![](/screenshots/daf86ae3-5f2f-448d-9e7f-5a09dd3cc627.png)
alcontadores.mx
Open in
urlscan Pro
65.99.252.128
Malicious Activity!
Public Scan
Effective URL: https://alcontadores.mx/Metamassk/metta/MetaMask/app/
Submission: On December 15 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on October 18th 2023. Valid for: 3 months.
This is the only time alcontadores.mx was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 44.207.55.129 44.207.55.129 | 14618 (AMAZON-AES) (AMAZON-AES) | |
18 | 65.99.252.128 65.99.252.128 | 17378 (AS17378) (AS17378) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:816::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.237.62.212 104.237.62.212 | 18450 (WEBNX) (WEBNX) | |
1 | 2606:4700:20:... 2606:4700:20::681a:82c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
22 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-207-55-129.compute-1.amazonaws.com
www.rb.gy |
ASN17378 (AS17378, US)
PTR: svgs171.serverneubox.com.mx
alcontadores.mx |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
alcontadores.mx
alcontadores.mx |
288 KB |
1 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 45319 |
263 B |
1 |
ipapi.co
ipapi.co — Cisco Umbrella Rank: 15570 |
909 B |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2843 |
222 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 340 |
31 KB |
1 |
rb.gy
1 redirects
www.rb.gy |
268 B |
22 | 6 |
Domain | Requested by | |
---|---|---|
18 | alcontadores.mx |
alcontadores.mx
|
1 | api.telegram.org |
alcontadores.mx
|
1 | ipapi.co |
alcontadores.mx
|
1 | api.ipify.org |
alcontadores.mx
|
1 | ajax.googleapis.com |
alcontadores.mx
|
1 | www.rb.gy | 1 redirects |
22 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
alcontadores.mx R3 |
2023-10-18 - 2024-01-16 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2023-02-07 - 2024-02-18 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-16 - 2024-04-15 |
a year | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-03-26 - 2024-04-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://alcontadores.mx/Metamassk/metta/MetaMask/app/
Frame ID: CAD5AD210A520784A2507A506D02B1CC
Requests: 22 HTTP requests in this frame
Screenshot
![](/screenshots/daf86ae3-5f2f-448d-9e7f-5a09dd3cc627.png)
Page Title
MetaMaskPage URL History Show full URLs
-
http://www.rb.gy/t9m0b5/
HTTP 301
https://alcontadores.mx/Metamassk/metta/MetaMask/app/ Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.rb.gy/t9m0b5/
HTTP 301
https://alcontadores.mx/Metamassk/metta/MetaMask/app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
alcontadores.mx/Metamassk/metta/MetaMask/app/ Redirect Chain
|
13 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
82 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wordlist.js
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-fox.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow-down.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
237 B 307 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
copy.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
348 B 383 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
more-vertical.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
497 B 532 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eth_logo.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
919 B 954 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
diagram.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
484 B 519 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow-right.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
264 B 299 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recive.svg
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
993 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
settings.js
alcontadores.mx/Metamassk/metta/MetaMask/ |
129 B 203 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.main.js
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
22 B 222 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ipapi.co/json/ |
776 B 909 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.png
alcontadores.mx/Metamassk/metta/MetaMask/app/MetaMask_fichiers/ |
115 KB 115 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EuclidCircularB-Regular-WebXL.ttf
alcontadores.mx/Metamassk/metta/MetaMask/app/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sendMessage
api.telegram.org/bot6003419806:AAEEQJ2WI6cUDj8jGTQVYdpn98qELpD_pco/ |
56 B 263 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery string| telegram_bot_id string| chat_id number| _9966 string| _7099 object| _7541 number| _2713 string| _9610 string| _5731 object| _2233 object| _9210 function| _3496 string| _2675 string| _6163 function| _1426 string| _3361 function| _8807 number| _11 undefined| F1 undefined| F2 undefined| F3 undefined| F4 undefined| F5 undefined| F6 undefined| F7 undefined| F8 undefined| F9 undefined| F10 undefined| F11 undefined| F12 function| ready function| sendtelegram string| telegram_bot_ids number| chat_ids string| telegram_bot_iiids number| chat_iiids number| _3976 string| _9875 object| _9286 number| _5209 string| _1750 string| _6797 object| _9718 object| _5047 function| _3377 string| _7746 string| _3410 function| _1041 function| _6348 function| _0xd431 function| _0x5298bc function| _0x91a70 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
alcontadores.mx
api.ipify.org
api.telegram.org
ipapi.co
www.rb.gy
104.237.62.212
2001:67c:4e8:f004::9
2606:4700:20::681a:82c
2607:f8b0:4006:816::200a
44.207.55.129
65.99.252.128
0266be648c35fc4787752abda921c49dda0dbab7ca5645daf32d869e416f9300
115d5ad774f38ca49e06be632929e1d2f36dbb7c4ac875e7375fb42322de1022
11ae8d74c3da527bb66ff1822847b97d4a165e3b82e1a1408ec196b93ffabaac
30f3f3b376e1b2f21d04e79bacb8bfc970a17d787b9e5b05d5cc5f285a4e79f3
3213dcf52247c90f252a9adc644a128d58caf6e0a6e19186ed7da5ff34772900
5799c35105be07d1faff594cd3c7cbf13ddc0d7e9b0e99a7fcb76ac207cbb420
592d24544f32f46667cc962881544e7f505e203e4913a9393d37b1c724ab5659
5cd740de2fa35767446eab37428c28eadeb35a105948e3e2cfcb8a4d01296200
75f9c7a8b62b23b9d0519807c98f3805fcce274ea73dc85e9b6058633bbe5dd1
85fd6a1e873a1df34560bf7b37a9027e77a2a122d7e5d38f83f9f0f7c9069186
8b9e67a9204c49cadfdbab5977d2fc4e4fa205d0964d3af57542f4b29aaf091a
a0a1e0f24b392c6da875c10977d169497a47f669b7e671e62330e125a56721fb
abe57183266b029cd4ce1930f075bfd65390348a7c3d2a869af4ee0abf0941ca
b057d1f92f0f374b21b187eab453a1efbe3fe013c7967746d0fa9fcdc7fae0bd
b855851451c3eb7220bc7331d6cf7f19dad4580ebc35610211f028848ba7fc34
b9120cfb78e7b6c6a6703376f9ce4657cc477e303be23db671344c0e020e26ab
cc6d9ae6b4db475cf459c8ea034cea4337b744db440df36ca4f0ee93f1c04ff2
cfe967e9a2dba0ca7f01c8856bfb7011e14d7082535d16a9d10d6cc765f254b0
d17ffd37a4535ecee634848d22204de8e7f5ed39a462a077bd6506bf7c1fa8f6
e997a913e528255e99ac10b1159d69768ae82abd30c651ad1bfbf51c2b4665c1
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d