wordpress-38088753649.devrimsdemo.com
Open in
urlscan Pro
54.241.214.20
Malicious Activity!
Public Scan
Effective URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Submission: On April 28 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 26th 2023. Valid for: a year.
This is the only time wordpress-38088753649.devrimsdemo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.86.251.2 54.86.251.2 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 11 | 54.241.214.20 54.241.214.20 | 16509 (AMAZON-02) (AMAZON-02) | |
10 | 1 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-251-2.compute-1.amazonaws.com
zpr.io |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-241-214-20.us-west-1.compute.amazonaws.com
wordpress-38088753649.devrimsdemo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
devrimsdemo.com
1 redirects
wordpress-38088753649.devrimsdemo.com |
119 KB |
1 |
zpr.io
1 redirects
zpr.io — Cisco Umbrella Rank: 862366 |
110 B |
10 | 2 |
Domain | Requested by | |
---|---|---|
11 | wordpress-38088753649.devrimsdemo.com |
1 redirects
wordpress-38088753649.devrimsdemo.com
|
1 | zpr.io | 1 redirects |
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.devrimsdemo.com Sectigo RSA Domain Validation Secure Server CA |
2023-10-26 - 2024-10-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Frame ID: FEAEE771EECC0B4906FA03B46C4D99F3
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
MetamaskPage URL History Show full URLs
-
https://zpr.io/KGLhyBPQF6qW
HTTP 302
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://zpr.io/KGLhyBPQF6qW
HTTP 302
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://wordpress-38088753649.devrimsdemo.com/favicon.ico HTTP 301
- https://wordpress-38088753649.devrimsdemo.com/favicon.ico/
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
wordpress-38088753649.devrimsdemo.com/up/metamask-id/ Redirect Chain
|
5 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/bootstrap/css/ |
190 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Number-Input-Without-Arrow.css
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/css/ |
296 B 277 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/css/ |
1 KB 495 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8.svg
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/ |
12 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.gif
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home-hero.webp
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/ |
30 KB 31 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/bootstrap/js/ |
78 KB 22 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
The_best_way_to_buy_cryptocurrency_bg.png
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wordpress-38088753649.devrimsdemo.com/favicon.ico/ Redirect Chain
|
52 KB 11 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| uidEvent object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
wordpress-38088753649.devrimsdemo.com
zpr.io
54.241.214.20
54.86.251.2
0ff3cadb509482ccb23bb600c5c01eb721877a5cd7187d96c8b0af2135c29ca7
1ace707878dc244e63c092bd26c23e63c2cf161e589759e19dd223cfc37f926f
1fa3b229aa14e2c7608631a68f0e25287b6f81e1e6ce22c7abc87a2ba4e63b8d
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9
4859eadd0825cf4fbc2060497489eed4a7f0bd6af0b95ed0e341f13c7b974e13
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
600b588354f9e17a356c8beb56a909eeb070ec2502ca2b0bc4abd4d44631848f
6aa7b752f8a9647d7228cca42c91b95aa19c11256a08cedb30d5974925ec1e57
b0075916f9194c8f81ad16b2b302e5a18b37cb2174b30c516f28331e6380d6be
d59dd2a4612415d4ccd1e849a372be31e6710e3e45096556ec54258799701776