trurtwallt.site Open in urlscan Pro
2606:4700:3036::6815:e2d Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://trurtwallt.site/
Effective URL:
https://trurtwallt.site/en-us/?desktop==&ip=2a0c:f040:0:4356:1011:bc6e:eb28:1bad&key=AKcynSdVVMYqoLtYeohoycGMfCZmivluywq...
Submission Tags: tweet @ecarlesi #phishing #trustwallet #nc tweet Search All
Submission: On December 29 via api (December 29th 2022, 4:47:37 am UTC) from FI — Scanned from FI

Summary HTTP 1 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 2606:4700:3036::6815:e2d, located in United States and belongs to CLOUDFLARENET, US. The main domain is trurtwallt.site.
TLS certificate: Issued by E1 on December 28th 2022. Valid for: 3 months.

This is the only time trurtwallt.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Trustwallet (Crypto)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3035::ac43:9dbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	2606:4700:303... 2606:4700:3036::6815:e2d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2

1 2606:4700:3035::ac43:9dbc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trurtwallt.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3036::6815:e2d (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

trurtwallt.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	trurtwallt.site 3 redirects trurtwallt.site	1019 KB
1	1

	Domain	Requested by
4	trurtwallt.site	3 redirects
1	1

This site contains no links.

Subject Issuer	Validity	Valid
*.trurtwallt.site E1	`2022-12-28` - `2023-03-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://trurtwallt.site/en-us/?desktop==&ip=2a0c:f040:0:4356:1011:bc6e:eb28:1bad&key=AKcynSdVVMYqoLtYeohoycGMfCZmivluywqYTxhkkvDIKTGIPZEkouOiyZSz
Frame ID: 4C4F3F62C5CEFB1CD0D38E7E125C7FD6
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Best Cryptocurrency Wallet | Ethereum Wallet | ERC20 Wallet | Trust Wallet

Page URL History Show full URLs

http://trurtwallt.site/ HTTP 301
https://trurtwallt.site/ HTTP 302
https://trurtwallt.site/detect.php HTTP 302
https://trurtwallt.site/en-us/?desktop==&ip=2a0c:f040:0:4356:1011:bc6e:eb28:1bad&key=AKcynSdVVMYqoLt... Page URL

