metamask.io-update.app
Open in
urlscan Pro
47.254.174.32
Malicious Activity!
Public Scan
Effective URL: https://metamask.io-update.app/
Submission: On October 09 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 15th 2021. Valid for: 3 months.
This is the only time metamask.io-update.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 173.239.8.164 173.239.8.164 | 27257 (WEBAIR-IN...) (WEBAIR-INTERNET) | |
2 2 | 173.192.101.24 173.192.101.24 | 36351 (SOFTLAYER) (SOFTLAYER) | |
1 1 | 172.67.199.243 172.67.199.243 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 10 | 47.254.174.32 47.254.174.32 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co.) | |
1 | 104.16.19.94 104.16.19.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.186.35 142.250.186.35 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.21.90.240 104.21.90.240 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 5 |
ASN27257 (WEBAIR-INTERNET, US)
PTR: icsvm3.webair.com
metamask-verification.com |
ASN36351 (SOFTLAYER, US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com
mybetterdl.com | |
p226681.mybetterdl.com |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)
metamask.io-update.app |
ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
io-update.app
1 redirects
metamask.io-update.app |
205 KB |
2 |
mybetterdl.com
2 redirects
mybetterdl.com p226681.mybetterdl.com |
1 KB |
2 |
metamask-verification.com
metamask-verification.com |
2 KB |
1 |
tanalytics.xyz
tanalytics.xyz |
632 B |
1 |
gstatic.com
fonts.gstatic.com |
8 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
10 KB |
1 |
adstrackme.com
1 redirects
adstrackme.com |
1 KB |
14 | 7 |
Domain | Requested by | |
---|---|---|
10 | metamask.io-update.app |
1 redirects
metamask-verification.com
metamask.io-update.app |
2 | metamask-verification.com | |
1 | tanalytics.xyz | |
1 | fonts.gstatic.com |
metamask.io-update.app
|
1 | cdnjs.cloudflare.com |
metamask.io-update.app
|
1 | adstrackme.com | 1 redirects |
1 | p226681.mybetterdl.com | 1 redirects |
1 | mybetterdl.com | 1 redirects |
14 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
metamask.io-update.app R3 |
2021-09-15 - 2021-12-14 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://metamask.io-update.app/
Frame ID: 12A6C9CE88C1C9DB3FDB90227A98BFE9
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
MetaMask DownloadPage URL History Show full URLs
- http://metamask-verification.com/ Page URL
- http://metamask-verification.com/ Page URL
-
https://mybetterdl.com/aS/feedclick?s=w_Wj54-Mm6TV7tX4V9JMK-Qe9oeAxWhYV4HPe1PN31VPO9R416BnmH5XPU-DA...
HTTP 302
https://p226681.mybetterdl.com/adServe/domainClick?ai=0riecu378Dk7_0JnLqAMl4E9t0vm0pw2nMZoldo3UhFNJU3lEPq1m... HTTP 302
https://adstrackme.com/s6Wrdx8Q?keyword=metamask-verification.com&cost=0.2¤cy=USD&external_id... HTTP 302
https://metamask.io-update.app/?key=123&subid=209r496sosn HTTP 307
https://metamask.io-update.app/ Page URL
Detected technologies
FingerprintJS (JavaScript libraries) ExpandDetected patterns
- fingerprint(\d)?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://metamask-verification.com/ Page URL
- http://metamask-verification.com/ Page URL
-
