urlscan.io logo urlscan.io
SecurityTrails logo

matamisddeklogin.webflow.io Open in urlscan Pro
2606:4700:4400::ac40:9708  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://matamisddeklogin.webflow.io/
Submission: On October 31 via manual from SG — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2606:4700:4400::ac40:9708, located in United States and belongs to CLOUDFLARENET, US. The main domain is matamisddeklogin.webflow.io.
TLS certificate: Issued by WE1 on October 13th 2024. Valid for: 3 months.
This is the only time matamisddeklogin.webflow.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:440... 13335 (CLOUDFLAR...)
4 104.18.160.117 13335 (CLOUDFLAR...)
1 13.35.212.110 16509 (AMAZON-02)
6 3
Apex Domain
Subdomains		 Transfer
4 website-files.com
cdn.prod.website-files.com — Cisco Umbrella Rank: 6168
150 KB
1 cloudfront.net
d3e54v103j8qbb.cloudfront.net
31 KB
1 webflow.io
matamisddeklogin.webflow.io
4 KB
6 3
Domain Requested by
4 cdn.prod.website-files.com matamisddeklogin.webflow.io
1 d3e54v103j8qbb.cloudfront.net matamisddeklogin.webflow.io
1 matamisddeklogin.webflow.io
6 3

This site contains links to these domains. Also see Links.

Domain
posectsinsive.com
Subject Issuer Validity Valid
webflow.io
WE1		 2024-10-13 -
2025-01-11		 3 months crt.sh
prod.website-files.com
WE1		 2024-10-21 -
2025-01-19		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://matamisddeklogin.webflow.io/
Frame ID: 7ABCB02808A297CB13C827990E0E0059
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MetaMask Login- Finest Crypto Security Anywhere Anytime

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

184 kB
Transfer

307 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
matamisddeklogin.webflow.io/ 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://matamisddeklogin.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9708 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95ce3bd75b9589ec2c6ac9209ef04cfa4504f9a86f2f88b2f2f5a580b036133b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
HIT
cf-ray
8db4a9ee5d13ce33-SIN
content-encoding
gzip
content-security-policy
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com
content-type
text/html
date
Thu, 31 Oct 2024 15:26:30 GMT
last-modified
Thu, 31 Oct 2024 02:43:26 GMT
server
cloudflare
surrogate-control
max-age=2147483647
surrogate-key
matamisddeklogin.webflow.io 65265c40f0ce6e85b6dd930c pageId:65265c40f0ce6e85b6dd930f
vary
Accept-Encoding
x-lambda-id
794f223d-fc3b-4ac4-aa40-ce1b5d21bb37
matamisddeklogin.webflow.0186c994e.css
cdn.prod.website-files.com/65265c40f0ce6e85b6dd930c/css/ 		36 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/65265c40f0ce6e85b6dd930c/css/matamisddeklogin.webflow.0186c994e.css
Requested by
Host: matamisddeklogin.webflow.io
URL: https://matamisddeklogin.webflow.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e519021a1432d3b0ed318cf31b5cdb0b423cae00065f7666c65019418f53b554

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://matamisddeklogin.webflow.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"0688bbe68441291f401c2b9c404465da"
x-amz-version-id
tHho7MRdTP7lbvFyIfFJZapZam7giteq
age
1382
alt-svc
h3=":443"; ma=86400
date
Thu, 31 Oct 2024 15:26:30 GMT
content-type
text/css
last-modified
Wed, 11 Oct 2023 08:29:05 GMT
vary
Accept-Encoding
x-amz-id-2
S5z61nyButHDFpJOP6s4k/qXTofYobsbF40x6Ry387CC9huKFhE7zIA6gnwOtY7yneZIOW00+HbN3juMpsk/fx75DX+R/bPZ2CjLNn8+4jg=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
WFP2HGD23T5H6KK8
cf-ray
8db4a9ef3bacdd39-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
8319
server
cloudflare
x-amz-server-side-encryption
AES256
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=65265c40f0ce6e85b6dd930c
Requested by
Host: matamisddeklogin.webflow.io
URL: https://matamisddeklogin.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.212.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-212-110.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://matamisddeklogin.webflow.io
Referer
https://matamisddeklogin.webflow.io/

