mutobusk.top Open in urlscan Pro
2606:4700:3033::ac43:dcb4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rnetarnesk.top/
Effective URL:
https://mutobusk.top/get-started.html
Submission: On September 10 via automatic, source phishtank (September 10th 2023, 3:43:12 am UTC) — Scanned from NL

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3033::ac43:dcb4, located in United States and belongs to CLOUDFLARENET, US. The main domain is mutobusk.top.
TLS certificate: Issued by GTS CA 1P5 on September 8th 2023. Valid for: 3 months.

This is the only time mutobusk.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

	IP Address	AS Autonomous System
12	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3033::ac43:dcb4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2

12 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

rnetarnesk.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bestvvallet.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3033::ac43:dcb4 (United States)

ASN13335 (CLOUDFLARENET, US)

mutobusk.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	rnetarnesk.top rnetarnesk.top	120 KB
4	mutobusk.top mutobusk.top	143 KB
1	bestvvallet.top bestvvallet.top	903 B
16	3

	Domain	Requested by
11	rnetarnesk.top	rnetarnesk.top
4	mutobusk.top	bestvvallet.top mutobusk.top
1	bestvvallet.top	rnetarnesk.top
16	3

This site contains no links.

Subject Issuer	Validity	Valid
rnetarnesk.top GTS CA 1P5	`2023-09-07` - `2023-12-06`	3 months	crt.sh
*.bestvvallet.top E1	`2023-09-07` - `2023-12-06`	3 months	crt.sh
mutobusk.top GTS CA 1P5	`2023-09-08` - `2023-12-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mutobusk.top/get-started.html
Frame ID: 8A37019E46CDD0B5E03B90F7DCC63BB8
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MetaMask

Page URL History Show full URLs

https://rnetarnesk.top/ Page URL
https://mutobusk.top/get-started.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

