[False Negative]: add 30 phishing domains (fixedfloat[.]ac, ff-app[.]to, ...) #208009
Description
Important
Executive Summary
This report documents 30 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.
The following 30 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):
fixedfloat.ac
ff-app.to
ff-io.to
fixedfloat.ca
v2-dexcsreener.net
v2-camelot-ex.com
cloudns.to
at0micwallets.com
ns1.cloudns.to
v2-dexscreener.cc
trezor.la
ns2.cloudns.to
kodiakfinance-kodiak-finance.org
app.uniswaq.org
kodiakfinance.net
changenow-io.us
kodiak-finance-kodiakfinance.com
kodiakfinance-kodiak-finance.com
exodus-wallets.io
sushiswap.to
kodiakfinance-kodiak-finance.net
camelot.exc-v3.run
app.kodiakifnance.run
kodiak-finance.io-t2.digital
legder.at
electrum-data.cc
dashboard.www.legder.at
chicavora.com
ff-info-online.com
ff-exchahge.cyou
Threat Analysis
Phishing Attack Details
These domains are part of a phishing campaign targeting cryptocurrency companies and cryptocurrency holders/investors.
Attackers may use fake login pages, fake Web3 wallet connection prompts, fake cryptocurrency exchange/swap interfaces, or modified/malicious software to steal cryptocurrency seed phrases/keys.
Technical Details
- Cloaked. This means: if a request does not meet certain internal rules of the attacker, the request may be redirected to a non-existent subdomain "www.www.", a legitimate website, or display various HTTP errors such as 403, 404, 502, etc., SSL certificate errors, infinite loading, or a fake Cloudflare (or other service) CAPTCHA, or show content distinguishable from the phishing page.
Detections & Targeted Brands
fixedfloat.actargets FixedFloat (ff.io)- VirusTotal: 19 detections - https://www.virustotal.com/gui/domain/fixedfloat.ac/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=fixedfloat.ac
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=fixedfloat.ac
ff-app.totargets FixedFloat (ff.io)- VirusTotal: 12 detections - https://www.virustotal.com/gui/domain/ff-app.to/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=ff-app.to
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=ff-app.to
ff-io.totargets FixedFloat (ff.io)- VirusTotal: 18 detections - https://www.virustotal.com/gui/domain/ff-io.to/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=ff-io.to
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=ff-io.to
fixedfloat.catargets FixedFloat (ff.io)- VirusTotal: 0 detections - https://www.virustotal.com/gui/domain/fixedfloat.ca/detection
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=fixedfloat.ca
v2-dexcsreener.nettargets DEX Screener (dexscreener.com)- VirusTotal: 6 detections - https://www.virustotal.com/gui/domain/v2-dexcsreener.net/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=v2-dexcsreener.net
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=v2-dexcsreener.net
v2-camelot-ex.comtargets Camelot DEX (camelot.exchange)- VirusTotal: 10 detections - https://www.virustotal.com/gui/domain/v2-camelot-ex.com/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=v2-camelot-ex.com
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=v2-camelot-ex.com
cloudns.totargets ClouDNS- VirusTotal: 2 detections - https://www.virustotal.com/gui/domain/cloudns.to/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=cloudns.to
