support-walletrestoration.pages.dev
Open in
urlscan Pro
2606:4700:310c::ac42:2f75
Malicious Activity!
Public Scan
URL:
https://support-walletrestoration.pages.dev/
Submission: On April 05 via api from US — Scanned from US
Submission: On April 05 via api from US — Scanned from US
Summary
This website contacted 6 IPs
in 1 countries
across 3 domains to perform 17 HTTP transactions.
The main IP is 2606:4700:310c::ac42:2f75, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is support-walletrestoration.pages.dev.
TLS certificate: Issued by E1 on April 3rd 2024. Valid for: 3 months.
This is the only time support-walletrestoration.pages.dev was scanned on urlscan.io!
TLS certificate: Issued by E1 on April 3rd 2024. Valid for: 3 months.
This is the only time support-walletrestoration.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 | 2606:4700:310... 2606:4700:310c::ac42:2f75 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 10 | 13.225.63.69 13.225.63.69 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 13.225.210.44 13.225.210.44 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 2600:9000:21e... 2600:9000:21ea:5200:0:3ec8:d500:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 172.66.44.139 172.66.44.139 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 17 | 6 |
4
2606:4700:310c::ac42:2f75
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| support-walletrestoration.pages.dev |
10
13.225.63.69
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-69.ewr53.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-69.ewr53.r.cloudfront.net
| uploads-ssl.webflow.com |
1
13.225.210.44
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-44.ewr50.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-44.ewr50.r.cloudfront.net
| d3e54v103j8qbb.cloudfront.net |
1
2600:9000:21ea:5200:0:3ec8:d500:93a1
(United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| d1otoma47x30pg.cloudfront.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
webflow.com
uploads-ssl.webflow.com — Cisco Umbrella Rank: 14743 |
76 KB |
| 5 |
pages.dev
support-walletrestoration.pages.dev |
75 KB |
| 2 |
cloudfront.net
d3e54v103j8qbb.cloudfront.net d1otoma47x30pg.cloudfront.net |
6 KB |
| 17 | 3 |
| Domain | Requested by | |
|---|---|---|
| 10 | uploads-ssl.webflow.com |
support-walletrestoration.pages.dev
uploads-ssl.webflow.com |
| 5 | support-walletrestoration.pages.dev |
support-walletrestoration.pages.dev
|
| 1 | d1otoma47x30pg.cloudfront.net | |
| 1 | d3e54v103j8qbb.cloudfront.net | |
| 17 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| support-walletrestoration.pages.dev E1 |
2024-04-03 - 2024-07-02 |
3 months | crt.sh |
| uploads-ssl.webflow.com Amazon RSA 2048 M02 |
2023-07-29 - 2024-08-26 |
a year | crt.sh |
| *.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://support-walletrestoration.pages.dev/
Frame ID: ED4007C4BDAC4598D4807820ABC174A0
Requests: 18 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
support-walletrestoration.pages.dev/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.css
support-walletrestoration.pages.dev/ |
284 B 508 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app-restorer.webflow.dcd86dd48.css
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/css/ |
47 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
support-walletrestoration.pages.dev/ |
169 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
webflow.js
support-walletrestoration.pages.dev/ |
111 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
62434fa732124a29b112aac4_ic%20Arrow%20Go.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ |
331 B 791 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
651befcfb7970eb8776dfe9e_logo.svg
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/ |
12 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
651bf037d01f3c5e70a64ffc_home-hero-p-800.webp
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/ |
19 KB 20 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
651bf01e326f41a7abb9c6ee_wallet-illo.svg
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/ |
36 KB 13 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
651bf28644ef86bca3239c83_Explore-illo.svg
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/ |
36 KB 14 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
651bf2c8be071de11759f209_Browse-illo.svg
uploads-ssl.webflow.com/651bef3e5d1d847ed1a24f0e/ |
28 KB 11 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
62434fa732124ac76f12aaec_product%20icon-2.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ |
897 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
62434fa732124a4a9512aae0_product%20icon-1.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ |
565 B 1023 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
62434fa732124a853712aad7_product%20icon.svg
uploads-ssl.webflow.com/62434fa732124a0fb112aab4/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
webflow-badge-icon.f67cd735e3.svg
d3e54v103j8qbb.cloudfront.net/img/ |
754 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
webflow-badge-text.6faa6a38cd.svg
d1otoma47x30pg.cloudfront.net/img/ |
10 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
favicon-32x32.png
support-walletrestoration.pages.dev/ |
2 KB 2 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| tram object| Webflow0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d1otoma47x30pg.cloudfront.net
d3e54v103j8qbb.cloudfront.net
support-walletrestoration.pages.dev
uploads-ssl.webflow.com
13.225.210.44
13.225.63.69
172.66.44.139
2600:9000:21ea:5200:0:3ec8:d500:93a1
2606:4700:310c::ac42:2f75
0bd420ca79f86dfd2b5440866a3a950b68129cf6210b7b3df6ca24135ff8dcf8
0f095dda6bad933d0da404460be572ea44d12191e6c8fdc9e6a28dc742661f9e
1651f174ab56691298ad3a9a91fc20e070e3f181125d283668f5e6adaef210fb
21f41a9c7f0c905f45b5188178a33663fb134cd4ba6ea6ac30bdf47e1ab28f09
3c5ddfdc977be35d77aa97a87a4e857c6e69c90d4a05cb4cf1e26c319c354ec6
3c650e448f5d80f982c63996c9d45c42da25af8e1c7ab54c507ef836015de369
4549a9bffa68a0d396b185fe2a24452027b61ac3a1a519f5559d9a93784d0a73
517c0c6b44ede59070fb138aab7e875b9c230a227295f9612c32dabb9b0bdb13
596228062de19a21cfda4d3129b3a5d397c5a71509e096b8f67fb8c4f22aa56d
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
6d603b41230141c47ea03da6a6c129b70e805417776efe8d2f8ce01732072eb0
6eea680992702ce5c637cac0f53526854766fe2bd710d998535d7cdada236ea8
8ba2b37fd4f2f3c19c10109bc6111d3d71692c78f9351f1eb2a8cab5231b77b5
9038ee26082bdf30ec9e6cd1936a3f32ace1fbc0b1c8753615c145dc7e2f90d2
9a50821b46158c264ae8c3bac28c40e317f9ab2b7c5c45b00c7574c7724665c4
c53ac798882e89a73e52275f50279d3b36955dd4bdbe44cd6bcd1accbc651878
c6d5461935b4f760429e7e8dc7c010259b5a622994838b4b3a23df0f06299bdd
e3ae2b0d058074ccc525277727677a22d1cad20a0b26a7598edbcd281e4c90c8