EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of web3.pancake.run

Detection Info

https://web3.pancake.run/lottery
Detected Brand
PancakeSwap
Country
International
Confidence
100%
HTTP Status
200
Report ID
41c63f69-4b7โ€ฆ
Analyzed
2026-03-02 15:54

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1E0F308F483A435F9510BAFD4DB327AAB715B74BFAFE28684837847916682C9CD848C41
CONTENT ssdeep
1536:z/XfbX0K1lQLfUUL5lhdRpfkKbzRy14ABkvs3n9dluTlQLfUUQlQLfUUzJ4CFf5p:v1I7hdLkKnRy14AoIQIpF3Dn

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9be49be4d2c8e0d2
VISUAL aHash
ff00000000003c3c
VISUAL dHash
e870d0f04db27979
VISUAL wHash
ffff181800b83c3c
VISUAL colorHash
01000400030
VISUAL cropResistant
00e0e000b10c0828,bea0033b233fbca0,d2c29898a09a9ac0,70d4f05432716979

Code Analysis

Risk Score 100/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Card Stealer ๐ŸŽฃ Banking ๐ŸŽฃ Personal Info
WebSocket C2 ๐Ÿ”ฅ Firebase Backend

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Impersonation
โ€ข Target: Cryptocurrency users
โ€ข Method: Domain spoofing and UI cloning
โ€ข Exfil: Potentially targets blockchain credentials
โ€ข Indicators: Mismatched domain, JavaScript obfuscation, form submission.
โ€ข Risk: High

๐Ÿ”’ Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

๐ŸŽฏ Kit Endpoints

  • https://blog.pancakeswap.finance
  • solana:signAndSendTransaction
  • solana_signAndSendTransaction
  • https://blog.pancakeswap.finance/

๐Ÿ“ก API Calls Detected

  • logs
  • https://www.google.com/ccm/geo
  • /api/paymaster
  • https://aptos.pancakeswap.finance
  • proxy
  • POST
  • stats
  • account
  • https://raw-api.pancakeswap.com/ondo/status
  • https://raw-api.pancakeswap.com/ondo/market-status
  • https://proofs.pancakeswap.com/cms-config/routing-base-config.json
  • https://solana.pancakeswap.finance
  • https://raw.githubusercontent.com/pancakeswap/airdrop-v3-users/master/forFE.json
  • GET
  • /__cookies__
  • /api/auth/telegram-callback
  • 0x3b3b57de
  • https://api.blocto.app/networks/evm
  • https://api-v3.raydium.io/main/auto-fee

โ˜๏ธ Cloud Backend

  • Firebase: pancakeswap-prod-firebase.firebaseapp.com

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain does not belong to PancakeSwap
Impersonation
The site mimics the look and feel of PancakeSwap
JavaScript Obfuscation
Javascript obfuscation increases the risk of malicious activity
Form Submission/ Sensitive Data
The website takes wallet or personal data input.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
PancakeSwap users (International)
Attack Method
Brand impersonation + real-time WebSocket exfiltration + obfuscated JavaScript
Exfiltration Channel
Firebase Database + WebSocket (174 endpoints)
Risk Assessment
CRITICAL - Automated credential harvesting with Firebase Database + WebSocket (174 endpoints)

โš ๏ธ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • Kit signatures: angler
  • 1119 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
PancakeSwap
Official Website
pancakeswap.finance
Fake Service
Lottery

Fraudulent Claims

โš”๏ธ Attack Methodology

Primary Method: Wallet phishing

The site likely attempts to steal wallet credentials or trick users into approving malicious transactions.

Secondary Method: UI Cloning

The site mimics the UI of PancakeSwap to deceive users.

Target Blockchain
BNB Chain

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
web3.pancake.run
Registered
Unknown
Registrar
Unknown
Status
Unknown

๐Ÿค– AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
PancakeSwap
https://web3.pancake.run/lottery
Feb 12, 2026
No screenshot
PancakeSwap
https://pcswap.org/lottery
Jan 13, 2026
 Screenshot
PancakeSwap
https://pcswap.org/lottery
Jan 01, 2026

Scan History for web3.pancake.run

Found 10 other scans for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.