r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb20c18681040b740ab1730562beb45c
abedefb801b0e13987d6619a77e0368771f9dfcb
288c1832db391da57e3d74ffa893ec2c47ef9c1945f85b88473c563b55a3dfb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "288C1832DB391DA57E3D74FFA893EC2C47EF9C1945F85B88473C563B55A3DFB3"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11498
Expires: Tue, 27 Dec 2022 08:18:16 GMT
Date: Tue, 27 Dec 2022 05:06:38 GMT
Connection: keep-alive
metamask.io.merge.origraffes.com.br/secure.html
200 OK 3.3 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/secure.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 84e184949729e38ae19a238cd0918bf8
383f7936d6417eaa1c77ac725be7dcf8d2d7b802
d3a2a10830d55e606c291c6a9554677535c7e597b1454ea3f3eb6d2b97df953a
Analyzer Verdict Alert openphish Crypto/Wallet
fortinet Phishing
GET /secure.html HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Tue, 20 Sep 2022 05:00:40 GMT
etag: "3290-632948f8-e3b91e311a150bc3;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 3256
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 67f508aae634a023b587a7129a5b8039
2ff7e1d29b497147941d0abf581411cbd2722d7b
eee5fda5214bd4f75b0934bb1f14429fe01251628026fd0f18f117b38848601c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EEE5FDA5214BD4F75B0934BB1F14429FE01251628026FD0F18F117B38848601C"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3574
Expires: Tue, 27 Dec 2022 06:06:12 GMT
Date: Tue, 27 Dec 2022 05:06:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 27 Dec 2022 04:35:05 GMT
content-type: application/json
age: 1893
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c298d0b2a05562a7ece94adf3589dacd
266befe104baa47e94fe0b9d00d10f96518b6525
a00a7433c6ee020d40e43fb5c821b8f2b835107852be361317fd2dfdcc4f0a15
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A00A7433C6EE020D40E43FB5C821B8F2B835107852BE361317FD2DFDCC4F0A15"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2415
Expires: Tue, 27 Dec 2022 05:46:53 GMT
Date: Tue, 27 Dec 2022 05:06:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yoN8k5TTZOFJRt9bcVBK5GWZYTvIknLVpmyoTBEuyZztlUa09G5Esp+JUkwsFMzm2mlfIq2FBKs=
x-amz-request-id: 8WPX0GB2R049NSFP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 27 Dec 2022 04:55:36 GMT
age: 662
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:06:38 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ae893eec23998fe856d6ee3df2163a80
d98cb1a1c82c429c2f6fdbbfb7461713c790da7a
24167e8036371493799d6fe42f5e00a0ea2e4a5b7eb70636a269a9aa78d1f712
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
metamask.io.merge.origraffes.com.br/meta/normalize.css
200 OK 2.6 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/normalize.css
IP
Hash 74b55c54efadbc58b06a6042cc858472
127ffb851c8bb77bf00de3280d0e078571704de7
435035717bcd1da635fd11e9d0d22c40d2753c48383b1728f66bfd1607bcd54a
GET /meta/normalize.css HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 21:30:38 GMT
etag: "1e5c-61c398fe-3edbd2a3b0d8fff7;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 2633
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/webflow.css
200 OK 9.4 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/webflow.css
IP
File type Unicode text, UTF-8 text, with very long lines (2587)
Hash d143e827e4004f5af028b3c37e3748dd
7531565e84fd2011b5ca8a9b179ecdd4b65d89b6
f425ff60551250b2f1dc6a40d92d5ab84847781d370740a945b6b8f1866c4e84
GET /meta/webflow.css HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 21:30:46 GMT
etag: "98c5-61c39906-ab2e144e0048c95a;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 9350
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ae893eec23998fe856d6ee3df2163a80
d98cb1a1c82c429c2f6fdbbfb7461713c790da7a
24167e8036371493799d6fe42f5e00a0ea2e4a5b7eb70636a269a9aa78d1f712
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
metamask.io.merge.origraffes.com.br/meta/plx.chock.js
200 OK 312 B URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/plx.chock.js
IP
Hash f8a281c232ca490b0fb6a69a0a69aa93
8586880ea6c9a49dd4b2b45ee6f7eff01c5c7683
4acac0377cad7da2cbf6e18c4e9096e95484429bf4589b472bbc276c43b6110e
Analyzer Verdict Alert fortinet Phishing
GET /meta/plx.chock.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:38 GMT
etag: "d41-61c398fe-3c740d06ba9b95bd;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 312
