support-walletrestoration.pages.dev Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://support-walletrestoration.pages.dev/restore
Submission: On July 24 via api (July 24th 2024, 10:30:56 am UTC) from US — Scanned from NL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is support-walletrestoration.pages.dev.
TLS certificate: Issued by E1 on June 1st 2024. Valid for: 3 months.

This is the only time support-walletrestoration.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

	IP Address	AS Autonomous System
5	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	18.66.112.105 18.66.112.105	16509 (AMAZON-02) (AMAZON-02)
1	108.156.61.211 108.156.61.211	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21c... 2600:9000:21c7:1400:0:3ec8:d500:93a1	16509 (AMAZON-02) (AMAZON-02)
13	5

5 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

support-walletrestoration.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.66.112.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-105.fra56.r.cloudfront.net

uploads-ssl.webflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.156.61.211 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-61-211.ams1.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21c7:1400:0:3ec8:d500:93a1 (United States)

ASN16509 (AMAZON-02, US)

d1otoma47x30pg.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	webflow.com uploads-ssl.webflow.com — Cisco Umbrella Rank: 25822	18 KB
5	pages.dev support-walletrestoration.pages.dev	74 KB
2	cloudfront.net d3e54v103j8qbb.cloudfront.net d1otoma47x30pg.cloudfront.net	6 KB
13	3

	Domain	Requested by
6	uploads-ssl.webflow.com	support-walletrestoration.pages.dev uploads-ssl.webflow.com
5	support-walletrestoration.pages.dev	support-walletrestoration.pages.dev
1	d1otoma47x30pg.cloudfront.net
1	d3e54v103j8qbb.cloudfront.net
13	4

This site contains no links.

Subject Issuer	Validity	Valid
support-walletrestoration.pages.dev E1	`2024-06-01` - `2024-08-30`	3 months	crt.sh
uploads-ssl.webflow.com Amazon RSA 2048 M02	`2024-06-28` - `2025-07-26`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://support-walletrestoration.pages.dev/restore
Frame ID: 05D2282EF5CC8D23B2D79B1C8A5EBCB5
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Protected page | Connect to server

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

100 kB
Transfer

366 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request restore Show response
support-walletrestoration.pages.dev/ 8 KB
2 KB 427ms
183ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://support-walletrestoration.pages.dev/restore

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ed66522d7a8f6477a713c879c28d0fed3b63c1178f46312fd2d45e81a6015f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a833caa2d7f0a4b-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 24 Jul 2024 10:30:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hySAWues788QzfNnSF5Ce7kn3Hla8cKmKUOenaUT1v3ycmIS9nVpKPtv3QWIvF5gtFnNhYvA6l0QIT6x9ayFWRmF6kfwlv7wJgYUMaWpEEyEBfer8U%2FMagZtKLuMvc463ZzPtwfZmLtCvSQQT3WPuaeB9fvtig%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 styles.css
support-walletrestoration.pages.dev/ 284 B
668 B 43ms
41ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://support-walletrestoration.pages.dev/styles.css

Requested by

Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9038ee26082bdf30ec9e6cd1936a3f32ace1fbc0b1c8753615c145dc7e2f90d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://support-walletrestoration.pages.dev/restore
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 10:30:49 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ff1349fe45e03565e7aabc5a54503c3f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lc5%2BMXiolKjEC%2FuaAyyZLnQXSabWtzdT86nXT6foQwrM1mVTL%2B9Kd3PX9kDNbhDbA4uOoqEi7RvHCJj6o0oH8GwSGNZ65u9LzYt63JY6jG2AxhU8LPkonyym%2BKQcRCeatG7TLOaYSfXx6ZvaaZ%2Bt%2FofuziqS0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a833cae6a030a4b-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 app-restorer.webflow.dcd86dd48.css
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/css/ 47 KB
10 KB 161ms
29ms Stylesheet
text/css 18.66.112.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/css/app-restorer.webflow.dcd86dd48.css
Requested by: Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-105.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0bd420ca79f86dfd2b5440866a3a950b68129cf6210b7b3df6ca24135ff8dcf8

