br-shabeshlft.online
Open in
urlscan Pro
2606:4700:3032::ac43:c842
Malicious Activity!
Public Scan
Submission: On December 29 via manual from FI — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1P5 on December 24th 2022. Valid for: 3 months.
This is the only time br-shabeshlft.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:303... 2606:4700:3032::ac43:c842 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.32.27.24 13.32.27.24 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2606:4700::68... 2606:4700::6810:5914 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:f005 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:20:... 2606:4700:20::681a:749 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 6 |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-24.fra56.r.cloudfront.net
cdn.ethers.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 488 |
705 KB |
4 |
br-shabeshlft.online
br-shabeshlft.online |
42 KB |
1 |
walletconnect.org
registry.walletconnect.org — Cisco Umbrella Rank: 516849 |
45 KB |
1 |
shapeshift.com
app.shapeshift.com |
87 KB |
1 |
ethers.io
cdn.ethers.io — Cisco Umbrella Rank: 318789 |
198 KB |
11 | 5 |
Domain | Requested by | |
---|---|---|
4 | cdn.jsdelivr.net |
br-shabeshlft.online
|
4 | br-shabeshlft.online |
br-shabeshlft.online
|
1 | registry.walletconnect.org |
cdn.jsdelivr.net
|
1 | app.shapeshift.com |
br-shabeshlft.online
|
1 | cdn.ethers.io |
br-shabeshlft.online
|
11 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
shapeshift.zendesk.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.br-shabeshlft.online GTS CA 1P5 |
2022-12-24 - 2023-03-24 |
3 months | crt.sh |
ethers.io Amazon |
2022-10-31 - 2023-11-28 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
shapeshift.com Cloudflare Inc ECC CA-3 |
2022-05-12 - 2023-05-11 |
a year | crt.sh |
*.walletconnect.org GTS CA 1P5 |
2022-11-17 - 2023-02-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://br-shabeshlft.online/?s=c2hhcGVzaGlmdDswNA==
Frame ID: F9FC35CAD30383007F3497DDB91DF161
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Connect Wallet | ShapeShiftDetected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Beta has been sunset, Learn More
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
br-shabeshlft.online/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
estilo.css
br-shabeshlft.online/shapeshift/ |
34 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
br-shabeshlft.online/js/ |
88 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ethers-5.2.umd.min.js
cdn.ethers.io/lib/ |
716 KB 198 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3.min.js
cdn.jsdelivr.net/npm/web3@latest/dist/ |
1 MB 350 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.min.js
cdn.jsdelivr.net/npm/@walletconnect/web3-provider@1.7.1/dist/umd/ |
733 KB 195 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ethereumjs-tx-1.3.3.min.js
cdn.jsdelivr.net/gh/ethereumjs/browser-builds/dist/ethereumjs-tx/ |
315 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
keccak256.js
cdn.jsdelivr.net/npm/keccak256@latest/ |
292 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.min.js
br-shabeshlft.online/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aurorabg.3757627048c7ef6096ef.jpg
app.shapeshift.com/static/media/ |
85 KB 87 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wallets.json
registry.walletconnect.org/data/ |
255 KB 45 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery object| _ethers object| ethers function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 object| WalletConnectProvider object| ethereumjs function| keccak256 string| user function| signTransaction function| getBalanceToken boolean| mobile function| hexToDec function| NewTransaction function| Metamask function| save_log function| WalletConnect function| openModal function| open_metamask function| open_trustwallet object| provider1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
br-shabeshlft.online/ | Name: config Value: c2hhcGVzaGlmdDswNA%3D%3D |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.shapeshift.com
br-shabeshlft.online
cdn.ethers.io
cdn.jsdelivr.net
registry.walletconnect.org
13.32.27.24
2606:4700:20::681a:749
2606:4700:3032::ac43:c842
2606:4700::6810:5914
2606:4700::6810:f005
10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0
131c0d82967fed05e1920e519e0ea6ec91ab97b7c40480f72f8af8680bba1f0a
14a2725184876da31bc7e6a80ebefbb1891d540d303e86697221aab89af4bed2
249f824f34fd0715ba6210535decaab795ce238de0dcdf9ffb40a5d6b2ea0369
3757627048c7ef6096ef630a3992be94c01ff181f1f61162b7fccb72daa44bec
71d7328c8b5a399aac329a83d86b51058c01e0e0414fc4577dabfc79c518c6d8
79694df18be9fb945fa006bdcb79eadaf70734644c23f3417577ce0df32ec1b0
88f4993e7e84aef5f7260bf1846558cdac02db313a3b2ab3eaa3deeda85fed31
8eee49e3d0f4e651f9f40adfd661861997715b99d5b88103ae44d248ca6b1751
aad1c1eb10a0af306f1c8c16ae7dd12d59176c1c484e327fdd6da8806d916939
b9a7269bfcef6f6bca7b66b8ac23af7051c1c4725255553ed3d8e215f99bddfc
c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff