web-metamesklogin.uteach.io
Open in
urlscan Pro
34.236.72.19
Malicious Activity!
Public Scan
Effective URL: https://web-metamesklogin.uteach.io/overdue
Submission: On March 26 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 5th 2024. Valid for: 3 months.
This is the only time web-metamesklogin.uteach.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 34.236.72.19 34.236.72.19 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 162.19.58.156 162.19.58.156 | 16276 (OVH) (OVH) | |
9 | 2600:9000:235... 2600:9000:2359:2400:7:2f2:c100:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
16 | 4 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-72-19.compute-1.amazonaws.com
web-metamesklogin.uteach.io |
ASN16509 (AMAZON-02, US)
d35v9chtr4gec.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
cloudfront.net
d35v9chtr4gec.cloudfront.net |
323 KB |
6 |
uteach.io
1 redirects
web-metamesklogin.uteach.io |
72 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 112 |
1002 B |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 10549 |
186 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
9 | d35v9chtr4gec.cloudfront.net |
web-metamesklogin.uteach.io
|
6 | web-metamesklogin.uteach.io |
1 redirects
web-metamesklogin.uteach.io
|
1 | fonts.googleapis.com |
web-metamesklogin.uteach.io
|
1 | i.ibb.co |
web-metamesklogin.uteach.io
|
16 | 4 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
uteach.io R3 |
2024-02-05 - 2024-05-05 |
3 months | crt.sh |
ibb.co R3 |
2024-02-07 - 2024-05-07 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-26 - 2024-05-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://web-metamesklogin.uteach.io/overdue
Frame ID: E1CD7685C135FA2E96691A8F584B5A8F
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://web-metamesklogin.uteach.io/
HTTP 307
https://web-metamesklogin.uteach.io/ HTTP 302
https://web-metamesklogin.uteach.io/overdue Page URL
Detected technologies
Slick (JavaScript Libraries) ExpandDetected patterns
- (?:/([\d.]+))?/slick(?:\.min)?\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://web-metamesklogin.uteach.io/
HTTP 307
https://web-metamesklogin.uteach.io/ HTTP 302
https://web-metamesklogin.uteach.io/overdue Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
overdue
web-metamesklogin.uteach.io/ Redirect Chain
|
17 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
web-metamesklogin.uteach.io/css/templates/v2/basic/ |
301 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-login-1.jpg
i.ibb.co/JBy1vG0/ |
186 KB 186 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uteach.svg
d35v9chtr4gec.cloudfront.net/uteach/assets/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overdue-bg.jpg
d35v9chtr4gec.cloudfront.net/uteach/assets/ |
207 KB 207 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eye.svg
d35v9chtr4gec.cloudfront.net/uteach/assets/ |
864 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
invisible.svg
d35v9chtr4gec.cloudfront.net/uteach/assets/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
web-metamesklogin.uteach.io/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tenant-site.js
d35v9chtr4gec.cloudfront.net/s3-assets/475/js/ |
268 KB 84 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slick.js
web-metamesklogin.uteach.io/js/ |
42 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tenant-global.js
web-metamesklogin.uteach.io/js/ |
842 B 514 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 1002 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poppins-v20-latin-500.woff2
d35v9chtr4gec.cloudfront.net/fonts/tenants/ |
8 KB 8 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poppins-v20-latin-700.woff2
d35v9chtr4gec.cloudfront.net/fonts/tenants/ |
8 KB 8 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poppins-v20-latin-regular.woff2
d35v9chtr4gec.cloudfront.net/fonts/tenants/ |
8 KB 8 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-logi.png
d35v9chtr4gec.cloudfront.net/henrysmith-eyrmgg/settings/nZUydugM9dAhJ8xJL805-1709697104/ |
3 KB 3 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onpagereveal function| _ object| toastr function| Popper function| jQuery function| $ function| axios function| getCookie function| setCookie function| addTranslationMessages function| trans function| onLoginRegisterSuccess function| onLoginRegisterError function| reCaptchaV3OnOpen function| recaptchaV2Render function| getRecaptchaToken3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
web-metamesklogin.uteach.io/ | Name: XSRF-TOKEN Value: eyJpdiI6IlozSEIwUHhaTjk0RVNKTjVEa1VhM1E9PSIsInZhbHVlIjoiZHkwd1ExUUo5ODRFc3ZJNytQWFQ0SzZNWXdjc0RPZ0JVSHZBTXV5QW5TekI4Y2p0M2JmZFR6QVFKeFgzV1BIT1ZkdFVmcG5xb1lwUDN5ampPQmZ0R0ZMMm8zRWZvd0c5aDk2dWxmc1RNdFFYWnUrTytQakcvaHR5QmdHY1ZLcmgiLCJtYWMiOiJjMGM0YzliOWQwMzQ3NjI3ZmU2MWQ2MzI5YTM5YTBhZmI3NjMyOTRhZGE2ZjU0MTNhZWQwYjIwODAzZTgzZDQ3IiwidGFnIjoiIn0%3D |
|
web-metamesklogin.uteach.io/ | Name: uteach_session Value: eyJpdiI6InY4b2tDN0JkS2ZtK2hyVVhsYk1xQVE9PSIsInZhbHVlIjoiRkNUK1hsMmhWOWFxdnJYUFMvNkpPMjF3bmVGbVpXSzIrYi9JQTdDSFo3VmdwOHF5NzVMTDJlZUEwVEZZb3NISExkNG9kdUNBRU9KMUVSaGwxY014QmEyOEZsN080a0ZiRDcvZ1laRFQySWk2aldsTXJMeE1PeHZyckRjWDZoQWwiLCJtYWMiOiI5YTIyMDE0ZDczODU1Mzc0NzgyNDNkYjI4MjJlZTE1MmE4MTYxNjBiMDlkZTYwM2E5YTVkNjM0MDFiYzIyZGExIiwidGFnIjoiIn0%3D |
|
web-metamesklogin.uteach.io/ | Name: timezone Value: Europe/Berlin |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' http://webvisor.com https://webvisor.com metrika.yandex.ru |
Strict-Transport-Security | max-age=15724800; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d35v9chtr4gec.cloudfront.net
fonts.googleapis.com
i.ibb.co
web-metamesklogin.uteach.io
162.19.58.156
2600:9000:2359:2400:7:2f2:c100:21
2a00:1450:4001:827::200a
34.236.72.19
006dc872ecd36e5c73c9478dba111867d47fa802b9867655f1e20c1559fa2827
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0f817af4c1a6cd30996820a0279a19a4e7f41d1c20a8640f73b25bdb2c79d331
4390b55ee38defe0310cef3f53cf3a10f04b07b36fc823feb83b103c12de8240
630c9f0f2218979da16a20f8dea53e4f8248ac02d5b83585467ac37ecbc14c40
75af3881dc346e551833205007a57aded7888ac3a8adb8dbf593bf2a3af43cfa
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
b1dc865607368ab18df0cf40e8da27e234ceed9b159a12eadc4d611077162d19
ba17a60ebf64319aa2bdd0b1ffc40965fea97997eb581f6baf769cf98db7d71b
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d8d622af7c58a31a2672b8661a1634e58cc38eac1677ccc44632203dd7dcab94
d962150bc1da66ec38371484a32bb1cd862dc3083905cfdd3b1b18ba044a4e97
f1714f6d588210e5e05f7e26e5d9c37f10241bf9b009b271737f283418ad1d05
f20d8930983ae11138706f7670513f226311f26094438bf9ece9f1b2bb2f79bb
f76754bdc2c4cfd21f339337e3a167501797f7ca10ce7b954fcf63c5699e1bda