at0micwallets.comtargets Atomic Wallet (atomicwallet.io)- VirusTotal: 17 detections - https://www.virustotal.com/gui/domain/at0micwallets.com/detection
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=at0micwallets.com
ns1.cloudns.totargets ClouDNS- VirusTotal: 2 detections - https://www.virustotal.com/gui/domain/ns1.cloudns.to/detection
v2-dexscreener.cctargets DEX Screener (dexscreener.com)- VirusTotal: 14 detections - https://www.virustotal.com/gui/domain/v2-dexscreener.cc/detection
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=v2-dexscreener.cc
trezor.latargets Trezor Wallet (trezor.io)- VirusTotal: 5 detections - https://www.virustotal.com/gui/domain/trezor.la/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=trezor.la
ns2.cloudns.totargets ClouDNS- VirusTotal: 2 detections - https://www.virustotal.com/gui/domain/ns2.cloudns.to/detection
kodiakfinance-kodiak-finance.orgtargets Kodiak Finance (kodiak.finance)- VirusTotal: 6 detections - https://www.virustotal.com/gui/domain/kodiakfinance-kodiak-finance.org/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=kodiakfinance-kodiak-finance.org
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=kodiakfinance-kodiak-finance.org
app.uniswaq.orgtargets Uniswap (uniswap.org)- VirusTotal: 8 detections - https://www.virustotal.com/gui/domain/app.uniswaq.org/detection
kodiakfinance.nettargets Kodiak Finance (kodiak.finance)- VirusTotal: 13 detections - https://www.virustotal.com/gui/domain/kodiakfinance.net/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=kodiakfinance.net
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=kodiakfinance.net
changenow-io.ustargets ChangeNOW (changenow.io)- VirusTotal: 2 detections - https://www.virustotal.com/gui/domain/changenow-io.us/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=changenow-io.us
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=changenow-io.us
kodiak-finance-kodiakfinance.comtargets Kodiak Finance (kodiak.finance)- VirusTotal: 13 detections - https://www.virustotal.com/gui/domain/kodiak-finance-kodiakfinance.com/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=kodiak-finance-kodiakfinance.com
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=kodiak-finance-kodiakfinance.com
kodiakfinance-kodiak-finance.comtargets Kodiak Finance (kodiak.finance)- VirusTotal: 10 detections - https://www.virustotal.com/gui/domain/kodiakfinance-kodiak-finance.com/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=kodiakfinance-kodiak-finance.com
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=kodiakfinance-kodiak-finance.com
exodus-wallets.iotargets Exodus (exodus.com)- VirusTotal: 21 detections - https://www.virustotal.com/gui/domain/exodus-wallets.io/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=exodus-wallets.io
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=exodus-wallets.io
sushiswap.totargets SushiSwap (sushi.com)- VirusTotal: 9 detections - https://www.virustotal.com/gui/domain/sushiswap.to/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=sushiswap.to
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=sushiswap.to
kodiakfinance-kodiak-finance.nettargets Kodiak Finance (kodiak.finance)- VirusTotal: 1 detections - https://www.virustotal.com/gui/domain/kodiakfinance-kodiak-finance.net/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=kodiakfinance-kodiak-finance.net
