urlscan.io logo urlscan.io
SecurityTrails logo

xn--app-opnse-81a8f.com Open in urlscan Pro Puny
app-opénseá.com IDN
198.54.115.150  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://xn--app-opnse-81a8f.com/metamask.html
Submission Tags: https://phish.report @phish_report Search All
Submission: On May 25 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 198.54.115.150, located in United States and belongs to NAMECHEAP-NET, US. The main domain is xn--app-opnse-81a8f.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2022. Valid for: a year.
This is the only time xn--app-opnse-81a8f.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

IP Address AS Autonomous System
1 198.54.115.150 22612 (NAMECHEAP...)
1 2
Apex Domain
Subdomains		 Transfer
1 xn--app-opnse-81a8f.com
xn--app-opnse-81a8f.com
382 KB
1 1
Domain Requested by
1 xn--app-opnse-81a8f.com
1 1

This site contains no links.

Subject Issuer Validity Valid
xn--app-opnse-81a8f.com
Sectigo RSA Domain Validation Secure Server CA		 2022-05-24 -
2023-05-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://xn--app-opnse-81a8f.com/metamask.html
Frame ID: 4798A3D3D0A774737FA808582899ACF5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

611 kB
Transfer

1342 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request metamask.html
xn--app-opnse-81a8f.com/ 		1024 KB
382 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xn--app-opnse-81a8f.com/metamask.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.115.150 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server210-3.web-hosting.com
Software
LiteSpeed /
Resource Hash
f93855c7df58e22b9c91e5dfb2a4efa419d7cb316ca99ef76e0a3b71a8a068cc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ranges
bytes
content-encoding
br
content-length
391234
content-type
text/html
date
Wed, 25 May 2022 10:52:55 GMT
last-modified
Wed, 06 Oct 2021 16:50:57 GMT
server
LiteSpeed
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ec6509b3ba6fdcf3e3fdf7ef2f80582e5f4fa8f39f9d94a3da00bdc865563056

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		72 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f279295f81cdfcf5bc2a01ed3ffbd6949713ba9ac40f3aec0a5075bc0ad1f5f1

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d40d3161e420b7dd64253af81204498485857f2364ff312aff19ddf457d67761

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		151 KB
151 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08b11e464af41dc1764715793aee5078e632b68606feb061b996f3ff8be7401c

Request headers

Referer
Origin
https://xn--app-opnse-81a8f.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/ 		78 KB
78 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Request headers

Referer
Origin
https://xn--app-opnse-81a8f.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| savepage_ShadowLoader

0 Cookies