Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://www.web3.pancake.run/
Detected Brand
PancakeSwap
Country
International
Confidence
100%
HTTP Status
200
Report ID
27207c79-0f9…
Analyzed
2026-01-12 13:23
Final URL (after redirects)
https://web3.pancake.run/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17DA3C8F582B075F94117AFD8DB32BEAA755B30BFEFA28784837947A16683D94D448C00 |
|
CONTENT
ssdeep
|
1536:K/XfbX0K1lQLfUUO5lSlQLfUUQlQLfUUpJ4CFf5lsckyFm+9fmSzidB9b:o1IGSIQILF3iT |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bcd2c74d381a4dc3 |
|
VISUAL
aHash
|
fcffff8f8b91ffff |
|
VISUAL
dHash
|
b003303c3632c802 |
|
VISUAL
wHash
|
7cffff828080e8e0 |
|
VISUAL
colorHash
|
070000000d0 |
|
VISUAL
cropResistant
|
b003303c3632c802 |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
WebSocket C2
🔥 Firebase Backend
🔬 Threat Analysis Report
• Threat: PancakeSwap phishing targeting cryptocurrency users
• Target: Users of PancakeSwap cryptocurrency exchange
• Method: Fake PancakeSwap website prompts users to connect their wallets, stealing their credentials.
• Exfil: Potentially exfiltrating private keys and other sensitive data via JavaScript form submission and Firebase endpoints.
• Indicators: Suspicious domain name, uncommon TLD (.run), angler phishing kit signature, obfuscated JavaScript, and WebSocket URLs.
• Risk: CRITICAL - High risk of cryptocurrency wallet compromise.
🔒 Obfuscation Detected
- atob
- eval
- fromCharCode
- unescape
- hex_escape
- unicode_escape
- base64_strings
🎯 Kit Endpoints
- solana_signAndSendTransaction
- https://blog.pancakeswap.finance
- solana:signAndSendTransaction
- https://blog.pancakeswap.finance/
📡 API Calls Detected
- stats
- 0x3b3b57de
- https://raw-api.pancakeswap.com/ondo/status
- https://raw.githubusercontent.com/pancakeswap/airdrop-v3-users/master/forFE.json
- https://aptos.pancakeswap.finance
- https://proofs.pancakeswap.com/cms-config/routing-base-config.json
- https://raw-api.pancakeswap.com/ondo/market-status
- /api/auth/telegram-callback
- POST
- logs
- /api/paymaster
- https://solana.pancakeswap.finance
- account
- https://api.blocto.app/networks/evm
- https://obj-cache.pancakeswap.com
- https://www.google.com/ccm/geo
- /api/home
- GET
- proxy
- https://api-v3.raydium.io/main/auto-fee
- /__cookies__
- https://proofs.pancakeswap.com/cms-config/tokens-routing-config.json
☁️ Cloud Backend
- Firebase: pancakeswap-prod-firebase.firebaseapp.com
Scan History for www.web3.pancake.run
Found 9 other scans for this domain
-
https://www.web3.pancake.run
https://www.web3.pancake.run/info/v3/tokens/0x0e09...
https://www.web3.pancake.run/info/v3/tokens/0x7130...
http://www.web3.pancake.run/info/infinity
http://www.web3.pancake.run/swap
https://www.web3.pancake.run/info/v3/pairs/0xd317b...
https://www.web3.pancake.run/info/v3/pairs
http://www.web3.pancake.run/info/v3/tokens/0x997a5...
https://www.web3.pancake.run/info/v3/pairs/0xcf59b...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.