restorethemetawallets.com Open in urlscan Pro
47.253.121.245 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://restorethemetawallets.com/
Submission Tags: @phish_report
Submission: On August 06 via api (August 6th 2024, 2:27:15 am UTC) from FI — Scanned from FI

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 47.253.121.245, located in United States and belongs to ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN. The main domain is restorethemetawallets.com.
TLS certificate: Issued by R10 on August 5th 2024. Valid for: 3 months.

This is the only time restorethemetawallets.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

	IP Address		AS Autonomous System
12	47.253.121.245 47.253.121.245		45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
12	1

12 47.253.121.245 (United States)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

restorethemetawallets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	restorethemetawallets.com restorethemetawallets.com	911 KB
12	1

	Domain	Requested by
12	restorethemetawallets.com	restorethemetawallets.com
12	1

This site contains no links.

Subject Issuer	Validity	Valid
restorethemetawallets.com R10	`2024-08-05` - `2024-11-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://restorethemetawallets.com/
Frame ID: A3E8C7459D7B8410280931BB2FBAC182
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MetaMask

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

911 kB
Transfer

1126 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response restorethemetawallets.com/	12 KB 2 KB	935ms 542ms	Document text/html	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PHP/8.3.10 PleskLin Resource Hash `125102b36918be98d2fd2d613717cf0d242e41657f1cb089d0973866b867406e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-encoding gzip content-length 2218 content-type text/html; charset=UTF-8 date Tue, 06 Aug 2024 02:27:10 GMT server nginx vary Accept-Encoding x-powered-by PHP/8.3.10 PleskLin
GET H2	200	3.css restorethemetawallets.com/	2 KB 407 B	143ms 141ms	Stylesheet text/css	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://restorethemetawallets.com/3.css Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `087c82b132595ac482b7386f62fd62b5e7ce7af37111ef4fb6d18919bd14676f` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT content-encoding br last-modified Wed, 19 Jun 2024 19:05:20 GMT server nginx etag W/"66732bf0-7f0" x-powered-by PleskLin content-type text/css
GET H2	200	index.css restorethemetawallets.com/	211 KB 5 KB	141ms 140ms	Stylesheet text/css	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://restorethemetawallets.com/index.css Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `b6b0d9bbf074988a245b2f482cff7be01d63d69f19eb512f1fcfd704647f1cc6` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT content-encoding br last-modified Wed, 19 Jun 2024 19:05:20 GMT server nginx etag W/"66732bf0-34b74" x-powered-by PleskLin content-type text/css
GET H2	200	12.png restorethemetawallets.com/images/	44 KB 44 KB	271ms 271ms	Image image/png	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/images/12.png Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `1fdccfeb758584ef1028688efb2910fd72ad79f4c30a229355d156146cf3163f` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Tue, 18 Jun 2024 06:29:16 GMT server nginx etag "6671293c-afc2" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 44994
GET H2	200	header-right.png restorethemetawallets.com/images/	3 KB 3 KB	141ms 141ms	Image image/png	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/images/header-right.png Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `4ea73fae71941ee8ec0d2c0235105d8a22b8fe0da6d6619b4cc3e62a5fa05f15` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Wed, 19 Jun 2024 13:18:22 GMT server nginx etag "6672da9e-aec" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 2796
GET H2	200	Screenshot%202024-06-19%20213106.png restorethemetawallets.com/images/	4 KB 4 KB	259ms 259ms	Image image/png	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/images/Screenshot%202024-06-19%20213106.png Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `c0554a363c5f2827d8ac27764cfe931b73e0bd55d2eb07fdc3e4ef7dcf6f7566` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Wed, 19 Jun 2024 13:31:06 GMT server nginx etag "6672dd9a-f5a" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 3930
GET H2	200	Google_Chrome_icon_(February_2022).svg.png restorethemetawallets.com/images/	78 KB 78 KB	387ms 385ms	Image image/png	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/images/Google_Chrome_icon_(February_2022).svg.png Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `f4187ca10d5cd7e8eda6cad437bc3607af9967775c19c06193109958dbe92ae0` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Wed, 19 Jun 2024 16:43:40 GMT server nginx etag "66730abc-1377a" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 79738
GET H2	200	Firefox_logo,_2019.png restorethemetawallets.com/images/	337 KB 338 KB	256ms 255ms	Image image/png	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/images/Firefox_logo,_2019.png Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `84b824abb9b9f5b812757b37f182d1f4cd6d603662421c9351d1c7f57fe8014c` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Wed, 19 Jun 2024 16:38:14 GMT server nginx etag "66730976-5445c" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 345180
GET H2	200	Brave_icon_lionface.png restorethemetawallets.com/images/	38 KB 39 KB	388ms 387ms	Image image/png	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/images/Brave_icon_lionface.png Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `94661a5b502c5a3b5dcc5ff2bb4647a202fa29a1bcad287fef9bb2150694f3c7` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Wed, 19 Jun 2024 16:38:40 GMT server nginx etag "66730990-9953" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 39251
GET H2	200	e.png restorethemetawallets.com/images/	141 KB 142 KB	387ms 386ms	Image image/png	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/images/e.png Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `bfed419ac8e93983548b1df41c7726d4e5551d95dbba5a11aa59d54b24acce18` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Wed, 19 Jun 2024 16:39:10 GMT server nginx etag "667309ae-23546" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 144710
GET H2	200	mm-logo.svg restorethemetawallets.com/	12 KB 12 KB	387ms 386ms	Image image/svg+xml	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Show image Full URL https://restorethemetawallets.com/mm-logo.svg Requested by Host: restorethemetawallets.com URL: https://restorethemetawallets.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:10 GMT last-modified Wed, 19 Jun 2024 18:17:34 GMT server nginx etag "667320be-2ef3" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 12019
GET H2	200	ma.ico restorethemetawallets.com/images/	244 KB 245 KB	134ms 134ms	Other image/vnd.microsoft.icon	47.253.121.245 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://restorethemetawallets.com/images/ma.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 47.253.121.245 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx / PleskLin Resource Hash `0431e2611dc1e61ba14828efba6408f2b22b9903d9c9540eb355af8e86b8ebbf` Request headers Referer https://restorethemetawallets.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:27:11 GMT last-modified Wed, 19 Jun 2024 14:55:42 GMT server nginx etag "6672f16e-3d1de" x-powered-by PleskLin content-type image/vnd.microsoft.icon accept-ranges bytes content-length 250334

