www.metamask-restore.online
Open in
urlscan Pro
104.219.248.88
Malicious Activity!
Public Scan
Submission: On May 15 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 7th 2020. Valid for: 2 years.
This is the only time www.metamask-restore.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 104.219.248.88 104.219.248.88 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 99.86.245.9 99.86.245.9 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:830::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 5 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server135-2.web-hosting.com
www.metamask-restore.online |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-245-9.vie50.r.cloudfront.net
d3e54v103j8qbb.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
metamask-restore.online
www.metamask-restore.online |
606 KB |
2 |
gstatic.com
fonts.gstatic.com |
16 KB |
2 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
7 KB |
1 |
cloudfront.net
d3e54v103j8qbb.cloudfront.net |
31 KB |
17 | 4 |
Domain | Requested by | |
---|---|---|
12 | www.metamask-restore.online |
www.metamask-restore.online
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
ajax.googleapis.com
|
1 | d3e54v103j8qbb.cloudfront.net |
www.metamask-restore.online
|
1 | ajax.googleapis.com |
www.metamask-restore.online
|
17 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
metamask.walletconnect-restore.online |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web-hosting.com Sectigo RSA Domain Validation Secure Server CA |
2020-05-07 - 2022-04-05 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2021-02-22 - 2022-02-21 |
a year | crt.sh |
*.google.com GTS CA 1O1 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.metamask-restore.online/
Frame ID: FA2BE120DD3E0C37E8A42617813200D8
Requests: 17 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
- script /googleapis\.com\/.+webfont/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Webflow () Expand
Detected patterns
- meta generator /Webflow/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Restore
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.metamask-restore.online/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
normalize.css
www.metamask-restore.online/css/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webflow.css
www.metamask-restore.online/css/ |
38 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-staging.webflow.css
www.metamask-restore.online/css/ |
96 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ |
13 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mm-logo.svg
www.metamask-restore.online/images/ |
12 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webflow.js
www.metamask-restore.online/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
752 B 797 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hero2.2.png
www.metamask-restore.online/images/ |
576 KB 576 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EuclidCircularB-Regular-WebXL.woff2
www.metamask-restore.online/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EuclidCircularB-Bold-WebXL.woff2
www.metamask-restore.online/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
fonts.gstatic.com/s/changaone/v13/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
fonts.gstatic.com/s/changaone/v13/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EuclidCircularB-Regular-WebXL.woff
www.metamask-restore.online/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EuclidCircularB-Bold-WebXL.woff
www.metamask-restore.online/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webflow.js
www.metamask-restore.online/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| WebFont function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
d3e54v103j8qbb.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
www.metamask-restore.online
104.219.248.88
2a00:1450:4001:802::200a
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
99.86.245.9
37743dc1ed092a174e95bd76c66f1a2e332d491882f1091627388cb7e490ca1e
3972064b60cc8d60061f5aa93b943dc54428f6c29e897f1488d75fb2d5671407
3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
5fec6a29501f86712d4c0e28988d2be5bb807d60526022e0cc61d68021766fc0
69b69addbb8631e7a4b9e0c7a140841691812ed7a9378f3eed9d3c1fe31c1803
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
9c6596dccd4b15e7ab0a21d6b35c75d0f0531d258f342869890165ac974706b3
bd75626f005bcd21e2fe586ba437313c1d32ff675086f2ae860f7dcef2e09d77
e2bce7e3f85456cb30a1803f8f261157ca8922d7e0b1c5baf421d65cfd87619d
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d