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/tag.js
200 OK 7.6 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/tag.js
IP
File type ASCII text, with very long lines (21652), with no line terminators
Hash 030e152d0cbf5d9c345726676e20f490
d39cd836763535ada905adb47e4d028a80f51849
01cb61852e9ab6166e2651c568c84e93d2dd80a7296b26d2f0539e5dc614787f
Analyzer Verdict Alert fortinet Phishing
GET /meta/tag.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:44 GMT
etag: "5494-61c39904-e7040745b0ffad00;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 7583
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/enterprise.js
200 OK 617 B URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/enterprise.js
IP
File type ASCII text, with very long lines (1008), with no line terminators
Hash d81ef5cb351ba48ede3354fa5248ce44
9a08bcf54317bb24610116e0650b520b32dcb7e3
69e117e70a745175180e8c577cec146b059da38bfd77265a8544cfc78a51e32b
Analyzer Verdict Alert fortinet Phishing
GET /meta/enterprise.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:24 GMT
etag: "3f0-61c398f0-fb6197b02f1db234;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 617
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/metamask-staging-2.webflow.css
200 OK 18 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/metamask-staging-2.webflow.css
IP
Hash 53ff35d49ab5d2089b65f13389233f86
cf1714af3125e0fc6b07408fa4269ab003baa162
509ea7e5aac1909a1a0b328b497e47f04cd10eaa3927e65a37cf1900bea5996f
GET /meta/metamask-staging-2.webflow.css HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 21:30:36 GMT
etag: "22adb-61c398fc-2986f05d2bc2a2c2;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 17590
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/analytics.js
200 OK 20 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash f6172b83fb5bcd8fadd246270f6e7948
910ba56b59eac08dd3461bbf81a19378028b2664
62559499e80252ed5f16b8d9972825db8479ad069a5f3e63a82c37a0d9d4ce91
Analyzer Verdict Alert fortinet Phishing
GET /meta/analytics.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:22 GMT
etag: "c41d-61c398ee-679cad020043944f;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 20110
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 27 Dec 2022 04:08:07 GMT
age: 3511
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
metamask.io.merge.origraffes.com.br/meta/jquery-3.5.1.min.dc5e7f18c8.js
200 OK 31 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/jquery-3.5.1.min.dc5e7f18c8.js
IP
File type ASCII text, with very long lines (65451)
Hash 21ab05a6dc4822c20e4f8e617d59503e
0431002ed053581f86ceeca6589f3b3fc039d1ee
d55c3c4566cd69b2af1ac0ef1f24f7d9e781bd67701c2e84a2300a8464636b34
Analyzer Verdict Alert fortinet Phishing
GET /meta/jquery-3.5.1.min.dc5e7f18c8.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:32 GMT
etag: "15d84-61c398f8-c0dfc25b3e51e8d0;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 30970
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/bootstrap-tagsinput.js
200 OK 5.5 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/bootstrap-tagsinput.js
IP
Hash 5b983ffbdbd303a37f5b153798286001
a4782d23a57b811c34547d75e27bbf0073093413
caa4acd6da83afa0cd99d45b91093277c3fbb93c37f0afa0fa7f9f48761d6919
Analyzer Verdict Alert fortinet Phishing
GET /meta/bootstrap-tagsinput.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Tue, 03 Nov 2015 13:26:42 GMT
etag: "5270-5638b612-176f98c393c62f8c;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 5491
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/script.js
200 OK 681 B URL HTTP/1.1 metamask.io.merge.origraffes.com.br/script.js
IP
File type ASCII text, with CRLF line terminators
Hash 134522a48e2972be59a3971575c17e30
ea1c1fac3da8f89c7091fb9ccc2617b2831dcda2
b620dc8d0b3f34b191934f466cb0793441e98a9705d8f3235d0f75582ecbdc4f
Analyzer Verdict Alert fortinet Phishing
GET /script.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 06:35:50 GMT
etag: "6fb-63295f46-c08d9f94e75f08e2;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 681
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/webfont.js
200 OK 5.4 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/webfont.js
IP
File type ASCII text, with very long lines (2134)
Hash f2e75ef01e8ce9b37cec75250d84e8bf
76e367a654e7cdaa51872ab26a31eb96605b4544
