urlscan.io logo urlscan.io
SecurityTrails logo

xn--unswap-4va.app Open in urlscan Pro Puny
unĂ­swap.app IDN
185.178.208.141  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.unizwapp.me/
Effective URL: https://xn--unswap-4va.app/Swap/
Submission: On November 12 via manual from BG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 3 HTTP transactions. The main IP is 185.178.208.141, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is xn--unswap-4va.app.
TLS certificate: Issued by R3 on November 8th 2021. Valid for: 3 months.
This is the only time xn--unswap-4va.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Uniswap (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
1 1 178.159.36.39 213058 (PIHL-AS)
2 3 185.178.208.141 57724 (DDOS-GUARD)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 185.199.109.133 54113 (FASTLY)
3 4
Apex Domain
Subdomains		 Transfer
3 xn--unswap-4va.app
xn--unswap-4va.app
220 KB
1 githubusercontent.com
raw.githubusercontent.com
222 KB
1 jquery.com
code.jquery.com
83 KB
1 unizwapp.me
www.unizwapp.me
228 B
3 4
Domain Requested by
3 xn--unswap-4va.app 2 redirects
1 raw.githubusercontent.com xn--unswap-4va.app
1 code.jquery.com xn--unswap-4va.app
1 www.unizwapp.me 1 redirects
3 4

This site contains links to these domains. Also see Links.

Domain
etherscan.io
Subject Issuer Validity Valid
xn--unswap-4va.app
R3		 2021-11-08 -
2022-02-06		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA		 2020-05-06 -
2022-04-14		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://xn--unswap-4va.app/Swap/
Frame ID: 40F4939C392F897D2BB9B0CBD57ECD87
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Uniswap Interfacelogo

Page URL History Show full URLs

  1. http://www.unizwapp.me/ HTTP 302
    https://xn--unswap-4va.app/?swap=1 HTTP 302
    https://xn--unswap-4va.app/Swap HTTP 301
    https://xn--unswap-4va.app/Swap/ Page URL

Page Statistics

3
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

525 kB
Transfer

1037 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.unizwapp.me/ HTTP 302
    https://xn--unswap-4va.app/?swap=1 HTTP 302
    https://xn--unswap-4va.app/Swap HTTP 301
    https://xn--unswap-4va.app/Swap/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
xn--unswap-4va.app/Swap/
Redirect Chain
  • http://www.unizwapp.me/
  • https://xn--unswap-4va.app/?swap=1
  • https://xn--unswap-4va.app/Swap
  • https://xn--unswap-4va.app/Swap/
337 KB
219 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xn--unswap-4va.app/Swap/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.141 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
c30e7591c77633bdbb1e621b24b18026e9ebbecec68bb65f1b7c1dfd04b19b9f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
ddos-guard
content-security-policy
upgrade-insecure-requests;
date
Fri, 12 Nov 2021 06:34:01 GMT
content-type
text/html; charset=UTF-8
content-encoding
gzip

Redirect headers

server
ddos-guard
content-security-policy
upgrade-insecure-requests;
date
Fri, 12 Nov 2021 06:34:01 GMT
content-type
text/html
location
https://xn--unswap-4va.app/Swap/
expires
Sat, 13 Nov 2021 06:34:01 GMT
cache-control
max-age=86400
content-encoding
br
vary
Accept-Encoding
jquery-3.6.0.js
code.jquery.com/ 		282 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.js
Requested by
Host: xn--unswap-4va.app
URL: https://xn--unswap-4va.app/Swap/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239

Request headers

Referer
https://xn--unswap-4va.app/
Origin
https://xn--unswap-4va.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 06:34:02 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-46744"
vary
Accept-Encoding
x-hw
1636698842.dop034.ml1.t,1636698842.cds224.ml1.hn,1636698842.cds024.ml1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
84714
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc1944a3d800b5cbede23e8acdf984598757033c891d54fbfdaab6f0644b4e32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		112 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
62367d960f6827a816ba4f698c0caa2f3a4b4672988edbb2117353b7efc48d24

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a3334c32aaf5b8be377ae81e6e05786db64bbbbfed043d7949068e6d2f5d28fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		52 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85fd12d6a61ad3b62d33d03b1c6e7bb972df88b5898edb2a862dc5a11ac54b1c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2f3a43d895a857a42a92ecc58dae85737012add5e0014ff36f02b8ce631681b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44085e7930857e21210a08de58043d36f33c3f653962a8da2f13f972b6c23e58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
Inter-roman.var.woff2
raw.githubusercontent.com/rsms/inter/master/docs/font-files/ 		222 KB
222 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://raw.githubusercontent.com/rsms/inter/master/docs/font-files/Inter-roman.var.woff2
Requested by
Host: xn--unswap-4va.app
URL: https://xn--unswap-4va.app/Swap/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-133.github.com
Software
/
Resource Hash
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://xn--unswap-4va.app/
Origin
https://xn--unswap-4va.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fastly-request-id
b6f22ad1f9ed120a12d2165b171b65eb84c1ef2c
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
x-cache-hits
0
vary
Authorization,Accept-Encoding,Origin
content-length
227180
x-xss-protection
1; mode=block
x-served-by
cache-fra19170-FRA
x-github-request-id
5B42:935D:D39D7D:DC5343:618E0ADA
x-timer
S1636698842.433456,VS0,VE193
x-frame-options
deny
date
Fri, 12 Nov 2021 06:34:02 GMT
source-age
0
strict-transport-security
max-age=31536000
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"b573d651f196306b40892652d31ab5605a3c931d30be96af1a4478e1ef4c2ff9"
accept-ranges
bytes
expires
Fri, 12 Nov 2021 06:39:02 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Uniswap (Crypto Exchange)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| vib

2 Cookies

Domain/Path Name / Value
.xn--unswap-4va.app/ Name: __ddg1
Value: 67I7WloOEu511vBcpuJd
xn--unswap-4va.app/ Name: 315d6b690058c6dbacae26dbe0e490f8
Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;