metamask.promo
Open in
urlscan Pro
2606:4700:3035::6815:5ed5
Malicious Activity!
Public Scan
Submission: On May 02 via api from US — Scanned from DE
Summary
This is the only time metamask.promo was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 2606:4700:303... 2606:4700:3035::6815:5ed5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a06:98c1:312... 2a06:98c1:3120::11 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:5914 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
19 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
metamask.promo
metamask.promo |
40 KB |
4 |
gstatic.com
fonts.gstatic.com |
42 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 574 |
338 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 341 |
224 KB |
1 |
swim.claims
swim.claims |
29 KB |
19 | 5 |
Domain | Requested by | |
---|---|---|
11 | metamask.promo |
metamask.promo
|
4 | fonts.gstatic.com |
metamask.promo
|
2 | cdn.jsdelivr.net |
metamask.promo
|
1 | cdnjs.cloudflare.com |
metamask.promo
|
1 | swim.claims |
metamask.promo
|
19 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
swim.io |
docs.swim.io |
discord.com |
twitter.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-04-14 - 2023-04-14 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-04-11 - 2022-07-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://metamask.promo/
Frame ID: 1705AEADBEB080CBF9B282873A56A46C
Requests: 19 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title: Home
Search URL Search Domain Scan URL
Title: Docs
Search URL Search Domain Scan URL
Title: Request feature
Search URL Search Domain Scan URL
Title: Discord
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
metamask.promo/ |
24 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
metamask.promo/css/ |
159 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
swimlogo.jpeg
swim.claims/ |
28 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
question-mark.2446fa68.svg
metamask.promo/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bulb.c38857e9.svg
metamask.promo/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info.a2fe040d.svg
metamask.promo/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
discord.8f193baa.svg
metamask.promo/img/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter.7c73c4a0.svg
metamask.promo/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter-light.svg
metamask.promo/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
discord-light.svg
metamask.promo/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bignumber.min.js
cdn.jsdelivr.net/npm/bignumber.js@9.0.2/ |
18 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3.min.js
cdnjs.cloudflare.com/ajax/libs/web3/1.5.2/ |
1 MB 224 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3.min.js
cdn.jsdelivr.net/npm/web3@latest/dist/ |
1 MB 328 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
metamask.promo/js/ |
16 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
planet.svg
metamask.promo/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rP2Cp2ywxg089UriASitCBimCw.woff2
fonts.gstatic.com/s/dmsans/v6/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone number| count function| getRandomInRange function| timeDisp function| BigNumber function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 function| changeTheme function| writeCookie function| readCookie number| mintnumber number| interval function| foo1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
metamask.promo/ | Name: mintede Value: 512 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.gstatic.com
metamask.promo
swim.claims
2606:4700:3035::6815:5ed5
2606:4700::6810:5914
2606:4700::6811:190e
2a00:1450:4001:82b::2003
2a06:98c1:3120::11
3cd29fcd28558f2d1a4273dcca8b904b79b4ad2c19c0ce9d096da1e89f292546
40696c58debdfdb7cd58856536a7a6a9cdc7ef308a0f4c706553790048dddab6
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
582de4c95b35066cdf1108031e1aa830ada51da880dad3cd8202d5bd8e5831a5
5c996bd1654516e4dfcd47681462d20eb3b711bae92f847da4bd04e29f601450
6c95602b656e53eada598edb0dec8743a47e9bfb703034d4707d8d05a7a13ec7
76c3e47fce56b81b95a2b24c7e34107aed136ead38a9d319c9d53799704c6b4d
7e73fa2ca88f5c3477faf0c2786a36c63f9066530b801cc961aeb2445bb6972e
9c90e5c2c7b2b750b8139738f91591127b20fb5f493040448129e42a407f68a0
a8e5a0c39f7371f633203c6e77de59b3fff273bc2c1a5df9c1356e6dc24ad92d
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
bfccb9edd2658df7f22748f618a36f42c45e0320c79b361b0ff7d00be836e1f7
c65274307ab7841a16a4a914d5790d1020726a620a1089f5a67dad6fddb80775
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
df2ddc3657b0b32d54b559821a84ccd9a196f93612e6a5a6a77c128fa899500e
e36947480ea785062b873aa85958be75e4f156115bdec0412c7b8ceba2082b3a
f20b8881fa95ac049cec8f2c9eb9d4efe71fef420adbb943ca62d82fa7127a92
f2133f8799ab54f646b15ee3ed09a1c38980d7bced826cdc080d3dd894b86fba