Page Statistics

1
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1185 kB
Transfer

2576 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://trurtwallt.site/ HTTP 301
https://trurtwallt.site/ HTTP 302
https://trurtwallt.site/detect.php HTTP 302
https://trurtwallt.site/en-us/?desktop==&ip=2a0c:f040:0:4356:1011:bc6e:eb28:1bad&key=AKcynSdVVMYqoLtYeohoycGMfCZmivluywqYTxhkkvDIKTGIPZEkouOiyZSz Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
12 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response trurtwallt.site/en-us/ Redirect Chain http://trurtwallt.site/ https://trurtwallt.site/ https://trurtwallt.site/detect.php https://trurtwallt.site/en-us/?desktop==&ip=2a0c:f040:0:4356:1011:bc6e:eb28:1bad&key=AKcynSdVVMYqoLtYeohoycGMfCZmivluywqYTxhkkvDIKTGIPZEkouOiyZSz	2 MB 1017 KB	250ms 250ms	Document text/html	2606:4700:3036::6815:e2d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trurtwallt.site/en-us/?desktop==&ip=2a0c:f040:0:4356:1011:bc6e:eb28:1bad&key=AKcynSdVVMYqoLtYeohoycGMfCZmivluywqYTxhkkvDIKTGIPZEkouOiyZSz Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:e2d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5da360c00980b6d992a2450c4bdcf49124874f472f8334c3085b82a7b0540111` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 780fe5e44d10fe50-HEL content-encoding br content-type text/html date Thu, 29 Dec 2022 04:47:30 GMT last-modified Wed, 28 Dec 2022 13:14:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0OndqZSvIHh5rA2EvMhgFWlcgaJwxxxYl16vtuEEAQVEPoRgeGJdEgpIp4wag4HaHGdQvev0ITHb7aom7WuBAAxHIgvBFzNG%2B8ULPgEVuCw4ZUAi04eQRJnhbhSLF7l0vZl7NCl4oFe%2FfZwnJjU%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 780fe5e36c910b5f-AMS content-type text/html; charset=UTF-8 date Thu, 29 Dec 2022 04:47:29 GMT location en-us/?desktop==&ip=2a0c:f040:0:4356:1011:bc6e:eb28:1bad&key=AKcynSdVVMYqoLtYeohoycGMfCZmivluywqYTxhkkvDIKTGIPZEkouOiyZSz nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ee%2F3IWKD%2BMFXDrD2U4Ja8bokW3YhTvH56pvR1ANtETTmouVwYm1r1fhpxrg1lqyTcYzLRJXPjL0qRRnLFr%2B922FiboeucDxbMRBP7XzfCVlPLxMnwIxvDO1sUc3MdBv1pUNK%2FBT1sntjmy0%2Fhp8%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.33
GET DATA	200 OK	truncated /	14 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `61ea304b4cef90b7cbdeb0ca437f90128bd4e52323e19a86e7ea6a50d568d1c8` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d875556135e6cd96c417240f22d3744feede77b33fa93287c553193fed04233e` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	107 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2332a7a1574d4e28a80825c4285a67f2e1f7d2dd2c6abc92685c7dffee1b1859` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	58 KB 58 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a61c089861e3cd5bb3a48cf80da84cbe10bd65b5ef6a9276fa43f4e8599876cf` Request headers Referer Origin https://trurtwallt.site accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type application/octet-stream
GET DATA	200 OK	truncated /	55 KB 55 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8899b62d74d06f482f132b600d49c9a51cf13a3d830ac35d158f8cce65079c20` Request headers Referer Origin https://trurtwallt.site accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type application/octet-stream
GET DATA	200 OK	truncated /	55 KB 55 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dd6cd52bf15d2f5bf7519cd3d876ae2d37306e77d1a95a63e867e6c95ab9c49e` Request headers Referer Origin https://trurtwallt.site accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type application/octet-stream
GET DATA	200 OK	truncated /	88 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9e22a088e0e411a08e2e2b74910c43d476e941d7764209516eb8bfb389fd03c0` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	257 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0eb4b343b36aa2ef18a0ccb84c6b4e6acdbd42565740f356216548523777879f` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	118 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7b8b4431ed3a299c588a70db66d7cebaef7505654fbc61c3d8965aef2fbb7a48` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	193 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d942117b26d79ba2e5d54eeddf86fc18b72b51a6d6fc4b1287f562435a5f6901` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	33 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5574c46f1e46350ec96f921183c25371dc909cb958c4871033325a5f3eb76ec5` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	132 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3a18e531a002bdcdf4404dc127ca1aceab6b87fd834f383a95091352bbbe3f08` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Trustwallet (Crypto)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			trurtwallt.site/	1969-12-31 23:59:59	Name: PHPSESSID Value: vo3o93ilndj15haccon888vlhb

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

trurtwallt.site
2606:4700:3035::ac43:9dbc
2606:4700:3036::6815:e2d
0eb4b343b36aa2ef18a0ccb84c6b4e6acdbd42565740f356216548523777879f
2332a7a1574d4e28a80825c4285a67f2e1f7d2dd2c6abc92685c7dffee1b1859
3a18e531a002bdcdf4404dc127ca1aceab6b87fd834f383a95091352bbbe3f08
5574c46f1e46350ec96f921183c25371dc909cb958c4871033325a5f3eb76ec5
5da360c00980b6d992a2450c4bdcf49124874f472f8334c3085b82a7b0540111
61ea304b4cef90b7cbdeb0ca437f90128bd4e52323e19a86e7ea6a50d568d1c8
7b8b4431ed3a299c588a70db66d7cebaef7505654fbc61c3d8965aef2fbb7a48
8899b62d74d06f482f132b600d49c9a51cf13a3d830ac35d158f8cce65079c20
9e22a088e0e411a08e2e2b74910c43d476e941d7764209516eb8bfb389fd03c0
a61c089861e3cd5bb3a48cf80da84cbe10bd65b5ef6a9276fa43f4e8599876cf
d875556135e6cd96c417240f22d3744feede77b33fa93287c553193fed04233e
d942117b26d79ba2e5d54eeddf86fc18b72b51a6d6fc4b1287f562435a5f6901
dd6cd52bf15d2f5bf7519cd3d876ae2d37306e77d1a95a63e867e6c95ab9c49e

trurtwallt.site Open in urlscan Pro 2606:4700:3036::6815:e2d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1185 kBTransfer

2576 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

trurtwallt.site Open in urlscan Pro
2606:4700:3036::6815:e2d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1185 kB
Transfer

2576 kB
Size

1
Cookies

1 HTTP transactions
12 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!