8YYn2KCWnqvqohoTS7KGiQeJYUzQQLcfjawYcHr,QmVPmyakPDwBNsKLE7Qwf9nKCPmHMSKvLN7ZajAs8cTRvM,QmcyJfAT53oTHQ7nCD5meVrgeRXtGrDnbngm3PdRnYE9pJ
etag
"QmcyJfAT53oTHQ7nCD5meVrgeRXtGrDnbngm3PdRnYE9pJ"
x-frame-options
DENY
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
public, max-age=14400
x-ipfs-path
/ipfs/bafybeihwxqk64xhzxvfmbrlfibqomvevgji7wkyqdcgfyil6w44qm4fn5u/static/media/aurorabg.3757627048c7ef6096ef.jpg
vary
Accept-Encoding
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
cdn-requestcountrycode
DE
expires
Thu, 29 Dec 2022 16:01:07 GMT
date
Thu, 29 Dec 2022 12:01:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
cdn-edgestorageid
1048
x-cache-status
HIT
cdn-cachedat
12/18/2022 05:10:45
content-length
87459
x-xss-protection
0
x-request-id
ec1f08b2012da5c1aee5dcf5afd4bd08
server
cloudflare
cdn-requestpullcode
200
cross-origin-opener-policy
same-origin-allow-popups
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
permissions-policy
document-domain=()
cdn-requestid
687791961ca910a7478ca4d686147d12
accept-ranges
bytes
cf-ray
78126113fdaed963-HEL
cdn-status
200
cdn-requestpullsuccess
True
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8eee49e3d0f4e651f9f40adfd661861997715b99d5b88103ae44d248ca6b1751

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
wallets.json
registry.walletconnect.org/data/
255 KB
45 KB
Fetch
General
Full URL
https://registry.walletconnect.org/data/wallets.json
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@walletconnect/web3-provider@1.7.1/dist/umd/index.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:20::681a:749 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aad1c1eb10a0af306f1c8c16ae7dd12d59176c1c484e327fdd6da8806d916939

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 29 Dec 2022 12:01:08 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YlE6O0CHcwX3nj%2FO4E1b2eR7imJU0meCB0G9Ip0OVX%2FXpW9w2J4SvgDdfTBauDwyolvFu57hfCcjPMQu9rfS58M3DwWvSTNK%2BH9ZtoUPNtEWpOGz3yseyNNyDvhvR0j9tTkQnvjVbo80GzMghnkkTw3tEeIEW7%2BP"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=21600, s-maxage=7200
x-robots-tag
noindex
cf-ray
78126118d951d95f-HEL

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery object| _ethers object| ethers function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 object| WalletConnectProvider object| ethereumjs function| keccak256 string| user function| signTransaction function| getBalanceToken boolean| mobile function| hexToDec function| NewTransaction function| Metamask function| save_log function| WalletConnect function| openModal function| open_metamask function| open_trustwallet object| provider

1 Cookies

Domain/Path Name / Value
br-shabeshlft.online/ Name: config
Value: c2hhcGVzaGlmdDswNA%3D%3D

1 Console Messages

Source Level URL
Text
network error URL: https://cdn.jsdelivr.net/npm/@walletconnect/web3-provider@1.7.1/dist/umd/index.min.js(Line 21)
Message:
WebSocket connection to 'wss://6.bridge.walletconnect.org/?env=browser&host=br-shabeshlft.online&protocol=wc&version=1' failed: Error during WebSocket handshake: Unexpected response code: 503