truswellat.com Open in urlscan Pro
104.21.9.163 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://truswellat.com/index.html
Effective URL:
https://truswellat.com/404.html
Submission Tags: @ecarlesi #phishing #trustwallet Search All
Submission: On December 18 via api (December 18th 2022, 9:10:49 am UTC) from FI — Scanned from FI

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 104.21.9.163, located in and belongs to CLOUDFLARENET, US. The main domain is truswellat.com.
TLS certificate: Issued by GTS CA 1P5 on December 17th 2022. Valid for: 3 months.

This is the only time truswellat.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Trustwallet (Crypto)

Domain & IP information

	IP Address	AS Autonomous System
13	104.21.9.163 104.21.9.163	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	103.235.46.191 103.235.46.191	55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.)
17	4

13 104.21.9.163 (None, )

ASN13335 (CLOUDFLARENET, US)

truswellat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	truswellat.com truswellat.com	343 KB
2	baidu.com hm.baidu.com — Cisco Umbrella Rank: 9099 Failed	12 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	30 KB
17	3

	Domain	Requested by
13	truswellat.com	truswellat.com
2	hm.baidu.com	truswellat.com
1	code.jquery.com	truswellat.com
17	3

This site contains no links.

Subject Issuer	Validity	Valid
*.truswellat.com GTS CA 1P5	`2022-12-17` - `2023-03-17`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
baidu.com GlobalSign RSA OV SSL CA 2018	`2022-07-05` - `2023-08-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://truswellat.com/404.html
Frame ID: 93613792EC64180E96719EF4A60D1221
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404

Page URL History Show full URLs

https://truswellat.com/index.html Page URL
https://truswellat.com/404.html Page URL

Detected technologies

Baidu Analytics (百度统计) (Analytics) Expand

Overall confidence: 100%
Detected patterns

hm\.baidu\.com/hm\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

385 kB
Transfer

747 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://truswellat.com/index.html Page URL
https://truswellat.com/404.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 index.html Show response
truswellat.com/ 20 KB
6 KB 1084ms
617ms Document
text/html 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7b78db2bd8cb402e61a5b485d2ec7c46426130b0268b98d3258982b4fc2c832

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 77b6c45ccad12dea-KBP
content-encoding: br
content-type: text/html
date: Sun, 18 Dec 2022 09:10:44 GMT
last-modified: Sat, 17 Dec 2022 19:03:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPNVQV10Ihd%2FbF96KllURrLkuoLG77PfjiwFFTyXkTH1dI93DMM8eof%2FpWHanai2FfBOZtXCI4bdQLgAQRarOH6W58klZZSFn9PPSeEA6cAv1bKCYomWKwCKjO5gS13WeA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 IBMPlexSans-Regular.woff2
truswellat.com/assets/fonts/IBMPlexSans/ 55 KB
55 KB 66ms
64ms Font
font/woff2 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/assets/fonts/IBMPlexSans/IBMPlexSans-Regular.woff2
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd6cd52bf15d2f5bf7519cd3d876ae2d37306e77d1a95a63e867e6c95ab9c49e

Request headers

Referer: https://truswellat.com/index.html
Origin: https://truswellat.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 732
etag: "639dea48-db78"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uIM67Kvo1ajvOc5lm0Ew4y7y3GJIHmfX6t%2FXfTDuQkaULFtN%2F%2FpPAI30vXKcDt6OdeQPvGOvJq6AeWdt4zP2ZcofkC5LFO95GCCvK9%2BbG0T7iosRbdoq8bhtONx9DK1Zkg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77b6c4611ad82dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56184

GET
H2 200 IBMPlexSans-Bold.woff2
truswellat.com/assets/fonts/IBMPlexSans/ 55 KB
55 KB 122ms
121ms Font
font/woff2 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/assets/fonts/IBMPlexSans/IBMPlexSans-Bold.woff2
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8899b62d74d06f482f132b600d49c9a51cf13a3d830ac35d158f8cce65079c20