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=kodiakfinance-kodiak-finance.net
camelot.exc-v3.runtargets Camelot DEX (camelot.exchange)- VirusTotal: 2 detections - https://www.virustotal.com/gui/domain/camelot.exc-v3.run/detection
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=camelot.exc-v3.run
app.kodiakifnance.runtargets Kodiak Finance (kodiak.finance)- VirusTotal: 2 detections - https://www.virustotal.com/gui/domain/app.kodiakifnance.run/detection
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=app.kodiakifnance.run
kodiak-finance.io-t2.digitaltargets Kodiak Finance (kodiak.finance)- VirusTotal: 3 detections - https://www.virustotal.com/gui/domain/kodiak-finance.io-t2.digital/detection
legder.attargets Ledger (ledger.com)- VirusTotal: 15 detections - https://www.virustotal.com/gui/domain/legder.at/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=legder.at
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=legder.at
electrum-data.cctargets Electrum (electrum.org)- VirusTotal: 6 detections - https://www.virustotal.com/gui/domain/electrum-data.cc/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=electrum-data.cc
dashboard.www.legder.at- VirusTotal: 0 detections - https://www.virustotal.com/gui/domain/dashboard.www.legder.at/detection
chicavora.comtargets Uniswap (uniswap.org)- VirusTotal: 7 detections - https://www.virustotal.com/gui/domain/chicavora.com/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=chicavora.com
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=chicavora.com
ff-info-online.comtargets FixedFloat (ff.io)- VirusTotal: 12 detections - https://www.virustotal.com/gui/domain/ff-info-online.com/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=ff-info-online.com
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=ff-info-online.com
ff-exchahge.cyoutargets FixedFloat (ff.io)- VirusTotal: 3 detections - https://www.virustotal.com/gui/domain/ff-exchahge.cyou/detection
- Listed on Spamhaus - https://check.spamhaus.org/results/?query=ff-exchahge.cyou
- Listed on APVA - https://api.antiphish.org/v1/lookup?host=ff-exchahge.cyou
Diagrams
Phishing Campaign Mindmap Overview
%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#f97316', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#ea580c', 'lineColor': '#fb923c', 'secondaryColor': '#fed7aa', 'tertiaryColor': '#fff7ed'}}}%%
mindmap
root((Phishing Campaign<br/>30 domains))
))TARGETS((
[Kodiak Finance]
(kodiakfinance-kodiak-finance.org)
(kodiakfinance.net)
(kodiak-finance-kodiakfinance.com)
(kodiakfinance-kodiak-finance.com)
(kodiakfinance-kodiak-finance.net)
(app.kodiakifnance.run)
(kodiak-finance.io-t2.digital)
[FixedFloat]
(fixedfloat.ac)
(ff-app.to)
(ff-io.to)
(fixedfloat.ca)
(ff-info-online.com)
(ff-exchahge.cyou)
[ClouDNS]
(cloudns.to)
(ns1.cloudns.to)
(ns2.cloudns.to)
[DEX Screener]
(v2-dexcsreener.net)
(v2-dexscreener.cc)
[Camelot DEX]
(v2-camelot-ex.com)
(camelot.exc-v3.run)
[Uniswap]
(app.uniswaq.org)
(chicavora.com)
[Atomic Wallet]
(at0micwallets.com)
[Trezor Wallet]
(trezor.la)
[ChangeNOW]
(changenow-io.us)
[Exodus]
(exodus-wallets.io)
[SushiSwap]
(sushiswap.to)
[Ledger]
(legder.at)
[Electrum]
(electrum-data.cc)
))INFRASTRUCTURE((
{{AS13335 Cloudflare}}
172.67.141.122
104.21.89.113