264 kB
Transfer

2072 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rnetarnesk.top/ Page URL
https://mutobusk.top/get-started.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response rnetarnesk.top/	33 KB 5 KB	220ms 154ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fbb1f29bae6c770deb3b2c6a14d1094a5a5a999660ac15bdf9478a20ed75d2e7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8044aa32ac849b31-FRA content-encoding br content-type text/html date Sun, 10 Sep 2023 03:43:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ILHnQr1Zf5BfES9rzXLlXQ284dtSKUSGo181GI4Pm%2FVTJe%2FasS0HvFSEbSWrZ5picCuIZ4xtrn74utZ7TbJ3hOw770KrJFtRNiloRMR3m76s%2BddjZuZiYrLlW6Z0Voef5lxLjClwlJHpZy0qQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	jquery.js Show response rnetarnesk.top/	110 KB 35 KB	36ms 30ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/jquery.js Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ffeadf6c5ba407670a8d98c59936837a26a7d7da1f9f154b6945c2b33c7e15c6` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status HIT last-modified Thu, 07 Sep 2023 16:05:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 76515 etag W/"64f9f4b3-1b64a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIoAdHY98Fl6qK%2BRq0AWnpEVlySh0pgGM4YfZoG%2B2P9nNjfAQLQ5HSTPEBi2nG4r7%2FaAEAh%2BDSyQFHQB3AiiUN0ZapaFQdOx1vUFctWpYeSY9PLmHhHRY%2BjniEhQHBjmF2fViCmQ%2Fn0tz5I9JA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8044aa33acfe9b31-FRA alt-svc h3=":443"; ma=86400 expires Sun, 10 Sep 2023 06:27:51 GMT
GET H2	200	jquery-ui.min.js Show response rnetarnesk.top/	43 KB 15 KB	30ms 29ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/jquery-ui.min.js Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `18647fa8c0e4181db376543226c9f1f2cf5ba4e437209cd61c3ec85a3cf4f90c` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status HIT last-modified Thu, 07 Sep 2023 16:05:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 76514 etag W/"64f9f4b3-acb2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FGCcCW%2BmCXPagkmRtzpWVCdwF7H7SYmZVo3fZrRPw15LurvXfZCtYluuoP1luXQdYWosCx6UnlCYb23XhvRgSrL2Vy8pefd2tFG8OvrI%2Bql6KMabmZ9PgQ7WRbgSjJv6HhO5svd3F%2BD%2BaVsCzQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8044aa33ad029b31-FRA alt-svc h3=":443"; ma=86400 expires Sun, 10 Sep 2023 06:27:52 GMT
GET H2	200	bootstrap.min.js Show response rnetarnesk.top/	31 KB 9 KB	29ms 27ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/bootstrap.min.js Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status HIT last-modified Thu, 07 Sep 2023 16:05:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 76514 etag W/"64f9f4b1-7c4b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RKyWbMgizDelN%2BQ0A%2FcVUe7cO8nb93%2FtxETbpQzzFY5xxpZgF%2FFRMKhRIuwYx9SI5xNUvDoj5PJiYl6MV9c0lleSRTnLrbc6kSv80cOsOGcyJQ8ou3iUOJa0JOZkQBseqrIyeg5IPXUsk0LCQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8044aa33ad039b31-FRA alt-svc h3=":443"; ma=86400 expires Sun, 10 Sep 2023 06:27:52 GMT
GET H2	200	Customjs.js Show response rnetarnesk.top/	7 KB 2 KB	157ms 156ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/Customjs.js Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8fa1b78917a5cea0f77cce276530d2eb2d50e2ba7df4c73bd8ad025e6df45ad3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 07 Sep 2023 16:05:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64f9f4b1-1bf9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xhrX4a7SNLRBNK5rCYPkXkC8hv%2BQKk1VHkLged5KoIhuvNfPZPxaARc%2FzA1dwi0FJ3Qi7%2B7B4I%2BHYFSIKliLskTokzixkgGj6ue4BSYu%2FnrdLS2ibDPtQvL233WT3BCp1BITRfWuYIvJPI2WGg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8044aa33ad049b31-FRA alt-svc h3=":443"; ma=86400 expires Mon, 11 Sep 2023 03:43:06 GMT
GET H2	200	contactform.js Show response rnetarnesk.top/	4 KB 2 KB	150ms 149ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/contactform.js Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3bf94291f4d10e8bf15883a7c83c5b20207771c115516c9caf66c66605eec1ee` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 07 Sep 2023 16:05:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64f9f4b1-11ed" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2FEr63HL8tCVoJyo9H5bYGC7jHZCYQCycAVs4HpZP%2FZdXJEwEj3QtP0aaYZEevZdfSsMt5z5aeWkqkWj9we1TW6Gqsf3V3%2Bw5LUPsFV8s%2FG%2BhasZCtVKksrD9hXIvE8z5TDqcG7pKzuA3piChg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8044aa33ad059b31-FRA alt-svc h3=":443"; ma=86400 expires Mon, 11 Sep 2023 03:43:06 GMT
GET H2	200	bootstrap.css rnetarnesk.top/	173 KB 25 KB	33ms 32ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/bootstrap.css Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a26beb5c308530957cf3a8f3893943fabac0a5b51e9785a323a21e9200400403` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status HIT last-modified Thu, 07 Sep 2023 16:05:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 76513 etag W/"64f9f4b1-2b41f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GgKTP6ipcsnAO9fmQqWWQplzP%2B8TCUL8dy8YdnIojmD3gvMBGNrtOcPPDthfVPllpJ7%2FaFhB33x8ABqWImpePXF5Uk%2FDNvAv9aY8Apek57q%2FOtQcqYnpiZcBc%2Fa2Xf3oMcNa6SRYLwesV1mfFw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 8044aa33acff9b31-FRA alt-svc h3=":443"; ma=86400 expires Sun, 10 Sep 2023 06:27:53 GMT