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| updateFields

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

restorethemetawallets.com
47.253.121.245
0431e2611dc1e61ba14828efba6408f2b22b9903d9c9540eb355af8e86b8ebbf
087c82b132595ac482b7386f62fd62b5e7ce7af37111ef4fb6d18919bd14676f
125102b36918be98d2fd2d613717cf0d242e41657f1cb089d0973866b867406e
1fdccfeb758584ef1028688efb2910fd72ad79f4c30a229355d156146cf3163f
4ea73fae71941ee8ec0d2c0235105d8a22b8fe0da6d6619b4cc3e62a5fa05f15
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
84b824abb9b9f5b812757b37f182d1f4cd6d603662421c9351d1c7f57fe8014c
94661a5b502c5a3b5dcc5ff2bb4647a202fa29a1bcad287fef9bb2150694f3c7
b6b0d9bbf074988a245b2f482cff7be01d63d69f19eb512f1fcfd704647f1cc6
bfed419ac8e93983548b1df41c7726d4e5551d95dbba5a11aa59d54b24acce18
c0554a363c5f2827d8ac27764cfe931b73e0bd55d2eb07fdc3e4ef7dcf6f7566
f4187ca10d5cd7e8eda6cad437bc3607af9967775c19c06193109958dbe92ae0

restorethemetawallets.com Open in urlscan Pro 47.253.121.245 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

911 kBTransfer

1126 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

restorethemetawallets.com Open in urlscan Pro
47.253.121.245 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

911 kB
Transfer

1126 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!