www.avalanche.usermainnet.site
Open in
urlscan Pro
103.129.220.10
Malicious Activity!
Public Scan
Submission: On October 13 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 13th 2022. Valid for: 3 months.
This is the only time www.avalanche.usermainnet.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 103.129.220.10 103.129.220.10 | 138062 (IDNIC-PAA...) (IDNIC-PAAS-AS-ID PT. Awan Kilat Semesta) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 51.210.3.236 51.210.3.236 | 16276 (OVH) (OVH) | |
1 | 2606:4700::68... 2606:4700::6812:1023 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:62:... 2a04:4e42:62::159 | 54113 (FASTLY) (FASTLY) | |
1 | 2600:9000:205... 2600:9000:2057:c200:12:9e5f:cac0:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 7 |
ASN138062 (IDNIC-PAAS-AS-ID PT. Awan Kilat Semesta, ID)
PTR: iix91.cloudhost.id
www.avalanche.usermainnet.site |
ASN16509 (AMAZON-02, US)
assets-global.website-files.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
usermainnet.site
www.avalanche.usermainnet.site |
298 KB |
1 |
website-files.com
assets-global.website-files.com — Cisco Umbrella Rank: 12119 |
3 MB |
1 |
twimg.com
pbs.twimg.com — Cisco Umbrella Rank: 699 |
5 KB |
1 |
avax.network
wallet.avax.network |
9 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 13074 |
37 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 720 |
11 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306 |
30 KB |
20 | 7 |
Domain | Requested by | |
---|---|---|
14 | www.avalanche.usermainnet.site |
www.avalanche.usermainnet.site
|
1 | assets-global.website-files.com |
www.avalanche.usermainnet.site
|
1 | pbs.twimg.com |
www.avalanche.usermainnet.site
|
1 | wallet.avax.network |
www.avalanche.usermainnet.site
|
1 | i.ibb.co |
www.avalanche.usermainnet.site
|
1 | maxcdn.bootstrapcdn.com |
www.avalanche.usermainnet.site
|
1 | ajax.googleapis.com |
www.avalanche.usermainnet.site
|
20 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
metamask.io |
medium.com |
coinmarketcap.com |
www.coingecko.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
avalanche.usermainnet.site R3 |
2022-10-13 - 2023-01-11 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-12 - 2022-12-05 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
ibb.co R3 |
2022-10-09 - 2023-01-07 |
3 months | crt.sh |
wallet.avax.network Cloudflare Inc ECC CA-3 |
2022-06-21 - 2023-06-21 |
a year | crt.sh |
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-21 - 2023-08-21 |
a year | crt.sh |
*.website-files.com Amazon |
2022-10-12 - 2023-11-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.avalanche.usermainnet.site/
Frame ID: 03B50D63D8005A108380ACE1CB27D885
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Avalanche: Blazingly Fast, Low Cost, & Eco-Friendly | Dapps PlatformDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Ant Design (JavaScript Frameworks) Expand
Detected patterns
- <[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: MetaMask Support
Search URL Search Domain Scan URL
Title: Medium
Search URL Search Domain Scan URL
Title: Coinmarketcap
Search URL Search Domain Scan URL
Title: Coingecko
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.avalanche.usermainnet.site/ |
16 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pages.css
www.avalanche.usermainnet.site/css/ |
1 MB 69 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
www.avalanche.usermainnet.site/css/ |
26 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apps6.css
www.avalanche.usermainnet.site/css/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3004.png
i.ibb.co/Y31RQ2L/ |
37 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-logo-horizontal.svg
www.avalanche.usermainnet.site/img/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-fox.svg
www.avalanche.usermainnet.site/img/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jalogo.png
www.avalanche.usermainnet.site/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wallet_logo.9ff22941.png
wallet.avax.network/img/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ENWlpa1UcAANrSS.png
pbs.twimg.com/media/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secondaryavax.png
www.avalanche.usermainnet.site/img/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask.png
www.avalanche.usermainnet.site/img/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trustsvg.svg
www.avalanche.usermainnet.site/img/ |
831 B 1004 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tezos.png
www.avalanche.usermainnet.site/img/ |
113 KB 114 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
coinbase.png
www.avalanche.usermainnet.site/img/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apps.js
www.avalanche.usermainnet.site/css/ |
448 B 330 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Red_256.png
www.avalanche.usermainnet.site/img/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
621fc0ec971cc2fc6c98c787_Asset%207%402x.png
assets-global.website-files.com/6059b554e81c705f9dd2dd32/ |
3 MB 3 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| modal object| btn object| span1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.avax.network/ | Name: __cf_bm Value: KY5UX5cKzwTElBkHfEfrG0JaRsc77e6AzUmrTBasZ_s-1665688702-0-AQbCOoC9XWACQwXx6r9kVsCscvy9HcZoaAnNrZoiLV0dkdehBXyN9sDGV+1xgC76NZM8/Gv7+ETSKhRsYUbEsZM= |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
assets-global.website-files.com
i.ibb.co
maxcdn.bootstrapcdn.com
pbs.twimg.com
wallet.avax.network
www.avalanche.usermainnet.site
103.129.220.10
2600:9000:2057:c200:12:9e5f:cac0:93a1
2606:4700::6812:1023
2606:4700::6812:acf
2a00:1450:4001:830::200a
2a04:4e42:62::159
51.210.3.236
0d7d93559274548a6f1aaf9d805ec1fe1a089a07262ed1986a8054b9a84e5142
100b6607c3db2440a5beed64e3868a0282ba28a51cfa7f644802787d1917266b
11fef5459e64fd648dbb9eef998c9a3aa0183185653323a8855fd4335f8de624
16b1e82f5d688a203e6934153f696d4236a23848af6d4bbeb41256fd71b6e7ee
1b8d482213ffd44b24bc579d3cc33c8dcfa7936f4e946f15ef4fa6ed566264a5
233de6ea8ca0ce3a0cfd4194ad887c59926e515cf32865561f36244e04bafa57
46405f385f838d88a2292af2d5e8539e542b2878eb56f87e8994701cb5cb5948
4a39069d9323b06fb3d69ed5d45b80e7b5d8afea6567f91a92a11ff68cd98373
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
634a2b895743a9a27ee94dfec344b45369c53d16a7e17411a159426ac6750448
66ba05e36fd316cef2f36febceca3213a07208927a5e91b7f7127faae8d6b9d3
6d0bb062ab4de0bf13762234534289b50ae38e0c8fb9982779cd552e833cdfd5
6e279834d2c77ed371888666bcfdea32a25d3c97ebf1e85254693ca82b7dbff2
6ed27e120d63d653d02a3794e71baca9a9a7db70a2030143cf8db332e55ca284
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9b990de9aa8b641f5dca4ac4480fdafaa9e7e9340fd0d04abfb8d6d1beac89af
a2779239ae69999a04e2e98ee5be8a282a21b41b7b4c6ce00c881ecc82fcaa50
b855851451c3eb7220bc7331d6cf7f19dad4580ebc35610211f028848ba7fc34
e4a7f2a0cd9563a7ead10f9e6dbcbb4903d2c3d779d4f836464b060e25b20b7a
f52b69ffa3e3a4978095f9d67f5ab9d20cfee040e1f3f5d583e7a516b6928d71