Request headers

Referer: https://support-walletrestoration.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 13:03:55 GMT
content-encoding: gzip
via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
x-amz-version-id: uE4Mq_C5u4FMQNEF0IlAAe8ONYxUJtD5
age: 77215
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 10002
last-modified: Tue, 03 Oct 2023 11:43:09 GMT
server: AmazonS3
etag: "e7a76dd1d844a7a2e4bc8c3d6b8f0b3a"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: emEEMMIvMfT0lsoNsA6iPBMnZeHkWPW5a7E58MM6V9sw4xS2g01E2g==

GET
H3 200 jquery.min.js Show response
support-walletrestoration.pages.dev/ 169 KB
42 KB 57ms
57ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://support-walletrestoration.pages.dev/jquery.min.js

Requested by

Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1651f174ab56691298ad3a9a91fc20e070e3f181125d283668f5e6adaef210fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://support-walletrestoration.pages.dev/restore
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 10:30:49 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"b86f2290612a5c82c9b8f0f68990668d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ExEFFYBaWw1f9ez6D3Ug7vBC6gfz%2BHRvVGQqh8qheO1vhTl7l2hRARxVqQVHbRWObi8znfjfX7qJtisDSE7v7blIERiVr%2Bh07fEDxiP78QFzJiFME9cpZ%2BNrij4Rtz2KG0zjfIKWHkQRM8MuPMTzM1T85oDFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a833cae6a050a4b-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 webflow.js Show response
support-walletrestoration.pages.dev/ 111 KB
27 KB 44ms
43ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://support-walletrestoration.pages.dev/webflow.js

Requested by

Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6d5461935b4f760429e7e8dc7c010259b5a622994838b4b3a23df0f06299bdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://support-walletrestoration.pages.dev/restore
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 10:30:49 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d28ae1207b61fe1448e80e3911dd517d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JmFKnV5cHqm5O1x7le%2FaKD5jAdXf9J76JU1%2BWKmBNz7SkT%2FEhN5zJOHbzTjVzSwecUwe1p5L%2BZIdqIMyuB9otu%2F89E%2B%2F6iyHMig9K100Yssb4Zue5t0oZf9Weaw0UNfTqoBPP%2FeNtXXrxP%2BrmruvjKTIraLwHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a833cae6a060a4b-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 62434fa732124a29b112aac4_ic%20Arrow%20Go.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ 331 B
790 B 30ms
28ms Image
image/svg+xml 18.66.112.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/62434fa732124a0fb112aab4/62434fa732124a29b112aac4_ic%20Arrow%20Go.svg
Requested by: Host: uploads-ssl.webflow.com
URL: https://uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/css/app-restorer.webflow.dcd86dd48.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-105.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3ae2b0d058074ccc525277727677a22d1cad20a0b26a7598edbcd281e4c90c8

Request headers

Referer: https://uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/css/app-restorer.webflow.dcd86dd48.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 21:56:57 GMT
x-amz-version-id: GeuYt6XA_JU44iAKjx4LB7AWtnwsLNLr
via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
age: 18707633
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 331
last-modified: Tue, 29 Mar 2022 18:27:52 GMT
server: AmazonS3
etag: "c834b1a860d16d36dd051dc72107a559"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: dHvGOHQOvIIDzJ_kv9o-bwGZhJustn1B04L3RWq2aJspAXNpsfq32g==

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/x-font-ttf

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a50821b46158c264ae8c3bac28c40e317f9ab2b7c5c45b00c7574c7724665c4

Request headers

Referer
Origin: https://support-walletrestoration.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-ttf;charset=utf-8

GET
H2 200 651befcfb7970eb8776dfe9e_logo.svg
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/ 12 KB
4 KB 185ms
71ms Image
image/svg+xml 18.66.112.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/651befcfb7970eb8776dfe9e_logo.svg
Requested by: Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-105.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Request headers