GET H2	200	style.css rnetarnesk.top/	245 KB 16 KB	52ms 51ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/style.css Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b93ce6b7a06a114a38d0f24ec89748c2e93970a7e3a43e882a36e120ca58890b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status HIT last-modified Thu, 07 Sep 2023 16:05:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 9302 etag W/"64f9f4b4-3d21e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sPfLQjxLZKtAeBDMwl9g%2BmNchq7js0NbPprcUL7dLcJtjf7xcp0Uz7N3wSXSwdgDGQ0rxSdWTs6V0RFCX8Faf75g5RXdApCKiPFLoCCLSnbFviTJJ17zafWFa5qr8Z3M7S0xAEmzPHJF5FDj5A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 8044aa33ad019b31-FRA alt-svc h3=":443"; ma=86400 expires Mon, 11 Sep 2023 01:08:04 GMT
GET H2	200	totop.js Show response rnetarnesk.top/	498 B 545 B	149ms 148ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rnetarnesk.top/totop.js Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `911b52087516147f346b40f25610cccb360cc890470ee4d6582d878388527e67` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT content-encoding br cf-cache-status MISS last-modified Thu, 07 Sep 2023 16:05:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64f9f4b4-1f2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a3%2B76wejbfz2I%2BoFX9LikhwuXqlGruYczXIlIr2bJMNWYflYY8orbII61TuzEMDiHW6iEDUCW1GRNWqTWUEzzAz9Auf7GGl7QeTZoRzHLZJ1m6d9KsBU%2BXevxlGABxZizV8pFuDzwfnWAKVORg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8044aa33ad069b31-FRA alt-svc h3=":443"; ma=86400 expires Mon, 11 Sep 2023 03:43:06 GMT
GET H3	200	gototop0.png rnetarnesk.top/images/	2 KB 2 KB	28ms 28ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rnetarnesk.top/images/gototop0.png Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e19c5592773eda5099741d887a74686002ebcd7294dda6487211d312726b1e5e` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:06 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 27440 alt-svc h3=":443"; ma=86400 content-length 1738 last-modified Thu, 07 Sep 2023 16:05:11 GMT server cloudflare etag "64f9f4b7-6ca" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OODXJHAJJ4ObS4sMKCMdr8Q677Z4Ov%2F07iAshxXS%2Bbdk2e6pTZtVSA3iYYB3sD%2FQ5jh5CBUrOO6JBbMDYAdgJ%2B2Za1Ov%2F10ttEqmTMiDFYXmei0ajHWPBP5zllGCQOpNyeavPSGlswnX1iEcLg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=86400 accept-ranges bytes cf-ray 8044aa34af289113-FRA expires Sun, 10 Sep 2023 20:05:46 GMT
GET H3	200	menulogo.png rnetarnesk.top/	9 KB 9 KB	174ms 174ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rnetarnesk.top/menulogo.png Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `17f24b8df5b6e9afab48385cb37c7162be4dbebfa839a62fcfa4b3624af31c18` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rnetarnesk.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:07 GMT cf-cache-status REVALIDATED last-modified Thu, 07 Sep 2023 16:05:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64f9f4b3-2267" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9D%2Fko60lllVh%2BkTS%2BJ%2BGGgl%2Bcz47jmCv5%2F%2FJ%2FwRC3MR1b%2ByJPXx36FuZ%2BfpHcsDKZWi2qytfJLJOjFXCMOK83itxrLTFV9oQ3AAy2%2BuvXDUnFXzbqXSCv6JHpoyI54FeNQY%2FGFtqrIkXSVBSqg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=86400 accept-ranges bytes cf-ray 8044aa34bf2e9113-FRA alt-svc h3=":443"; ma=86400 content-length 8807 expires Mon, 11 Sep 2023 03:43:07 GMT
GET H2	200	CvqbPbyb bestvvallet.top/	402 B 903 B	252ms 92ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bestvvallet.top/CvqbPbyb?&se_referrer=&default_keyword=Blog%20news%20in%20world&&frm=script Requested by Host: rnetarnesk.top URL: https://rnetarnesk.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://rnetarnesk.top/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers pragma no-cache date Sun, 10 Sep 2023 03:43:07 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IcKLzMjSd%2Bkl9EkYUDiS6UAcufDr0jK6qcT%2Bg6QjY0z%2Fi%2Bph2LxF%2Fc0p1%2B6QXX3hYQ3PVVlshH2J4vGYh3gl2fPRugKIp2%2Bn%2Bew6G3Q4p2f0SYKx8HLNh0wCpHQ6ceY9BL%2F95gu56YVJ4cjTJvQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cf-ray 8044aa35be381981-FRA alt-svc h3=":443"; ma=86400 expires 0