Request headers

Referer: https://truswellat.com/index.html
Origin: https://truswellat.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 732
etag: "639dea48-db30"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQoixK7cnlu2geNQz%2BjB2CKBgTWaF8PdqctBFpz5m7Ulesog42D8gHjIB1te8CbGw8HJIyz45o4qtTzVRpZuxs6gmdqlaHwMy2W0x4OKDXqW%2BKj0CTjP%2FZVKEYp1dwS%2Fiw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77b6c4611add2dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56112

GET
H2 200 IBMPlexSans-Medium.woff2
truswellat.com/assets/fonts/IBMPlexSans/ 58 KB
59 KB 123ms
122ms Font
font/woff2 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/assets/fonts/IBMPlexSans/IBMPlexSans-Medium.woff2
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a61c089861e3cd5bb3a48cf80da84cbe10bd65b5ef6a9276fa43f4e8599876cf

Request headers

Referer: https://truswellat.com/index.html
Origin: https://truswellat.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 732
etag: "639dea48-e958"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rLIVyxnJrOhCM1Oatl8gAengtAktwQ4G1qJY69BWUH6JnQG5tLcelPjcldLPlhPT5w4dZph8%2Bctqyfo6h1Y3HFIZ3E9PaPVOBwKmcCMhV8v27tw93FKk3WB1MWLdic0qRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77b6c4611ade2dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 59736

GET
H2 200 main.css
truswellat.com/css/ 231 KB
38 KB 123ms
122ms Stylesheet
text/css 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/css/main.css
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 380f89e0cf1b954bd09e09c504afcd7727ff0b48e487815ca9765e2b6366d5af

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 732
etag: W/"639dea48-39dd5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CjNz297UNd0saQXt7Z246fyem7ZxCAP41VcfHtjlF3xMKFger4z5v0rDZ66GX3o%2BeJXC1jSLHewrFnR3KXp73Z%2F8nI%2FSq7HzcOr45KjIYRzeokBolbUAeRvEkZ4AeGU%2Bgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 77b6c4611adb2dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-3.1.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 450ms
47ms Script
application/javascript 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.1.1.min.js
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: nginx /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:45 GMT
content-encoding: gzip
x-sp-metadata: HS256.CKXO+5wGEokBCiQxNjY4MzRhYy04NzI1LTQ3YWMtOWZmZi1lOTUxYTJiN2VhMGEQ+OiCoKvU+wIaBgiVsvucBiIOMTk0LjM0LjEzNC4xNDco9MIDMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaLAgBEiQzZjdmOTVkYi05ZDViLTRlMmYtOThiZS1iMmNlY2NjNWM4N2MY9uoBIhgIAhIUY2RzMDEwLnNrMS5od2Nkbi5uZXQ=.ntgMHNgA2YI9yypmm/a9SF5dz8Q7CrCWtrnBC4A+qVM=
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-152b5"
vary: Accept-Encoding
x-hw: 1671354645.dop220.sk1.t,1671354645.cds210.sk1.hn,1671354645.cds010.sk1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30070

GET
H2 404 features-2.svg
truswellat.com/assets/images/ 0
0 621ms
621ms Other
text/html 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/assets/images/features-2.svg
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:45 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWvlAt%2BMlBmNCehYcYZ34Nivlx4lQYLAGcZpZ93NQr7q0IhskkhrL6gXGa5WrFrjkBU1Jt4zlQ677Va%2FX5pNfltmuvNv5sqsXQ3MxMnCmqJmKCtxOnL21HIUh0wJHInVow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 77b6c4613b112dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 404 socials.svg
truswellat.com/assets/images/ 0
0 618ms
618ms Other
text/html 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/assets/images/socials.svg
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:45 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gy42AmHd8il7FoyqIuERXJTDEXlYCCGFVgsR%2FNExSQ0lF1764wi6C2KXXmcEMphTvtcv6NB88cEM%2BIWknXjnp4453Sigz3XschhyRI4Zam39UIoIo%2Bsc8AYcSN%2FzLe8kWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 77b6c4613b132dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 trust_logotype.svg
truswellat.com/assets/images/ 14 KB
6 KB 73ms
73ms Image
image/svg+xml 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://truswellat.com/assets/images/trust_logotype.svg
Requested by: Host: truswellat.com
URL: https://truswellat.com/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61ea304b4cef90b7cbdeb0ca437f90128bd4e52323e19a86e7ea6a50d568d1c8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 731
etag: W/"639dea48-391d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMBL%2FV6sz1r1h%2FHFrdPHFmCoys%2BfOZCSKNn1i0kHuOU6%2BGeOGSXo3wCJUuG6ogdivOs037YgpwllMS6VSwnozLxJcvz6WSqswEawgCoQrzp1VaY0Hh24sWPJNC458mkmQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 77b6c4625de82dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 flags.png
truswellat.com/assets/images/ 4 KB
4 KB 66ms
65ms Image
image/png 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://truswellat.com/assets/images/flags.png
Requested by: Host: truswellat.com
URL: https://truswellat.com/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d875556135e6cd96c417240f22d3744feede77b33fa93287c553193fed04233e