Referer: https://support-walletrestoration.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 19 Jun 2024 01:39:23 GMT
x-amz-version-id: W.J8Hsod6sC9Rzbdm7q4QhLSY1woCA98
content-encoding: br
via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
age: 3055887
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 03 Oct 2023 10:41:21 GMT
server: AmazonS3
etag: W/"51bcea2625eb2c6e9268a7377a792c86"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: NYdtdXFzARb_JVLWJfUoPHc3aUzVWBRH2O7HXBQAGNoom08FHikebg==

GET
H2 200 62434fa732124ac76f12aaec_product%20icon-2.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ 897 B
1 KB 182ms
71ms Image
image/svg+xml 18.66.112.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/62434fa732124a0fb112aab4/62434fa732124ac76f12aaec_product%20icon-2.svg
Requested by: Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-105.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3c650e448f5d80f982c63996c9d45c42da25af8e1c7ab54c507ef836015de369

Request headers

Referer: https://support-walletrestoration.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 12:47:43 GMT
x-amz-version-id: pmGgtytMKk_b.G5ofNn8bE27T2k1BdiK
via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
age: 17358187
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 897
last-modified: Tue, 29 Mar 2022 18:27:52 GMT
server: AmazonS3
etag: "f15ee6eb63ec87f8ddc2b1b83ba7420c"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: P2BQdzadPov1YkaRE7A_ObbPYZBfSDLZ9LBhN0D7So09sBxIaUnWZw==

GET
H2 200 62434fa732124a4a9512aae0_product%20icon-1.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ 565 B
1 KB 182ms
71ms Image
image/svg+xml 18.66.112.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/62434fa732124a0fb112aab4/62434fa732124a4a9512aae0_product%20icon-1.svg
Requested by: Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-105.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c53ac798882e89a73e52275f50279d3b36955dd4bdbe44cd6bcd1accbc651878

Request headers

Referer: https://support-walletrestoration.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 00:36:19 GMT
x-amz-version-id: asZRP5DF3BzuFSGTbYHAjyDKW65.k64h
via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
age: 25696471
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 565
last-modified: Tue, 29 Mar 2022 18:27:52 GMT
server: AmazonS3
etag: "41e390081fabf760cd45f0b3df471104"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: W0buSS0eQK5vBRWbhyUUFP0GcZAv23NKBnjKuRp8v3XbX7Hljx3fYA==

GET
H2 200 62434fa732124a853712aad7_product%20icon.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ 2 KB
1 KB 179ms
72ms Image
image/svg+xml 18.66.112.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/62434fa732124a0fb112aab4/62434fa732124a853712aad7_product%20icon.svg
Requested by: Host: support-walletrestoration.pages.dev
URL: https://support-walletrestoration.pages.dev/restore
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-105.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d603b41230141c47ea03da6a6c129b70e805417776efe8d2f8ce01732072eb0

Request headers

Referer: https://support-walletrestoration.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 18:04:07 GMT
x-amz-version-id: AwvlH3mw8AmGpxPY8lQn0Zn03lS2atUN
content-encoding: br
via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
age: 25288003
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Mar 2022 18:27:52 GMT
server: AmazonS3
etag: W/"e2d237407bd80f434392745bbbc16023"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: TS0cCvqRh7WJSs4YVAt4OoJc2Oems_-IfApdABI5nnDRrCIR-uBELg==

GET
H2 200 webflow-badge-icon.f67cd735e3.svg
d3e54v103j8qbb.cloudfront.net/img/ 754 B
1 KB 586ms
58ms Image
image/svg+xml 108.156.61.211
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3e54v103j8qbb.cloudfront.net/img/webflow-badge-icon.f67cd735e3.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.61.211 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-61-211.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6eea680992702ce5c637cac0f53526854766fe2bd710d998535d7cdada236ea8

Request headers

Referer: https://support-walletrestoration.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 14:40:39 GMT
via: 1.1 2d8216898001f8ce3fde38c8796d2fa6.cloudfront.net (CloudFront)
age: 71411
x-amz-cf-pop: AMS1-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 754
last-modified: Thu, 05 Oct 2023 18:14:51 GMT
server: AmazonS3
etag: "170ca9cdf8ca5789f23e395671b34510"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: NAE0b5axAVUejTzZeIU7yelTuHrDDcfc9ilfCj_A3cGZNDv-50mT7w==

