SafeMode - Analysis: www.web.pancake.run

Captura Visual

Información de Detección

http://www.web.pancake.run/

Detected Brand

PancakeSwap

Country

Unknown

Confianza

100%

HTTP Status

200

Report ID

af5c9cbf-1c1…

Analyzed

2026-03-31 23:17

Final URL (after redirects)

https://web.pancake.run/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T12293E8E592B075F94117AFD8DB32BEAE755B30BFFFA28784827847A16683D94D448C00
CONTENT ssdeep	1536:QXfbX0KQlQLfUU3lQLfUUQlQLfUUzJ4CFf5lzckyFm+9ftidZ5m9b:MQI3IQIpF3z0

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b8d6c76538144dc7
VISUAL aHash	feffdf8f8f81ffff
VISUAL dHash	d089343c3e32c008
VISUAL wHash	7effff808080e8e0
VISUAL colorHash	070000000d0
VISUAL cropResistant	d089343c3e32c008

Análisis de Código

Risk Score 100/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

WebSocket C2 🔥 Firebase Backend

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

solana:signAndSendTransaction
https://blog.pancakeswap.finance/
https://blog.pancakeswap.finance
solana_signAndSendTransaction

📡 API Calls Detected

logs
/__cookies__
stats
https://aptos.pancakeswap.finance
https://www.google.com/ccm/geo
https://proofs.pancakeswap.com/cms-config/routing-base-config.json
https://api.blocto.app/networks/evm
GET
account
https://api-v3.raydium.io/main/auto-fee
proxy
/api/paymaster
/api/auth/telegram-callback
https://obj-cache.pancakeswap.com
POST
https://raw-api.pancakeswap.com/ondo/market-status
/api/home
https://raw-api.pancakeswap.com/ondo/status
https://raw.githubusercontent.com/pancakeswap/airdrop-v3-users/master/forFE.json
0x3b3b57de
https://proofs.pancakeswap.com/cms-config/tokens-routing-config.json

☁️ Cloud Backend

Firebase: pancakeswap-prod-firebase.firebaseapp.com

📊 Desglose de Puntuación de Riesgo

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info

Real-time C2

WebSocket-based Command & Control infrastructure for real-time victim monitoring

Code Obfuscation

JavaScript code obfuscated using 1759 technique(s) to evade detection

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

PancakeSwap users

Método de Ataque

real-time WebSocket exfiltration + obfuscated JavaScript

Canal de Exfiltración

Firebase Database + WebSocket (174 endpoints)

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Firebase Database + WebSocket (174 endpoints)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
Kit signatures: angler
1759 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

PancakeSwap

Official Website

N/A

Fake Service

Banking/payment service

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 1759 techniques to evade detection by security scanners and make reverse engineering more difficult.

Target Blockchain

Multiple blockchains

Whitelist Bypass

YES

Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio

www.web.pancake.run

Registered

Unknown

Registrar

None

Estado

Age unknown

Hosting Information

Provider

Unknown

ASN

🤖 AI-Extracted Threat Intelligence

Scan History for www.web.pancake.run

Found 1 other scan for this domain

https://www.web.pancake.run/ PancakeSwap Abr 08, 2026 12:04