4a40bdcd270c0a713cc75ff940ab738302bb466ad84bd39780d96dfb77bfedde
Analyzer Verdict Alert fortinet Phishing
GET /meta/webfont.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:46 GMT
etag: "3384-61c39906-7ab86eaf0836c53c;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 5431
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/css.html
200 OK 274 B URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/css.html
IP
Hash a0a15fba936f518c2c1c071b0089c64c
6f8526c13dda4943229b9535931f8a6fd169da3a
6e9864f7491582647d88fee2b9503d22fc8735f673bb9be1809437c11af8af96
Analyzer Verdict Alert fortinet Phishing
GET /meta/css.html HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Wed, 22 Dec 2021 21:30:22 GMT
etag: "2ac-61c398ee-9b60559dc908a106;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 274
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
fonts.googleapis.com/icon?family=Material+Icons
200 OK 642 B URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP
Hash fc6bcbba175a7baa80435511022afb39
7ed69beca150dea65acd62b9c9118c303da3e93c
14c4e1ac02cd00a5d7b24ed6fa6fabca5c0e0ccc8e29efc9bf2c3918e6110fe8
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Dec 2022 05:06:38 GMT
date: Tue, 27 Dec 2022 05:06:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 68ee4e2891b5a52719997e4ef8cb7aab
ae2e49eff010551d7f3dcf005a51530ee2910480
2bae50a834a34f248f6a79cf6f191dcf709c24b884f2d3da7fa43985c6b2d48b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5585
Cache-Control: max-age=106394
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:06:39 GMT
Etag: "63a96428-1d7"
Expires: Wed, 28 Dec 2022 10:39:53 GMT
Last-Modified: Mon, 26 Dec 2022 09:06:48 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
metamask.io.merge.origraffes.com.br/meta/mm-logo.svg
200 OK 3.3 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/mm-logo.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Hash 75536fc9d6e2f24b5d4a43206f59daea
d6b451451650bb4028e6e36562cf590370534324
1fec7292d135f29856c58b107c76d144f532a9a3b5d36acefa89ae4e3e990c61
Analyzer Verdict Alert fortinet Phishing
GET /meta/mm-logo.svg HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=31536000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: image/svg+xml
last-modified: Wed, 22 Dec 2021 21:30:36 GMT
etag: "2ef3-61c398fc-d78ad8245ed5a8d5;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 3289
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
200 OK 7.9 kB URL HTTP/1.1 fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Hash 61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18
GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://metamask.io.merge.origraffes.com.br
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 7900
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 20 Dec 2022 21:47:45 GMT
Expires: Wed, 20 Dec 2023 21:47:45 GMT
Cache-Control: public, max-age=31536000
Age: 544734
Last-Modified: Thu, 21 Apr 2022 17:15:19 GMT
Content-Type: font/woff2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7f2ed0d8a18af500682ec994cd3a5e15
48032c29ccc60c09f0c003042d059e83ea493ecb
8c49d81420b293298bd75222f60fbc608c322b36944963d93b6a15b12bcb0e8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:06:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
200 OK 128 kB URL HTTP/2 fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 128352, version 1.0\012- data
Size 128 kB (128352 bytes)
Hash 53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
GET /s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://metamask.io.merge.origraffes.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Dec 2022 20:33:17 GMT
expires: Fri, 22 Dec 2023 20:33:17 GMT
cache-control: public, max-age=31536000
age: 376402
last-modified: Thu, 25 Aug 2022 00:26:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7f2ed0d8a18af500682ec994cd3a5e15
48032c29ccc60c09f0c003042d059e83ea493ecb
8c49d81420b293298bd75222f60fbc608c322b36944963d93b6a15b12bcb0e8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:06:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
metamask.io.merge.origraffes.com.br/meta/storage.secure.min.js
200 OK 13 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/storage.secure.min.js
IP
File type ASCII text, with very long lines (38562), with no line terminators
Hash 3d92102abedfdb24487dce53034d530b