104.21.51.175
172.67.183.54
188.114.96.11
188.114.97.11
172.67.153.160
104.21.3.223
104.21.66.65
172.67.201.137
104.21.31.59
172.67.175.53
104.21.6.170
172.67.135.13
104.21.51.107
172.67.179.12
172.67.133.178
104.21.5.180
172.67.154.41
104.21.4.189
172.67.199.243
104.21.50.31
172.67.207.187
104.21.69.110
172.67.141.38
104.21.38.246
{{AS214943 Railnet}}
213.209.129.168
78.159.156.219
213.209.129.167
78.159.156.221
213.209.129.90
178.16.53.184
{{AS213702 QWINS}}
84.21.189.88
{{AS215929 Data Campus Limited}}
45.13.212.242
))REGISTRARS((
NICENIC INTERNATIONAL GROUP CO., LIMITED
Government of Kingdom of Tonga
Web Commerce Communications Limited dba WebNic.cc
Hosting concepts B.V. / Registrar.eu
Open Provider
Cosmotown
Name.com
Dynadot LLC
Devexpanse
PDR Ltd. d/b/a PublicDomainRegistry.com
CSL Computer Service Langenbach GmbH d/b/a joker.com
Web Commerce Communications
Phishing Campaign Full Overview
%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#6366f1', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#4f46e5', 'lineColor': '#a5b4fc', 'secondaryColor': '#e0e7ff', 'tertiaryColor': '#eef2ff'}}}%%
flowchart LR
subgraph BRANDS["TARGET BRANDS"]
direction TB
B1[Kodiak Finance]
B2[FixedFloat]
B3[ClouDNS]
B4[DEX Screener]
B5[Camelot DEX]
B6[Uniswap]
B7[Atomic Wallet]
B8[Trezor Wallet]
B9[ChangeNOW]
B10[Exodus]
B11[SushiSwap]
B12[Ledger]
B13[Electrum]
end
subgraph DOMAINS["PHISHING DOMAINS"]
direction TB
D1([fixedfloat.ac])
D2([ff-app.to])
D3([ff-io.to])
D4([fixedfloat.ca])
D5([v2-dexcsreener.net])
D6([v2-camelot-ex.com])
D7([cloudns.to])
D8([at0micwallets.com])
D9([ns1.cloudns.to])
D10([v2-dexscreener.cc])
D11([trezor.la])
D12([ns2.cloudns.to])
D13([kodiakfinance-kodiak-finance.org])
D14([app.uniswaq.org])
D15([kodiakfinance.net])
D16([changenow-io.us])
D17([kodiak-finance-kodiakfinance.com])
D18([kodiakfinance-kodiak-finance.com])
D19([exodus-wallets.io])
D20([sushiswap.to])
D21([kodiakfinance-kodiak-finance.net])
D22([camelot.exc-v3.run])
D23([app.kodiakifnance.run])
D24([kodiak-finance.io-t2.digital])
D25([legder.at])
D26([electrum-data.cc])
D27([dashboard.www.legder.at])
D28([chicavora.com])
D29([ff-info-online.com])
D30([ff-exchahge.cyou])
end
subgraph SPACER1[" "]
direction TB
S1[ ]
S2[ ]
end
subgraph HOSTING["HOSTING INFRASTRUCTURE"]
direction TB
subgraph CF["AS13335 Cloudflare"]
IP1{{172.67.141.122}}
IP2{{104.21.89.113}}
IP3{{104.21.51.175}}
IP4{{172.67.183.54}}
IP5{{188.114.96.11}}
IP6{{188.114.97.11}}
IP7{{172.67.153.160}}
IP8{{104.21.3.223}}
IP9{{104.21.66.65}}
IP10{{172.67.201.137}}
IP11{{104.21.31.59}}
IP12{{172.67.175.53}}
IP13{{104.21.6.170}}
IP14{{172.67.135.13}}
IP15{{104.21.51.107}}
IP16{{172.67.179.12}}
IP17{{172.67.133.178}}
IP18{{104.21.5.180}}
IP19{{172.67.154.41}}
IP20{{104.21.4.189}}
IP21{{172.67.199.243}}
IP22{{104.21.50.31}}
IP23{{172.67.207.187}}
IP24{{104.21.69.110}}
IP25{{172.67.141.38}}
IP26{{104.21.38.246}}
end
subgraph NC["AS214943 Railnet"]
IP27{{213.209.129.168}}
IP28{{78.159.156.219}}
IP29{{213.209.129.167}}
IP30{{78.159.156.221}}
IP31{{213.209.129.90}}
IP32{{178.16.53.184}}
end
subgraph LN["AS213702 QWINS"]
IP33{{84.21.189.88}}
end
subgraph HO["AS215929 Data Campus Limited"]
IP34{{45.13.212.242}}
end
end
subgraph SPACER2[" "]
direction TB
S3[ ]
S4[ ]
end
subgraph REGISTRARS["REGISTRARS"]
direction TB
R1[(NICENIC INTERNATIONAL GROUP CO., LIMITED)]
