http://ilveropinko.eth.limo
3.135.72.151 · AWS EC2 (us-east-2)
Dublin, United States
1820 days
200 · 50.9s
Valid· E8, Let's Encrypt, US
COMPLETED
Registered-domain escalation
Submit eth.limo as the primary IOC, enriched with evidence from hostile subdomains like ilveropinko.eth.limo.
No KB/IOK detections were recorded for this scan.
technology | ecommerce | finance | other · 7/19/2026
The page presents branding for “il vero pinko – IPFS Menu” but the domain ilveropinko.eth.limo is not an official brand domain. External API endpoints on off-domain hosts are observed, and the SPA loads dynamic content from off-domain catalogs, suggesting potential credential or data harvesting risk via embedded or proxied services. No direct credential form is found in static HTML, but the SPA pattern with off-domain API calls (catalog.json) and external script usage indicates possible credential collection or data exfiltration through a hidden interface rendered by JavaScript.
Capture
Stages: 2
Canonical: Settled Render
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 12
Hosts: 5
Domains: 5
Suspicious Endpoints
hxxps://telegram-product-hub[.]preview[.]emergentagent[.]com/api/catalog.json
hxxps://telegram-product-hub[.]emergent[.]host/api/catalog.json
Off-Domain Posts
hxxps://telegram-product-hub[.]preview[.]emergentagent[.]com/api/catalog.json
hxxps://telegram-product-hub[.]emergent[.]host/api/catalog.json
The site presents a decentrally hosted brand page under a non-official domain and actively loads off-domain API endpoints, which may be used to harvest data or drive external content. The combination of SPA rendering, external API calls, and a short-lived TLS certificate increases suspicion of potential data collection or deceptive branding. Recommend monitoring and confirm branding legitimacy, and consider blocking or suspending if abuse is confirmed or if data exfiltration is observed in traffic. The current evidence does not show a direct credential harvesting form in static HTML, but the SPA pattern with off-domain endpoints warrants caution.
Monitor