wordpress-38088753649.devrimsdemo.com Open in urlscan Pro
54.241.214.20  Malicious Activity! Public Scan

Submitted URL: https://zpr.io/KGLhyBPQF6qW
Effective URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Submission: On April 28 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 54.241.214.20, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is wordpress-38088753649.devrimsdemo.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 26th 2023. Valid for: a year.
This is the only time wordpress-38088753649.devrimsdemo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

IP Address AS Autonomous System
1 1 54.86.251.2 14618 (AMAZON-AES)
1 11 54.241.214.20 16509 (AMAZON-02)
10 1
Apex Domain
Subdomains
Transfer
11 devrimsdemo.com
wordpress-38088753649.devrimsdemo.com
119 KB
1 zpr.io
zpr.io — Cisco Umbrella Rank: 862366
110 B
10 2
Domain Requested by
11 wordpress-38088753649.devrimsdemo.com 1 redirects wordpress-38088753649.devrimsdemo.com
1 zpr.io 1 redirects
10 2

This site contains no links.

Subject Issuer Validity Valid
*.devrimsdemo.com
Sectigo RSA Domain Validation Secure Server CA
2023-10-26 -
2024-10-25
a year crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Frame ID: FEAEE771EECC0B4906FA03B46C4D99F3
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Metamask

Page URL History Show full URLs

  1. https://zpr.io/KGLhyBPQF6qW HTTP 302
    https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

118 kB
Transfer

396 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://zpr.io/KGLhyBPQF6qW HTTP 302
    https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://wordpress-38088753649.devrimsdemo.com/favicon.ico HTTP 301
  • https://wordpress-38088753649.devrimsdemo.com/favicon.ico/

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Redirect Chain
  • https://zpr.io/KGLhyBPQF6qW
  • https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
5 KB
1 KB
Document
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
6aa7b752f8a9647d7228cca42c91b95aa19c11256a08cedb30d5974925ec1e57

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
1211
content-type
text/html
date
Sun, 28 Apr 2024 16:54:13 GMT
etag
"13aa-645a8e8a-21176;br"
last-modified
Tue, 09 May 2023 18:18:50 GMT
server
LiteSpeed
vary
Accept-Encoding

Redirect headers

content-length
329
content-type
text/html; charset=utf-8
date
Sun, 28 Apr 2024 16:54:12 GMT
location
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
bootstrap.min.css
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/bootstrap/css/
190 KB
24 KB
Stylesheet
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/bootstrap/css/bootstrap.min.css
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
600b588354f9e17a356c8beb56a909eeb070ec2502ca2b0bc4abd4d44631848f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:13 GMT
content-encoding
br
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"2f928-64593144-21185;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
23936
expires
Sun, 05 May 2024 16:54:13 GMT
Number-Input-Without-Arrow.css
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/css/
296 B
277 B
Stylesheet
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/css/Number-Input-Without-Arrow.css
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
1ace707878dc244e63c092bd26c23e63c2cf161e589759e19dd223cfc37f926f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:13 GMT
content-encoding
gzip
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"128-64593144-21187;gz"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
expires
Sun, 05 May 2024 16:54:13 GMT
styles.css
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/css/
1 KB
495 B
Stylesheet
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/css/styles.css
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
d59dd2a4612415d4ccd1e849a372be31e6710e3e45096556ec54258799701776

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:13 GMT
content-encoding
br
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"458-64593144-21188;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
432
expires
Sun, 05 May 2024 16:54:13 GMT
8.svg
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/
12 KB
3 KB
Image
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/8.svg
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:13 GMT
content-encoding
br
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"2ef3-64593144-2117b;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
3213
expires
Sun, 05 May 2024 16:54:13 GMT
loader.gif
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/
4 KB
4 KB
Image
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/loader.gif
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:13 GMT
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"f25-64593144-2117d;;;"
content-type
image/gif
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
3877
expires
Sun, 05 May 2024 16:54:13 GMT
home-hero.webp
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/
30 KB
31 KB
Image
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/home-hero.webp
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
4859eadd0825cf4fbc2060497489eed4a7f0bd6af0b95ed0e341f13c7b974e13

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:13 GMT
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"79e4-64593144-2117c;;;"
content-type
image/webp
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
31204
expires
Sun, 05 May 2024 16:54:13 GMT
bootstrap.min.js
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/bootstrap/js/
78 KB
22 KB
Script
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/bootstrap/js/bootstrap.min.js
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
0ff3cadb509482ccb23bb600c5c01eb721877a5cd7187d96c8b0af2135c29ca7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:13 GMT
content-encoding
br
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"139f4-64593144-21183;br"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
22310
The_best_way_to_buy_cryptocurrency_bg.png
wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/
22 KB
23 KB
Image
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/assets/img/The_best_way_to_buy_cryptocurrency_bg.png
Requested by
Host: wordpress-38088753649.devrimsdemo.com
URL: https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
b0075916f9194c8f81ad16b2b302e5a18b37cb2174b30c516f28331e6380d6be

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 16:54:14 GMT
last-modified
Mon, 08 May 2023 17:28:36 GMT
server
LiteSpeed
etag
"59a2-64593144-21180;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
22946
expires
Sun, 05 May 2024 16:54:14 GMT
/
wordpress-38088753649.devrimsdemo.com/favicon.ico/
Redirect Chain
  • https://wordpress-38088753649.devrimsdemo.com/favicon.ico
  • https://wordpress-38088753649.devrimsdemo.com/favicon.ico/
52 KB
11 KB
Other
General
Full URL
https://wordpress-38088753649.devrimsdemo.com/favicon.ico/
Protocol
H2
Server
54.241.214.20 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-214-20.us-west-1.compute.amazonaws.com
Software
LiteSpeed /
Resource Hash
1fa3b229aa14e2c7608631a68f0e25287b6f81e1e6ce22c7abc87a2ba4e63b8d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://wordpress-38088753649.devrimsdemo.com/up/metamask-id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sun, 28 Apr 2024 16:54:14 GMT
content-encoding
gzip
server
LiteSpeed
x-litespeed-cache
hit
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
link
<https://wordpress-38088753649.devrimsdemo.com/index.php?rest_route=/>; rel="https://api.w.org/"
content-length
10762
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

location
https://wordpress-38088753649.devrimsdemo.com/favicon.ico/
date
Sun, 28 Apr 2024 16:54:14 GMT
server
LiteSpeed
x-redirect-by
WordPress
content-length
0
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| uidEvent object| bootstrap

0 Cookies