98a4881577f81b625bc08bf33331295fd996df48
b6df362a0fb0fa4eb5c3e8724f44a5a483550e971d2ff3131c82efcfb7d262a2
Analyzer Verdict Alert fortinet Phishing
GET /meta/storage.secure.min.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:42 GMT
etag: "96a2-61c39902-67e346e3a19eff29;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 13331
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
200 OK 8.4 kB URL HTTP/1.1 fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Hash 141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff
GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://metamask.io.merge.origraffes.com.br
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 8404
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 27 Dec 2022 05:06:39 GMT
Expires: Wed, 27 Dec 2023 05:06:39 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 21 Apr 2022 17:15:41 GMT
Content-Type: font/woff2
Age: 0
metamask.io.merge.origraffes.com.br/meta/webflow.js
200 OK 147 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/webflow.js
IP
File type Unicode text, UTF-8 text, with very long lines (50020)
Size 147 kB (147063 bytes)
Hash 8a4663ee78192e5c9506c2a338ce7723
dba17ca619195bfb7ff1a1b55d196bff2029b89f
f2892479732a4c07ecece62f4c8f12fd9ade7fab06766368a9c87f3bbe96dd59
Analyzer Verdict Alert fortinet Phishing
GET /meta/webflow.js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=15768000, public
expires: Tue, 03 Jan 2023 05:06:38 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 21:30:46 GMT
etag: "92c10-61c39906-45a9bdc43ee416b2;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 147063
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
metamask.io.merge.origraffes.com.br/meta/EuclidCircularB-Bold-WebXL.woff2
200 OK 44 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/EuclidCircularB-Bold-WebXL.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Hash 9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df
Analyzer Verdict Alert fortinet Phishing
GET /meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/meta/metamask-staging-2.webflow.css
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=31536000, public
expires: Tue, 03 Jan 2023 05:06:39 GMT
content-type: font/woff2
last-modified: Wed, 22 Dec 2021 21:30:26 GMT
etag: "ae00-61c398f2-879c8baabe8aba74;;;"
accept-ranges: bytes
content-length: 44544
date: Tue, 27 Dec 2022 05:06:39 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
vary: User-Agent
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 70z3CbSq0x+bwHeaKzeDdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yMg8XHkn6Opsj+NxhLeZ/FYIIF8=
metamask.io.merge.origraffes.com.br/meta/EuclidCircularB-Regular-WebXL.woff2
200 OK 45 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/EuclidCircularB-Regular-WebXL.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Hash 2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b
Analyzer Verdict Alert fortinet Phishing
GET /meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/meta/metamask-staging-2.webflow.css
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=31536000, public
expires: Tue, 03 Jan 2023 05:06:39 GMT
content-type: font/woff2
last-modified: Wed, 22 Dec 2021 21:30:26 GMT
etag: "b08c-61c398f2-82f46873e95cf93a;;;"
accept-ranges: bytes
content-length: 45196
date: Tue, 27 Dec 2022 05:06:39 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
vary: User-Agent
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
404 Not Found 1.6 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0
GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://metamask.io.merge.origraffes.com.br
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Tue, 27 Dec 2022 05:06:39 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
metamask.io.merge.origraffes.com.br/images/favicon.png
200 OK 0 B URL HTTP/1.1 metamask.io.merge.origraffes.com.br/images/favicon.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/favicon.png HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=31536000, public
expires: Tue, 03 Jan 2023 05:06:39 GMT
content-type: image/png
last-modified: Thu, 23 Dec 2021 03:03:30 GMT
etag: "0-61c3e702-dbfccd7167b90311;;;"
accept-ranges: bytes
content-length: 0
date: Tue, 27 Dec 2022 05:06:39 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
vary: User-Agent
metamask.io.merge.origraffes.com.br/images/webclip.png