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 731
etag: "639dea48-eac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVfcD7rUEtdIUH4wO6D%2BIwwmESm3OiW4YHEUWgu612keCm1smH0tM5kW1y1hK8LlLvWy%2BTJgGIM1B%2FCBT3W6WYtDRkePOs96GDSsDhKStcrkOPh7gyX%2FYnFxhrE7bf69KA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77b6c4625deb2dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3756

GET
H2 200 download_buttons.svg
truswellat.com/assets/images/ 107 KB
31 KB 74ms
74ms Image
image/svg+xml 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://truswellat.com/assets/images/download_buttons.svg
Requested by: Host: truswellat.com
URL: https://truswellat.com/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2332a7a1574d4e28a80825c4285a67f2e1f7d2dd2c6abc92685c7dffee1b1859

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 731
etag: W/"639dea48-1ac5a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pXRu6TsZVCcrBbNctDRErgeogPA4s7cbRoP9Wnohx0JD62tA6KxcZ%2FTR6EzMzqIvbqGW5tK0fs5flaXqdVCz7fZLfQGotV8doLyvKBV5Jbik%2FDJKRAesIno4tGiUum%2BgxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 77b6c4625dec2dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 check.svg
truswellat.com/assets/images/ 257 B
486 B 67ms
67ms Image
image/svg+xml 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://truswellat.com/assets/images/check.svg
Requested by: Host: truswellat.com
URL: https://truswellat.com/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0eb4b343b36aa2ef18a0ccb84c6b4e6acdbd42565740f356216548523777879f

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 731
etag: W/"639dea48-101"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjqJePcPiOVpOK6A%2F3cUfReoYXro%2FSGpFZT1aGnYP1nBw0ePsbyhIYz0os0MyLKwK9rTDVOarmcqXkXmLxRT%2FF8Xb5Y%2F9bb4B4UvpANYeHnw4mPSvZOoU%2FNV2nFmFcYlsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 77b6c4625ded2dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 home_hero.png
truswellat.com/assets/images/ 88 KB
88 KB 109ms
109ms Image
image/png 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://truswellat.com/assets/images/home_hero.png
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e22a088e0e411a08e2e2b74910c43d476e941d7764209516eb8bfb389fd03c0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 09:10:44 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Dec 2022 16:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 731
etag: "639dea48-15e3d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7QnV9d0HXSylqMP%2FUi6sIyzK%2FVQnmvYWAtszYGFWWMH1EGzbPMY86A%2B6UhOxQsLpwvuXwuEBXDBCO6gPyVFPh7qpDqbaC977gBBFL696BF67D%2FP13UJjNnTEr0VP5Oam2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77b6c462aea42dea-KBP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 89661

GET hm.js
hm.baidu.com/ 0
0

GET
H2 200 Primary Request 404.html Show response
truswellat.com/ 748 B
686 B 339ms
338ms Document
text/html 104.21.9.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://truswellat.com/404.html
Requested by: Host: truswellat.com
URL: https://truswellat.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 346461e7a7da8ed2a5bb3273656e7934c4570590c79e137b262dc0d31fcd04da

