![](/screenshots/bd78a4bb-39e1-4cd2-86bd-ae2c37608473.png)
www.trustwallet.reward-erc20-token.com
Open in
urlscan Pro
45.58.124.2
Malicious Activity!
Public Scan
Submission: On October 19 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by trustwallet.reward-erc20-token.com on October 19th 2020. Valid for: a year.
This is the only time www.trustwallet.reward-erc20-token.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Trustwallet (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 45.58.124.2 45.58.124.2 | 23470 (RELIABLESITE) (RELIABLESITE) | |
1 | 52.85.32.79 52.85.32.79 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2600:9000:207... 2600:9000:2070:a00:19:9934:6a80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2600:9000:209... 2600:9000:2093:400:11:f728:3040:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 4 |
ASN23470 (RELIABLESITE, US)
www.trustwallet.reward-erc20-token.com |
ASN16509 (AMAZON-02, US)
PTR: server-52-85-32-79.ham50.r.cloudfront.net
cdn.branch.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
branch.io
cdn.branch.io api2.branch.io |
26 KB |
5 |
reward-erc20-token.com
www.trustwallet.reward-erc20-token.com |
175 KB |
1 |
app.link
app.link |
754 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
5 | www.trustwallet.reward-erc20-token.com |
www.trustwallet.reward-erc20-token.com
|
4 | api2.branch.io |
cdn.branch.io
|
1 | app.link |
cdn.branch.io
|
1 | cdn.branch.io |
www.trustwallet.reward-erc20-token.com
|
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
trustwallet.reward-erc20-token.com trustwallet.reward-erc20-token.com |
2020-10-19 - 2021-10-19 |
a year | crt.sh |
*.branch.io DigiCert SHA2 Secure Server CA |
2018-12-05 - 2020-12-08 |
2 years | crt.sh |
appipv4.link Amazon |
2020-07-22 - 2021-08-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.trustwallet.reward-erc20-token.com/
Frame ID: 41EA64E17D2BBA968CA30C38462ACF97
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.trustwallet.reward-erc20-token.com/ |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
branch-latest.min.js
cdn.branch.io/ |
78 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-31fd216b9f9dacb25e0124a294b08368.css
www.trustwallet.reward-erc20-token.com/assets/css/ |
39 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_r
app.link/ |
90 B 754 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trust_logotype.svg
www.trustwallet.reward-erc20-token.com/assets/images/ |
14 KB 14 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Regular.woff2
www.trustwallet.reward-erc20-token.com/assets/fonts/IBMPlexSans/ |
55 KB 55 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Medium.woff2
www.trustwallet.reward-erc20-token.com/assets/fonts/IBMPlexSans/ |
58 KB 59 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
open
api2.branch.io/v1/ |
318 B 606 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
url
api2.branch.io/v1/ |
51 B 320 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
deepview
api2.branch.io/v1/ |
1 KB 931 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
pageview
api2.branch.io/v1/ |
29 B 360 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Trustwallet (Crypto)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| sendSMS object| linkData object| branch function| unescapeHtml function| validateProtocol function| validate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api2.branch.io
app.link
cdn.branch.io
www.trustwallet.reward-erc20-token.com
2600:9000:2070:a00:19:9934:6a80:93a1
2600:9000:2093:400:11:f728:3040:93a1
45.58.124.2
52.85.32.79
34234286ecc40f22cd3398f87532985ff304fca6a94674627f4066d942a2df3e
4e0b2c1c2d2876f996c0080a8cc908579b9c51afdb2a0387b1f5d8fc1b014509
61ea304b4cef90b7cbdeb0ca437f90128bd4e52323e19a86e7ea6a50d568d1c8
880a547225c6b901caf46243406f9db062bdf00763c3351021c9279bce36bf3d
97b21fc10c467f566efd9d7b0d9f016b0b2a6a7e1700f99238ba60791fe976dc
a61c089861e3cd5bb3a48cf80da84cbe10bd65b5ef6a9276fa43f4e8599876cf
c149d246b1842b89c15449e2fd2bc90f20e8f0f626898b7089f655766ecdb73f
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
d8fe16b1f2763ad93c28c3037847f214bf5fe8356be44bb1b114c9129dfac57f
dd6cd52bf15d2f5bf7519cd3d876ae2d37306e77d1a95a63e867e6c95ab9c49e
ebe4038621f5758bfca78e18a2636c9ef8025ede19d033771c16be817f4bf13c