200 OK 0 B URL HTTP/1.1 metamask.io.merge.origraffes.com.br/images/webclip.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/webclip.png HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=31536000, public
expires: Tue, 03 Jan 2023 05:06:39 GMT
content-type: image/png
last-modified: Thu, 23 Dec 2021 03:03:30 GMT
etag: "0-61c3e702-8f7f77d1889260e7;;;"
accept-ranges: bytes
content-length: 0
date: Tue, 27 Dec 2022 05:06:39 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
vary: User-Agent
metamask.io.merge.origraffes.com.br/meta/Institutional-Illustration.png
200 OK 290 kB URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/Institutional-Illustration.png
IP
File type PNG image data, 876 x 1040, 8-bit/color RGBA, non-interlaced\012- data
Size 290 kB (289564 bytes)
Hash 85607339bb7e3cc70e1b7568ed4d29b2
7c6301d70e1ab599857be6e9795b94418cef6079
5bdf1ea203497adb942fa639a322195c744910ae8980d625d986ddead1f8ed37
GET /meta/Institutional-Illustration.png HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/meta/metamask-staging-2.webflow.css
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: max-age=31536000, public
expires: Tue, 03 Jan 2023 05:06:39 GMT
content-type: image/png
last-modified: Wed, 22 Dec 2021 21:30:30 GMT
etag: "46b1c-61c398f6-177fc5525b0aa682;;;"
accept-ranges: bytes
content-length: 289564
date: Tue, 27 Dec 2022 05:06:39 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
vary: User-Agent
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3529
Expires: Tue, 27 Dec 2022 06:05:29 GMT
Date: Tue, 27 Dec 2022 05:06:40 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3529
Expires: Tue, 27 Dec 2022 06:05:29 GMT
Date: Tue, 27 Dec 2022 05:06:40 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3529
Expires: Tue, 27 Dec 2022 06:05:29 GMT
Date: Tue, 27 Dec 2022 05:06:40 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3529
Expires: Tue, 27 Dec 2022 06:05:29 GMT
Date: Tue, 27 Dec 2022 05:06:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F303678dc-bd95-4d91-9245-9a823889b144.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F303678dc-bd95-4d91-9245-9a823889b144.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef4da8e896dc66221b42b1ad2d27362d
ee833149ae2e7e3f263d501f88e8d2ee440ccc14
603915645628c23fc3b29eb1eed16b3cc2c8fc1b9954176f2527ccf7e2f3a07e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F303678dc-bd95-4d91-9245-9a823889b144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13049
x-amzn-requestid: 45432186-7ea5-4826-8945-29aa4da0770c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dx7BvH1IIAMFZdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa3ed7-2c49291a56867ec902ad573d;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 00:39:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VZFnby5iQgyAmqiWMC06NhPmgdZU78jzJPeoC8X_Wbp2zHZJNsdSfg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 00:42:02 GMT
age: 15878
etag: "ee833149ae2e7e3f263d501f88e8d2ee440ccc14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be693dc109dd4beeee6f7f3ae2061dae
349168c24483cf12e3c10e176643b5f02316cbf4
2e4cf6b6d7f4e75d4dfd631a76a921734f3824563f039a6da20826d0bb3afc0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10281
x-amzn-requestid: 6f952ba1-d992-4521-83f7-ce18a4b75798
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYMFdtIAMFwyA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa129a-5b1ad9041a52fc8f049d37eb;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H3u62So8Z-Pe1gQiIpOjTUEvozSDuV3d2wZMKlZMDioFrtIwYjrV5Q==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 26504
etag: "349168c24483cf12e3c10e176643b5f02316cbf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9658bc08-5e7a-4e2a-84f5-0d9e42e3b77c.jpeg
200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9658bc08-5e7a-4e2a-84f5-0d9e42e3b77c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6fae1d3c96b2fb2de464bfa2ecac255e
24fd29d292ea53fb909dfa1829a0010b75de2f01
b4a82374d8ab68ae01bc170f8cd3159d0c23ee62c516c317a889ed0c0e575638
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9658bc08-5e7a-4e2a-84f5-0d9e42e3b77c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7289