R2[(Government of Kingdom of Tonga)]
R3[(Web Commerce Communications Limited dba WebNic.cc)]
R4[(Hosting concepts B.V. / Registrar.eu)]
R5[(Open Provider)]
R6[(Cosmotown)]
R7[(Name.com)]
R8[(Dynadot)]
R9[(Devexpanse)]
R10[(PDR Ltd. d/b/a PublicDomainRegistry.com)]
R11[(CSL Computer Service Langenbach GmbH d/b/a joker.com)]
R12[(Web Commerce Communications)]
end
B2 -.-> D1
B2 -.-> D2
B2 -.-> D3
B2 -.-> D4
B4 -.-> D5
B5 -.-> D6
B3 -.-> D7
B7 -.-> D8
B3 -.-> D9
B4 -.-> D10
B8 -.-> D11
B3 -.-> D12
B1 -.-> D13
B6 -.-> D14
B1 -.-> D15
B9 -.-> D16
B1 -.-> D17
B1 -.-> D18
B10 -.-> D19
B11 -.-> D20
B1 -.-> D21
B5 -.-> D22
B1 -.-> D23
B1 -.-> D24
B12 -.-> D25
B13 -.-> D26
B6 -.-> D28
B2 -.-> D29
B2 -.-> D30
D1 --> S1
S1 --> IP1
D2 --> S2
S2 --> IP2
D1 --> IP27
D2 --> IP28
D3 --> IP29
D4 --> IP1
D4 --> IP2
D5 --> IP3
D5 --> IP4
D6 --> IP5
D6 --> IP6
D7 --> IP28
D8 --> IP7
D8 --> IP8
D9 --> IP30
D10 --> IP9
D10 --> IP10
D11 --> IP6
D11 --> IP5
D12 --> IP31
D13 --> IP11
D13 --> IP12
D14 --> IP5
D14 --> IP6
D15 --> IP32
D16 --> IP5
D16 --> IP6
D17 --> IP6
D17 --> IP5
D18 --> IP13
D18 --> IP14
D19 --> IP15
D19 --> IP16
D20 --> IP28
D21 --> IP17
D21 --> IP18
D22 --> IP19
D22 --> IP20
D23 --> IP5
D23 --> IP6
D25 --> IP21
D25 --> IP22
D26 --> IP33
D28 --> IP34
D29 --> IP23
D29 --> IP24
D30 --> IP25
D30 --> IP26
IP1 --> S3
S3 --> R1
IP34 --> S4
S4 --> R1
D1 --- R1
D2 --- R2
D3 --- R2
D4 --- R5
D5 --- R1
D6 --- R1
D7 --- R2
D8 --- R6
D9 --- R2
D10 --- R1
D11 --- R7
D12 --- R2
D13 --- R1
D14 --- R8
D15 --- R3
D16 --- R9
D17 --- R1
D18 --- R1
D19 --- R3
D20 --- R2
D21 --- R1
D22 --- R1
D23 --- R1
D24 --- R10
D25 --- R4
D26 --- R1
D27 --- R4
D28 --- R3
D29 --- R11
D30 --- R12
classDef brandStyle fill:#dc2626,stroke:#991b1b,stroke-width:2px,color:#fff
classDef domainStyle fill:#7c3aed,stroke:#5b21b6,stroke-width:2px,color:#fff
classDef ipStyle fill:#0891b2,stroke:#0e7490,stroke-width:2px,color:#fff
classDef registrarStyle fill:#d97706,stroke:#b45309,stroke-width:2px,color:#fff
classDef invisible fill:none,stroke:none,color:transparent
classDef invisibleSubgraph fill:none,stroke:none
class B1,B2,B3,B4,B5,B6,B7,B8,B9,B10,B11,B12,B13 brandStyle
class D1,D2,D3,D4,D5,D6,D7,D8,D9,D10,D11,D12,D13,D14,D15,D16,D17,D18,D19,D20,D21,D22,D23,D24,D25,D26,D27,D28,D29,D30 domainStyle
class IP1,IP2,IP3,IP4,IP5,IP6,IP7,IP8,IP9,IP10,IP11,IP12,IP13,IP14,IP15,IP16,IP17,IP18,IP19,IP20,IP21,IP22,IP23,IP24,IP25,IP26,IP27,IP28,IP29,IP30,IP31,IP32,IP33,IP34 ipStyle
class R1,R2,R3,R4,R5,R6,R7,R8,R9,R10,R11,R12 registrarStyle
class S1,S2,S3,S4 invisible
class SPACER1,SPACER2 invisibleSubgraph
linkStyle 29,30,31,32,79,80,81,82 stroke:none
Phishing Campaign Registrars Pie Chart
%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#6366f1', 'pieStrokeColor': '#1e1b4b', 'pieStrokeWidth': '2px', 'pieSectionTextColor': '#ffffff', 'pieLegendTextColor': '#1e1b4b', 'pieOuterStrokeColor': '#312e81'}}}%%
pie showData
title Domain Registrars Distribution
"NICENIC INTERNATIONAL GROUP CO., LIMITED" : 11
"Government of Kingdom of Tonga" : 6
"Web Commerce Communications Limited dba WebNic.cc" : 3
"Hosting concepts B.V. / Registrar.eu" : 2
"Open Provider" : 1
"Cosmotown" : 1
"Name.com" : 1
"Dynadot" : 1
"Devexpanse" : 1
"PDR Ltd. d/b/a PublicDomainRegistry.com" : 1
"CSL Computer Service Langenbach GmbH d/b/a joker.com" : 1
