Phishing Analysis

🔬 Threat Analysis Report

• Ameaça: Phishing do PancakeSwap direcionado a usuários de criptomoedas
• Alvo: Usuários da bolsa de criptomoedas PancakeSwap
• Método: Um site falso do PancakeSwap solicita aos usuários que conectem suas carteiras, roubando suas credenciais.
• Exfil: Potencialmente exfiltrando chaves privadas e outros dados confidenciais por meio do envio de formulários JavaScript e terminais Firebase.
• Indicadores: Nome de domínio suspeito, TLD incomum (.run), assinatura do kit de phishing angler, JavaScript ofuscado e URLs WebSocket.
• Risco: CRÍTICO - Alto risco de comprometimento da carteira de criptomoedas.

🔒 Obfuscation Detected

• atob
• eval
• fromCharCode
• unescape
• hex_escape
• unicode_escape
• base64_strings

🎯 Kit Endpoints

• solana_signAndSendTransaction
• https://blog.pancakeswap.finance
• solana:signAndSendTransaction
• https://blog.pancakeswap.finance/

📡 API Calls Detected

• stats
• 0x3b3b57de
• https://raw-api.pancakeswap.com/ondo/status
• https://raw.githubusercontent.com/pancakeswap/airdrop-v3-users/master/forFE.json
• https://aptos.pancakeswap.finance
• https://proofs.pancakeswap.com/cms-config/routing-base-config.json
• https://raw-api.pancakeswap.com/ondo/market-status
• /api/auth/telegram-callback
• POST
• logs
• /api/paymaster
• https://solana.pancakeswap.finance
• account
• https://api.blocto.app/networks/evm
• https://obj-cache.pancakeswap.com
• https://www.google.com/ccm/geo
• /api/home
• GET
• proxy
• https://api-v3.raydium.io/main/auto-fee
• /__cookies__
• https://proofs.pancakeswap.com/cms-config/tokens-routing-config.json

☁️ Cloud Backend

• Firebase: pancakeswap-prod-firebase.firebaseapp.com