x-amzn-requestid: c374bc19-82dd-4692-aaf8-613fb4ba62e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: do608EYMoAMF1qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a6a4ec-23632b8f1341ef9f2d82f5e4;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 07:06:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aRy2kjmhNnqJuyHnuzvt7mdzN1Nj9xDIVPUB5FsqJ4QxTfN-egk7pQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 07:30:24 GMT
age: 77776
etag: "24fd29d292ea53fb909dfa1829a0010b75de2f01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F973fc216-fba1-40f7-8d35-778b3fc0ee1c.jpeg
200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F973fc216-fba1-40f7-8d35-778b3fc0ee1c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e712da258f280eeb9ce0a7fa97aff63b
fa3147a3111bc132ce389a780504e3626b4be0f0
cd7ff9d40428664eaded34390a3f17d13230f683c6cec5b0604d62b3461aa47c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F973fc216-fba1-40f7-8d35-778b3fc0ee1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6318
x-amzn-requestid: 7e5aae2f-c5fd-4a8f-b9a6-557a68e36b68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: drEBqFL9oAMFhhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a78070-1aac4a0d0b4042c22d24baa4;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 22:42:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xpcD8K0u1A6kpsPguyFZuEZh7Bu8rgyO4PQUAXtlW7VFZDxZrPhiJg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 08:02:15 GMT
age: 75865
etag: "fa3147a3111bc132ce389a780504e3626b4be0f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1983375a-46e7-4d3c-b100-9baafabc9959.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1983375a-46e7-4d3c-b100-9baafabc9959.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7b7f0c866bf3ac4531371ad2060951b5
48251361ab12813116d9aba69bb646bf11e54b76
33eacdc9a4c0f1c0494c153e6c8bf8dcebb5d1447aeb22fb2a799f2b631f4da7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1983375a-46e7-4d3c-b100-9baafabc9959.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5961
x-amzn-requestid: be6c3f09-60b7-42e3-bea3-2addcac0faca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: drrFcHhQIAMFzBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a7beef-457bd6e7433432ff095b93a4;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 03:09:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OV32GcfhBguZJ44b3ZgAGvdRNoPxw2keMAWiIRVI6D9BzJKyXLW8ag==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 05:06:03 GMT
age: 37
etag: "48251361ab12813116d9aba69bb646bf11e54b76"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg
200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d1964c05c10407de7a80602733f4e740
ad4906adb14904182746eac5935433fba1c7783c
521aa22be37143a80eb3314f57cf9b99d48a9ad77bebb8012c96464b93530b63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9772
x-amzn-requestid: 92ffab03-243e-432f-bbeb-be90fa5e0ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYDFvfIAMFajA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa1299-7cb9a9b729db72b7550fcf7c;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MogTHBdmwt6knnv1C_t_LNy98cz8k61YRJqfbHrT8jNGXcj8VQCdYg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 26504
etag: "ad4906adb14904182746eac5935433fba1c7783c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.ethers.io/scripts/ethers-v4.min.js
200 OK 0 B URL HTTP/2 cdn.ethers.io/scripts/ethers-v4.min.js
IP
GET /scripts/ethers-v4.min.js HTTP/1.1
Host: cdn.ethers.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
last-modified: Fri, 23 Oct 2020 03:52:54 GMT
x-amz-version-id: 1vIDD7850l9p1Juv2dxP72RhnSV02NFY
server: AmazonS3
content-encoding: gzip
date: Mon, 26 Dec 2022 18:42:04 GMT
etag: W/"0e66b864a27c5961a702e18683961608"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3K15N0S_9UTOegBH4fv9rVhp3O5QEdsUEAUGC0SnC1bErl8P_AQixA==
age: 37475
X-Firefox-Spdy: h2
metamask.io.merge.origraffes.com.br/meta/js
200 OK 0 B URL HTTP/1.1 metamask.io.merge.origraffes.com.br/meta/js
IP
Analyzer Verdict Alert fortinet Phishing
GET /meta/js HTTP/1.1
Host: metamask.io.merge.origraffes.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.origraffes.com.br/secure.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Wed, 22 Dec 2021 21:30:32 GMT
etag: "168a5-61c398f8-7926c2359b29b6c3;;;"
accept-ranges: bytes
content-length: 92325
date: Tue, 27 Dec 2022 05:06:38 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
vary: User-Agent
192.111.158.153
23.36.76.226
93.184.220.29