GET H2	200	Primary Request get-started.html Show response mutobusk.top/	21 KB 3 KB	469ms 161ms	Document text/html	2606:4700:3033::ac43:dcb4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mutobusk.top/get-started.html Requested by Host: bestvvallet.top URL: https://bestvvallet.top/CvqbPbyb?&se_referrer=&default_keyword=Blog%20news%20in%20world&&frm=script Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:dcb4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0f2aaa809006a8fa70575f9b35ecc694ea59a01714d568f3571eb74fe3aa8039` Request headers Referer https://rnetarnesk.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8044aa3848183614-FRA content-encoding br content-type text/html date Sun, 10 Sep 2023 03:43:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75b%2FvOQAHDRpZuF78My8rAwLwgKJuQwLaejToZyG5f8KzX6%2FMMDIdFWTWvK47UjZBFTkPtcMNRvW6jJfoy3y%2F2IYEujOyCE5vivI8X4E09MAyXZmlxdpSgFOstVg5%2BFEHEifPxPh8fkEHDk%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	index.css mutobusk.top/core/	653 KB 62 KB	32ms 32ms	Stylesheet text/css	2606:4700:3033::ac43:dcb4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mutobusk.top/core/index.css Requested by Host: mutobusk.top URL: https://mutobusk.top/get-started.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:dcb4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f8f2fa6acc872cf3c8d2a941917bea5d6bc305c5483c2448121e2a6096f682b2` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mutobusk.top/get-started.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:07 GMT content-encoding br cf-cache-status HIT last-modified Mon, 10 Jul 2023 12:33:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 45168 etag W/"64abfa8e-a3374" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lKRYmk321a4K4prIBKt3%2FDDZfFf3%2F3%2FVCIq%2FrKSrK4GC9aJmqkvdSGc9Gh0eQa4jwQEDIqGM1hF%2FZ3q6WbOwKIzur7UGGct92gbkc5OMwaKrZw8MmlvMYTaStenTsjjy3nmg5Fpca1mDlds%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 8044aa3948a83614-FRA alt-svc h3=":443"; ma=86400 expires Sun, 10 Sep 2023 15:10:19 GMT
GET H2	200	index-rtl.css mutobusk.top/core/	653 KB 62 KB	34ms 34ms	Stylesheet text/css	2606:4700:3033::ac43:dcb4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mutobusk.top/core/index-rtl.css Requested by Host: mutobusk.top URL: https://mutobusk.top/get-started.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:dcb4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `41f00deb714276cc13a040620fec2e5aac7c16abbcb00852f0066affa16f406d` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mutobusk.top/get-started.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:07 GMT content-encoding br cf-cache-status HIT last-modified Mon, 10 Jul 2023 12:33:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 45167 etag W/"64abfa8c-a3284" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r7V3hsuDF0Q3VKhOrfvo0IxTcbBABik7FmGU71Na%2Bk7VAecXHu9gz7rqb3MaLkC8WJFnWI9gZScV7HtmQ1algE7q4URTvqJ87rU%2F70t96UZktyW0TOQI39FP2y6vgLGlYXcwcBrrOPYdn%2Bc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 8044aa3948aa3614-FRA alt-svc h3=":443"; ma=86400 expires Sun, 10 Sep 2023 15:10:19 GMT
GET H3	200	EuclidCircularB-Regular-WebXL.ttf.html mutobusk.top/fonts/Euclid/	88 KB 16 KB	189ms 189ms	Font text/html	2606:4700:3033::ac43:dcb4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mutobusk.top/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf.html Requested by Host: mutobusk.top URL: https://mutobusk.top/core/index.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:dcb4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1802f0d9669c9649245e6d1a2b83d2f4835e5e0bcc275a873e14c0e077b84b77` Request headers Referer https://mutobusk.top/core/index.css Origin https://mutobusk.top accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Sun, 10 Sep 2023 03:43:07 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pXsvXg0iznDOJz7noyhvxLWGFn6FgfbPgp6FJjaizs8lpr2aLx%2F7noFzlT8h0gbIvuKNOM62uK0PKI0GosDC0Wi9JdNYLy8eF2%2FsJyED3omAjd1CynLy0Gcmitnpf5zhpVu2gQzn4%2Fa2Qw%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 8044aa39dc51367f-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://rnetarnesk.top/(Line 39) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://bestvvallet.top/CvqbPbyb?&se_referrer=&default_keyword=Blog%20news%20in%20world&&frm=script, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rnetarnesk.top/(Line 39) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://bestvvallet.top/CvqbPbyb?&se_referrer=&default_keyword=Blog%20news%20in%20world&&frm=script, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://mutobusk.top/get-started.html Message: Failed to decode downloaded font: https://mutobusk.top/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf.html
other	warning	URL: https://mutobusk.top/get-started.html Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://mutobusk.top/get-started.html Message: Failed to decode downloaded font: https://mutobusk.top/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf.html
other	warning	URL: https://mutobusk.top/get-started.html Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://mutobusk.top/get-started.html Message: Failed to decode downloaded font: https://mutobusk.top/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf.html
other	warning	URL: https://mutobusk.top/get-started.html Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://mutobusk.top/get-started.html Message: Failed to decode downloaded font: https://mutobusk.top/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf.html
other	warning	URL: https://mutobusk.top/get-started.html Message: OTS parsing error: invalid sfntVersion: 1008813135