Request headers

Referer: https://truswellat.com/index.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 77b6c46439c52dea-KBP
content-encoding: br
content-type: text/html
date: Sun, 18 Dec 2022 09:10:45 GMT
last-modified: Sat, 17 Dec 2022 19:07:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elICpfqHIHp3HrUmwg4D4%2BugkwLVutc6jOicy1NwaGpFgzhsN%2FR2dlqNE2NCAs5qgSo649mEJDVhLrTHiklKTxrgT2uEY1%2FxOyGXzrxJzcELoNZjT9iGzYr3JAghdt%2Fkrw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 29 KB
12 KB 1676ms
356ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?fd238420736f34840ab92f16487c3f50

Requested by

Host: truswellat.com
URL: https://truswellat.com/404.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

084202157217dba01a1be939a1f7364865f4457b88d96b1eb3e93ed6dab9edbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 18 Dec 2022 09:10:47 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=172800
Server: apache
Etag: cc42082016d1d43e96c042980245989a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Length: 11257

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 345ms
345ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=521389051&si=fd238420736f34840ab92f16487c3f50&su=https%3A%2F%2Ftruswellat.com%2Findex.html&v=1.3.0&lv=1&sn=15543&r=0&ww=1600&u=https%3A%2F%2Ftruswellat.com%2F404.html&tt=404

Requested by

Host: truswellat.com
URL: https://truswellat.com/404.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://truswellat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 18 Dec 2022 09:10:47 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
Server: apache
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hm.baidu.com
URL: https://hm.baidu.com/hm.js?fd238420736f34840ab92f16487c3f50

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Trustwallet (Crypto)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| _hmt boolean| _bdhm_loaded_fd238420736f34840ab92f16487c3f50 object| mini_tangram_log_sakudx

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hm.baidu.com/	1970-01-20 17:51:54	Name: HMACCOUNT_BFESS Value: 06D65E2488E2665A
.truswellat.com/	1970-01-20 17:01:30	Name: Hm_lvt_fd238420736f34840ab92f16487c3f50 Value: 1671354648
.truswellat.com/	1969-12-31 23:59:59	Name: Hm_lpvt_fd238420736f34840ab92f16487c3f50 Value: 1671354648

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://truswellat.com/assets/images/socials.svg#social_facebook Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://truswellat.com/assets/images/features-2.svg#card Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
hm.baidu.com
truswellat.com
hm.baidu.com
103.235.46.191
104.21.9.163
69.16.175.10
084202157217dba01a1be939a1f7364865f4457b88d96b1eb3e93ed6dab9edbf
0eb4b343b36aa2ef18a0ccb84c6b4e6acdbd42565740f356216548523777879f
2332a7a1574d4e28a80825c4285a67f2e1f7d2dd2c6abc92685c7dffee1b1859
346461e7a7da8ed2a5bb3273656e7934c4570590c79e137b262dc0d31fcd04da
380f89e0cf1b954bd09e09c504afcd7727ff0b48e487815ca9765e2b6366d5af
61ea304b4cef90b7cbdeb0ca437f90128bd4e52323e19a86e7ea6a50d568d1c8
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8899b62d74d06f482f132b600d49c9a51cf13a3d830ac35d158f8cce65079c20
9e22a088e0e411a08e2e2b74910c43d476e941d7764209516eb8bfb389fd03c0
a61c089861e3cd5bb3a48cf80da84cbe10bd65b5ef6a9276fa43f4e8599876cf
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d875556135e6cd96c417240f22d3744feede77b33fa93287c553193fed04233e
dd6cd52bf15d2f5bf7519cd3d876ae2d37306e77d1a95a63e867e6c95ab9c49e
e7b78db2bd8cb402e61a5b485d2ec7c46426130b0268b98d3258982b4fc2c832

truswellat.com Open in urlscan Pro 104.21.9.163 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

385 kBTransfer

747 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

truswellat.com Open in urlscan Pro
104.21.9.163 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

385 kB
Transfer

747 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!