"Web Commerce Communications" : 1
Phishing Campaign ASN Hosting Pie Chart
%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#6366f1', 'pieStrokeColor': '#1e1b4b', 'pieStrokeWidth': '2px', 'pieSectionTextColor': '#ffffff', 'pieLegendTextColor': '#1e1b4b', 'pieOuterStrokeColor': '#312e81'}}}%%
pie showData
title ASN Hosting Distribution
"AS13335 Cloudflare" : 18
"AS214943 Railnet" : 8
"AS213702 QWINS" : 1
"AS215929 Data Campus Limited" : 1
Screenshots
(Screenshots for some scans may not display or may not contain complete or correct content for various reasons, which can be seen on the specific scan page)
Screenshots
Scans
fixedfloat.ac- https://urlscan.io/result/019aec73-312b-7219-9674-3e8e7ef5d498/ff-app.to- https://urlscan.io/result/019aec73-3a2b-733a-b16c-be17908e035e/ff-io.to- https://urlscan.io/result/019aec73-3e4a-7425-ac1f-5ed3fc74c4de/fixedfloat.ca- https://urlscan.io/result/019aec73-450a-77ae-a9a8-476d59753ae1/v2-dexcsreener.net- https://urlscan.io/result/019aec73-4eab-756e-a523-ad6b0da56d16/v2-camelot-ex.com- https://urlscan.io/result/019aec74-3fed-7046-a8fa-c5dfcf33cfae/cloudns.to- https://urlscan.io/result/019aec74-4c28-70b7-a539-32abb8e70fa8/at0micwallets.com- https://urlscan.io/result/019aec74-554b-722f-bc5c-5e2028ddf2d3/ns1.cloudns.to- https://urlscan.io/result/019aec74-613e-7590-bb3c-8704275d583d/v2-dexscreener.cc- https://urlscan.io/result/019aec75-5124-757b-a045-c01511c7ec5f/trezor.la- https://urlscan.io/result/019aec75-5ab8-72ac-a9ac-aa56e04b0da4/ns2.cloudns.to- https://urlscan.io/result/019aec75-6aac-77dd-a9e3-5fec216d9df4/kodiakfinance-kodiak-finance.org- https://urlscan.io/result/019aec75-7a09-71a5-a8f1-3ab6dc51b1a9/app.uniswaq.org- https://urlscan.io/result/019aec76-6808-7656-8754-a6578ea1c04f/kodiakfinance.net- https://urlscan.io/result/019aec76-7505-75ad-b001-8fb505e5d0a4/changenow-io.us- https://urlscan.io/result/019aec76-7a8c-7549-9125-6445fc86793b/kodiak-finance-kodiakfinance.com- https://urlscan.io/result/019aec76-86b6-757b-88d8-5bd57cd366f7/kodiakfinance-kodiak-finance.com- https://urlscan.io/result/019aec77-77f9-75e7-8e56-cf9d107b23a8/exodus-wallets.io- https://urlscan.io/result/019aec77-84a3-77c8-a3a2-566bd758bf17/sushiswap.to- https://urlscan.io/result/019aec77-8bce-7133-bdd0-f7b8404602c5/kodiakfinance-kodiak-finance.net- https://urlscan.io/result/019aec78-7b79-740e-aa3d-3ae04b008d6b/camelot.exc-v3.run- https://urlscan.io/result/019aec78-8f1e-73ce-9079-ac78db0c656c/app.kodiakifnance.run- https://urlscan.io/result/019aec78-a28f-756c-8fb6-9f267a7fea74/kodiak-finance.io-t2.digital- https://urlscan.io/result/019aec76-7505-75ad-b001-8fb505e5d0a4/legder.at- https://urlscan.io/result/019aec79-a206-72fc-9578-1412684adf1b/electrum-data.cc- https://urlscan.io/result/019aec79-a9f4-7623-b5e3-c552e12a193b/dashboard.www.legder.at- https://urlscan.io/result/019aec79-a206-72fc-9578-1412684adf1b/chicavora.com- https://urlscan.io/result/019aec77-7e9c-750d-8ddb-d40c98b0b726/ff-info-online.com- https://urlscan.io/result/019aec79-9842-774f-9d88-49d845f612be/ff-exchahge.cyou- https://urlscan.io/result/019aec79-9cb4-70c5-9316-6efd1de17f60/
Report Metadata
ID: c4aa466f84100f70b0b | Timestamp: 05.12.2025 03:44:09 UTC | Domains: 30 | Detections: VT: 240 | Spamhaus: 21 | APVA: 22 | Attack Vector: Phishing | Threat Level: Critical