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bestvvallet.top
mutobusk.top
rnetarnesk.top
2606:4700:3033::ac43:dcb4
2a06:98c1:3121::3
0f2aaa809006a8fa70575f9b35ecc694ea59a01714d568f3571eb74fe3aa8039
17f24b8df5b6e9afab48385cb37c7162be4dbebfa839a62fcfa4b3624af31c18
1802f0d9669c9649245e6d1a2b83d2f4835e5e0bcc275a873e14c0e077b84b77
18647fa8c0e4181db376543226c9f1f2cf5ba4e437209cd61c3ec85a3cf4f90c
24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f
3bf94291f4d10e8bf15883a7c83c5b20207771c115516c9caf66c66605eec1ee
41f00deb714276cc13a040620fec2e5aac7c16abbcb00852f0066affa16f406d
8fa1b78917a5cea0f77cce276530d2eb2d50e2ba7df4c73bd8ad025e6df45ad3
911b52087516147f346b40f25610cccb360cc890470ee4d6582d878388527e67
a26beb5c308530957cf3a8f3893943fabac0a5b51e9785a323a21e9200400403
b93ce6b7a06a114a38d0f24ec89748c2e93970a7e3a43e882a36e120ca58890b
e19c5592773eda5099741d887a74686002ebcd7294dda6487211d312726b1e5e
f8f2fa6acc872cf3c8d2a941917bea5d6bc305c5483c2448121e2a6096f682b2
fbb1f29bae6c770deb3b2c6a14d1094a5a5a999660ac15bdf9478a20ed75d2e7
ffeadf6c5ba407670a8d98c59936837a26a7d7da1f9f154b6945c2b33c7e15c6

mutobusk.top Open in urlscan Pro 2606:4700:3033::ac43:dcb4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

264 kBTransfer

2072 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

10 Console Messages

Indicators

mutobusk.top Open in urlscan Pro
2606:4700:3033::ac43:dcb4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

264 kB
Transfer

2072 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!