https://mybetterdl.com/aS/feedclick?s=w_Wj54-Mm6TV7tX4V9JMK-Qe9oeAxWhYV4HPe1PN31VPO9R416BnmH5XPU-DAmA9J-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZbCQNB8oA6b8o_2szb4ydphLvJ3coLAj2sLI_RalizEQmcVjFyxSKD9mNp-ZNGHhw17vPAfhbGFb09ao6AvleqnRMjqN2K_1mBRD74Cp9XewD3yWMjiR1iPzfLHHiHlyfDGMjuZ1bhU2Fuxez9sG2NEkOwHuSghrEo3CqiMCGJQEssCTGWXoyCMd_W2M-H9mGz9WD_zZg_sVZzJu3ADLeAaG1doKBArCgSsWp_b0kUq1R1AJD2gofWdIp3ADDIrzaJ1u_yRB5OSrIz4jC6OPGxsBifWzjQnROxvc_feARX5gdorc8TER0fQT60x9D5f0yimy-jbeB2TjSOmW-A_NFZLXABXAr8TvWpGZv23zSGwNovyKNQAnNgNDHBUqtKR3B3_1N5s_s6Febdixl-N4yQNiGARzD3PXvAoAaETOuc-o4R8i6pd8XWA7mMCMqZMrx_YMAEA44T9Duo4BDo2fOYbz5a9xoc2_vW1qZV3AVkDEWClupmius0bUqyEXPJOo5VPhAChNT-v7LckXeRGNfg3nW_JHZGh6l3wAeVCubD1hRc8aqypaamLEsmTLvhuqmzx-bzKf0jj0yGKspBprarXeoAeSodv-OpHyDkhsS9rS58kjSdWIiggsjpowU0Gd9OS11gVrY0sPF9OVgFNDNvCv7jqfzjSN31TVrf8fNIfd5jgp_XSA3WmEtTGgCAAUkbcuUceiUoA10Gp7-M1c5vFhDCmxa9h_jzzLClwP7MY9KyFWHqvnFB9AVVIobBYEHxPMbioz9KSRvDtyrHl-D_l5vX9MvZ4ZilEQSb8Dbu-RSAy8nybs3JwLlAJxBEP5IYJk_mJNkVIRVDRl1RsE27tt9VrK1u66RySUlxL8ASeXAtE7EGozl11DqnyD1oMTw8eWMKZZ6tD42otAYfBAiuenUf7x4COxO62d7x_ipHerWz_pI3_0G3iZJ7oUoyrlfmWpQ72bc4t2OuhtpbN7grNlCwZX2dw9jxff-1LWX46P7a51NIz6QK8V8Mzi_jaaIJWz0wOzVnPWygNm1m3Qq0RPV9wGELAqQBJ96XZxkqEKR0wOys_X6PeJip01C8trXkIE3rD_YYcRg0R1huLlliAlxsKB_LBxyDMWDEcIrEsluFClVyyFIA6tqCJWlIXuPiXimj-ytXsIJhccXI35do1o0ZQWr8yGfTnmBlX7ANpNrRKD6-YFM62x7940UJlp0i2L-4COsWdTlIP5ptT_pYvSlk_fnsutmWJzI1I19HQtb_CQ4iURDOmlv-9QrW5wtZROa1cKlgy16AXVwBYejTe2KSXVHQr-eLQCd7mALja55XmWfU0oQ-Xip5mg4147vMvnd0EE6P662-Sdn899TChFsxBmGBpt_L47sxemzLfau3iBbrDSqqhAUya0tZsfjXo6BN1QSmhr1ttHk-cffItRxfnlLl1BMXc4Z29nZjWWg3vRT21V-Q05CDJKxbV2y0mhgJblD5ss3Wc7YgG_4OiY0848uURXej3l6JxzC1aeIKrFDJ0d07f2m2uOhuSOHuRwRwBiPGktwib30UC7yztiAbtp9NeTI
HTTP 302
https://p226681.mybetterdl.com/adServe/domainClick?ai=0riecu378Dk7_0JnLqAMl4E9t0vm0pw2nMZoldo3UhFNJU3lEPq1mYZ2m_efEw3y-_ACIpIOd8S4UJb8bH400jpSP4sCcwhJeiberlSrt6uBm883W2KgpGqAQTR_kWOHRNsNohWzGfZb9VHFY9cTdGWp__riXRnqGnLL9g3RhC2ktJmalqtYda7eIFusNKqqEBTJrS1mx-NejoE3VBKaGtJfQlFmkXCoeyZeB4t_supbj8yLhZgjMpv-RIH4A3-ECo9FiMZWG5j6oFfj9EPe-X-oJi-H9AZD_gmZk_1vPboHmv4eM-ZIwq_73nZzCkLFJmCCRov00lFk38X7NSW9FaHwd9wVvpvaQxvgOjvL5v4N7Ssv4XmSKZZXpgFk2j54e8rROKEv96SS-CpzjmCCRSkbjTnD0JcoWrkuEiZvcEKC67YP62osaVKsh-dcjcrEf7X8aqNKDMBICUQx8RHS_UFuyjOQLz4P4HJunKpK9iGB4S06_HjXNVisct7fyi_yL0h065FuFzo&ui=w_Wj54-Mm6TV7tX4V9JMKxThTij6CEvk5BqBrDJxXOEHmv4eM-ZIwvMERjreiCMBxGUN-LVCjJ-CfNERpBYIdzpsXj8nR6PFLthCnSJUWcsrhp_dMhukdQ&si=1&oref=a0c894c79e279f5f6c9bd366b32b7acd&optunit=rt4gW6w0qqoQFMmtLWbH416OgTdUEpoaedKJQNXmIYM&rb=fo1ZlrwmrMc&rr=1&abtg=0 HTTP 302
https://adstrackme.com/s6Wrdx8Q?keyword=metamask-verification.com&cost=0.2¤cy=USD&external_id=87259192718&creative_id=@@CREATIVE-ID@@&ad_campaign_id=mmask+referral&source=440182604 HTTP 302
https://metamask.io-update.app/?key=123&subid=209r496sosn HTTP 307
https://metamask.io-update.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
metamask-verification.com/ |
378 B 457 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
/
metamask-verification.com/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
metamask.io-update.app/ Redirect Chain
|
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
metamask.io-update.app/ |
16 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fingerprint2.min.js
cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.4/ |
30 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mm-logo.svg
metamask.io-update.app/images/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
download-extension.png
metamask.io-update.app/images/ |
103 KB 104 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chrome_1chrome.png
metamask.io-update.app/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Firefox_1Firefox.png
metamask.io-update.app/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Brave.png
metamask.io-update.app/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Edge.png
metamask.io-update.app/images/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
metamask.io-update.app/ |
591 B 931 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
fonts.gstatic.com/s/changaone/v13/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
tanalytics.xyz/ |
0 632 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| Fingerprint2 object| xd number| mm boolean| br undefined| c string| lse function| setCookie function| getCookie string| cook string| yad string| subid function| update_tokens number| timezone string| kUrl10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
metamask-verification.com/ | Name: ipc Value: eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjI5MCwiZmVlZElkIjoyMSwidHMiOjE2MzM3NzEzNjAsImhhc2giOiIzNzg2YzY4YyJ9 |
|
.mybetterdl.com/ | Name: rhid Value: 79826358868 |
|
.mybetterdl.com/ | Name: loi Value: ad_1099815_off_546437_aff_89708_cid_226681-METAMASK-VERIFICATION.COM_ts_1633771361 |
|
adstrackme.com/ | Name: _subid Value: 209r496sosn |
|
adstrackme.com/ | Name: _token Value: uuid_209r496sosn_209r496sosn61615f618bfe45.52595013 |
|
adstrackme.com/ | Name: f5ddc Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjUzNlwiOjE2MzM3NzEzNjF9LFwiY2FtcGFpZ25zXCI6e1wiMTU4XCI6MTYzMzc3MTM2MX0sXCJ0aW1lXCI6MTYzMzc3MTM2MX0ifQ.lXtZo7MWxgy28MJ5dJtHhi98CJXNhNcVue31ScRuBDE |
|
metamask.io-update.app/ | Name: PHPSESSID Value: 724hdi6dvua2ppc52gn810raoh |
|
metamask.io-update.app/ | Name: key Value: 123 |
|
metamask.io-update.app/ | Name: subid Value: 209r496sosn |
|
metamask.io-update.app/ | Name: name Value: cw |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adstrackme.com
cdnjs.cloudflare.com
fonts.gstatic.com
metamask-verification.com
metamask.io-update.app
mybetterdl.com
p226681.mybetterdl.com
tanalytics.xyz
104.16.19.94
104.21.90.240
142.250.186.35
172.67.199.243
173.192.101.24
173.239.8.164
47.254.174.32
40473547936835598d165e4d4ac8c8a8d814c0fead89ad94e02ba1c9a1c27d59
52c88349bd9d45937236e20a4c9928f8a15db9dc7418436900e667b344e079c5
53c4aac592ec3377bab14d9cbdfdad189ffaa15264483d9103b6f05feb6259c2
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
6643f9327bc18e8108d0bc474eee816d0807a10dc8ad3702797e8f81f23c888b
68ecfe4304fd63bf094e260ba82fb4ecd0a87e4cc17b62495a5564aa1fd8e68b
80db6707502fe5c22a7730e3f541bef6ffcc20f7ec33e9bac65eb41749e93192
84ea6bece58d7fd72eb4446d06d52e4b8e03eee444cb01c6b1c240eb6c412d02
90af37bb98146aba902ae19d013dc16ead7ea6f5050f339a5728eaf2a068c7ec
cd70b79d81f32aa721dedf46ea682f1f0c1808d2ffe09da63730b2a01380c214
e2bce7e3f85456cb30a1803f8f261157ca8922d7e0b1c5baf421d65cfd87619d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855