GET
H2 200 webflow-badge-text.6faa6a38cd.svg
d1otoma47x30pg.cloudfront.net/img/ 10 KB
5 KB 623ms
31ms Image
image/svg+xml 2600:9000:21c7:1400:0:3ec8:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1otoma47x30pg.cloudfront.net/img/webflow-badge-text.6faa6a38cd.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21c7:1400:0:3ec8:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 21f41a9c7f0c905f45b5188178a33663fb134cd4ba6ea6ac30bdf47e1ab28f09

Request headers

Referer: https://support-walletrestoration.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: KT_UF1eUTsEnnNcDOhY89.FgfnmSfWJf
content-encoding: gzip
via: 1.1 c149c6b8a4d6f497cac6f2d9e9e6be40.cloudfront.net (CloudFront)
date: Tue, 23 Jul 2024 15:48:10 GMT
age: 67366
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 05 Oct 2023 18:14:55 GMT
server: AmazonS3
etag: W/"b85cbfc40992d61b945dca92cdf7c0ba"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
x-amz-cf-id: Qz_uHzggtekSUZSAnh7faGx4k2oOmr70mdG_avPOeWy_9XHE9eyG8w==

GET
H3 200 favicon-32x32.png
support-walletrestoration.pages.dev/ 2 KB
2 KB 146ms
126ms Other
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://support-walletrestoration.pages.dev/favicon-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f095dda6bad933d0da404460be572ea44d12191e6c8fdc9e6a28dc742661f9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://support-walletrestoration.pages.dev/restore
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 10:30:49 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "10a9e100cb42a1bbad1b38e7c23e03ec"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npOxf5oGsF3l1lYWStfSmWM1q9Sua9uTZ%2BD7Ntk97j9NFUeMIuZJgPJ41M17p72%2Bc2TceWWlauyDmD%2BWQS7wzOlnCk79epF0f0E7y2%2BtvT0%2Fu7hWS5xmm50UsRnS9uYIWB7k5Md89Membpt%2B53F%2BdxKbnZ%2F3DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a833cb0ec7e0a4b-AMS
alt-svc: h3=":443"; ma=86400
content-length: 1536

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| tram object| Webflow

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d1otoma47x30pg.cloudfront.net
d3e54v103j8qbb.cloudfront.net
support-walletrestoration.pages.dev
uploads-ssl.webflow.com
108.156.61.211
18.66.112.105
188.114.97.3
2600:9000:21c7:1400:0:3ec8:d500:93a1
0bd420ca79f86dfd2b5440866a3a950b68129cf6210b7b3df6ca24135ff8dcf8
0f095dda6bad933d0da404460be572ea44d12191e6c8fdc9e6a28dc742661f9e
1651f174ab56691298ad3a9a91fc20e070e3f181125d283668f5e6adaef210fb
21f41a9c7f0c905f45b5188178a33663fb134cd4ba6ea6ac30bdf47e1ab28f09
3c650e448f5d80f982c63996c9d45c42da25af8e1c7ab54c507ef836015de369
3ed66522d7a8f6477a713c879c28d0fed3b63c1178f46312fd2d45e81a6015f9
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
6d603b41230141c47ea03da6a6c129b70e805417776efe8d2f8ce01732072eb0
6eea680992702ce5c637cac0f53526854766fe2bd710d998535d7cdada236ea8
9038ee26082bdf30ec9e6cd1936a3f32ace1fbc0b1c8753615c145dc7e2f90d2
9a50821b46158c264ae8c3bac28c40e317f9ab2b7c5c45b00c7574c7724665c4
c53ac798882e89a73e52275f50279d3b36955dd4bdbe44cd6bcd1accbc651878
c6d5461935b4f760429e7e8dc7c010259b5a622994838b4b3a23df0f06299bdd
e3ae2b0d058074ccc525277727677a22d1cad20a0b26a7598edbcd281e4c90c8

support-walletrestoration.pages.dev Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

5 IPs

2 Countries

100 kBTransfer

366 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

support-walletrestoration.pages.dev Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

100 kB
Transfer

366 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!