Response headers

access-control-max-age
3000
content-encoding
gzip
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age
62186
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
lNsLpSUasuS60szerw0hXLiHwCyS7RzwYy1Z6GkvnIjl_U9tpvwQsw==
date
Wed, 30 Oct 2024 22:10:05 GMT
content-type
application/javascript
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
vary
Accept-Encoding
cache-control
max-age=84600, must-revalidate
via
1.1 c93bfd4f62a8ed5468af1245c68ba454.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
SIN2-P7
server
AmazonS3
webflow.eda963208.js
cdn.prod.website-files.com/65265c40f0ce6e85b6dd930c/js/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/65265c40f0ce6e85b6dd930c/js/webflow.eda963208.js
Requested by
Host: matamisddeklogin.webflow.io
URL: https://matamisddeklogin.webflow.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa63edee755f0e874db86f757b2a9de7739130b8c4395a78f81fb77b7c2f232c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://matamisddeklogin.webflow.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"7e1f15df7c4f0ce83f9865a12656e413"
x-amz-version-id
fAv1CD6bIdlYor1Hiqkn87JM.kKyBKWv
alt-svc
h3=":443"; ma=86400
date
Thu, 31 Oct 2024 15:26:30 GMT
content-type
text/javascript
last-modified
Wed, 11 Oct 2023 08:29:05 GMT
vary
Accept-Encoding
x-amz-id-2
3fD2edmwVaw6QpIR96xH06mMqfm5TlutLFyuOorgoxUbq3SEC+mlV7+K4LnOtJw+A76gtKlya3g=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
WFP6VG273M7PRGBA
cf-ray
8db4a9ef3bb1dd39-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
13695
server
cloudflare
x-amz-server-side-encryption
AES256
65265c7e80a71efa52bd491b_metamsask.png
cdn.prod.website-files.com/65265c40f0ce6e85b6dd930c/ 		124 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.website-files.com/65265c40f0ce6e85b6dd930c/65265c7e80a71efa52bd491b_metamsask.png
Requested by
Host: matamisddeklogin.webflow.io
URL: https://matamisddeklogin.webflow.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef31f2e00e81b209e268b3aad47cd1b513ed7380b7b501c0838bb24c7f41c291

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://matamisddeklogin.webflow.io/

Response headers

cf-cache-status
HIT
etag
"50360e36d50b96c843d915665de2b2c0"
x-amz-version-id
2d0IEc4rTc_lx1yodiAX0BEfgUn_skUN
alt-svc
h3=":443"; ma=86400
date
Thu, 31 Oct 2024 15:26:30 GMT
content-type
image/png
last-modified
Wed, 11 Oct 2023 08:27:45 GMT
vary
Accept-Encoding
x-amz-id-2
C6quDUMJKcl8ufGtm9FxQczHtOQIgqE5/aALpbpL9NrtM/IxrP5EMC4tNuOrWTFBxwh58h7IRkA=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
HMVX3GG4YM4AB2RX
cf-ray
8db4a9efee00dd39-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
127451
server
cloudflare
x-amz-server-side-encryption
AES256
favicon.ico
cdn.prod.website-files.com/img/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/img/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4239819d399860eb27d8a73417f9bd108d45d11676f68b5edaae328ec197d55e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://matamisddeklogin.webflow.io/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1f894f487d068a2ced95d5cd4f88598c"
x-amz-version-id
C5TuT6ObkzP1GjuEGkIHJatwDHqj5J6N
age
1578
alt-svc
h3=":443"; ma=86400
date
Thu, 31 Oct 2024 15:26:30 GMT
content-type
image/x-icon
last-modified
Thu, 05 Oct 2023 23:38:20 GMT
vary
Accept-Encoding
x-amz-id-2
zIOrUazbNHX0XTIt214HFJLPaJY5zxSD1k9HgsWLsLP5tDt8Juwi9uz0bwiq4JLtMUWp6n1mg7U=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
WFP59E0WR9SKSH58
cf-ray
8db4a9f00e92dd39-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| tram object| Webflow

1 Cookies

Domain/Path Name / Value
.prod.website-files.com/ Name: __cf_bm
Value: P4Fzv2TUaIxh1cgaUbIglPkiOUQnUSdwzrOAttkL9rw-1730388390-1.0.1.1-9JP78UIHLCvQLgzQNBtEwco6hA.eIW7fCnGHKI7lM8aMM2E1750H0ZKYkIVetMpwfsubYynL9gI1HZDpnGBYfw

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com