Report - metamask.io.merge.reef.co.ke/secure.html

Report Overview

Submitted URL
metamask.io.merge.reef.co.ke/secure.html
IP
5.9.235.235
ASN
#24940 Hetzner Online GmbH
Submitted
2023-01-29 06:28:35
Access
Website Title
Final URL
Tags
crypto phishing
urlquery detections
Phishing - Generic Crypto/Wallet

Detections

urlquery
22
Network Intrusion Detection
0
Threat Detection Systems
76

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.212.170.166
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.33.119.27
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	1.0 kB	54.230.245.118
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	745 B	1.5 kB	142.250.74.74
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	1.4 kB	147 kB	216.58.207.227
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	465 B	2.0 kB	216.58.211.3
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	52 kB	34.120.237.76
cdn.ethers.io	459220	2017-08-30T09:27:23Z	2023-03-09T17:22:04Z	385 B	540 B	54.230.111.14
metamask.io.merge.reef.co.ke	unknown	2022-11-30T04:34:53Z	2023-02-14T11:02:14Z	7.6 kB	655 kB	5.9.235.235
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.4 kB	2.8 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-28	medium	metamask.io.merge.reef.co.ke/secure.html	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet
2023-01-15	medium	metamask.io.merge.reef.co.ke/	Crypto/Wallet

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	metamask.io.merge.reef.co.ke/secure.html	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/plx.chock.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/webfont.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/css.html	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/tag.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/enterprise.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/analytics.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/storage.secure.min.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/bootstrap-tagsinput.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/script.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/jquery-3.5.1.min.dc5e7f18c8.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/webflow.js	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/mm-logo.svg	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/EuclidCircularB-Regular-WebXL.woff2	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/EuclidCircularB-Bold-WebXL.woff2	Phishing
2023-01-29	medium	metamask.io.merge.reef.co.ke/meta/js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	metamask.io.merge.reef.co.ke/meta/storage.secure.min.js	39 kB	2023-03-07	2024-04-12
Pretty URL metamask.io.merge.reef.co.ke/meta/storage.secure.min.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen657 Hash 3386ec5559f1ba569cf0ab6acab436cc e98e11d37c5172ee128a85f68447efb3cb0e853c 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73 Loading...

	metamask.io.merge.reef.co.ke/meta/bootstrap-tagsinput.js	21 kB	2023-03-07	2024-04-20
Pretty URL metamask.io.merge.reef.co.ke/meta/bootstrap-tagsinput.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:47 Last Seen2024-04-20 07:30:29 Times Seen119 Hash 762e212e474887426c95f101d575024d 494300a29c210c28eafa9be961d019f349395cb7 6838daba9201ad885ef13c42f4570ff1caea4d4fd602f491493cbbcd038aea7b Loading...

	metamask.io.merge.reef.co.ke/meta/webflow.js	601 kB	2023-03-07	2024-04-12
Pretty URL metamask.io.merge.reef.co.ke/meta/webflow.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:36 Last Seen2024-04-12 19:27:20 Times Seen596 Hash 9758f7e3aa0c79ea7a3cadb16d10087b 07f3c4e552e28eba6172f53d6dcf981a55f42031 0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d Loading...

	metamask.io.merge.reef.co.ke/secure.html	69 B	2023-03-07	2024-01-24
Pretty URL metamask.io.merge.reef.co.ke/secure.html IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:02:04 Last Seen2024-01-24 04:07:03 Times Seen50 Hash 5bfe438db73c17486a5a13927299f222 b3d7752c6ef9e6e6a0fe269719cd2599d291270c 56b8b12efd27f854b5c610c39dfe21eb70b4358b2a5bd221e89283aad6909634 Loading...

	metamask.io.merge.reef.co.ke/meta/js	92 kB	2023-03-07	2024-03-12
Pretty URL metamask.io.merge.reef.co.ke/meta/js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:36 Last Seen2024-03-12 06:48:21 Times Seen508 Hash fb2ab9b8632250b0d7aa50c08150cfe1 73b3f266ac08c9fb07e1de1664fed384ccd5bc86 5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b Loading...

	metamask.io.merge.reef.co.ke/meta/webfont.js	13 kB	2023-03-07	2024-04-24
Pretty URL metamask.io.merge.reef.co.ke/meta/webfont.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-04-24 23:28:13 Times Seen22382 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	metamask.io.merge.reef.co.ke/meta/tag.js	22 kB	2023-03-07	2024-04-12
Pretty URL metamask.io.merge.reef.co.ke/meta/tag.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen539 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

	unknown	62 kB	2023-03-13	2023-03-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:49:13 Last Seen2023-03-13 10:49:13 Times Seen1 Hash e0277084347902b48f56b7dd06871468 838e0daee9365a116af499e78e05761f78862678 39968d7b32b930794fac006681f1afc0363c995236e5b10d2c335188cc9e28b2 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 00:37:22 Times Seen37051328 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	metamask.io.merge.reef.co.ke/meta/plx.chock.js	3.4 kB	2023-03-07	2024-04-02
Pretty URL metamask.io.merge.reef.co.ke/meta/plx.chock.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-02 06:38:24 Times Seen660 Hash 5acfeead7d13511cdef767305b87e3f8 ec5337e62f1e64d3aaba3bf41a41b5f876964922 b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246 Loading...

	metamask.io.merge.reef.co.ke/meta/analytics.js	50 kB	2023-03-07	2024-04-18
Pretty URL metamask.io.merge.reef.co.ke/meta/analytics.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 21:14:10 Times Seen840 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	metamask.io.merge.reef.co.ke/meta/enterprise.js	1.0 kB	2023-03-07	2024-04-12
Pretty URL metamask.io.merge.reef.co.ke/meta/enterprise.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-12 19:27:20 Times Seen572 Hash d07e7630bc23cbdd7520d0a4f086c922 b50685923a96d55109959fdf21f369d902971b2a 15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2 Loading...

	metamask.io.merge.reef.co.ke/script.js	2.4 kB	2023-03-08	2023-07-19
Pretty URL metamask.io.merge.reef.co.ke/script.js IP 5.9.235.235 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:52 Last Seen2023-07-19 15:10:44 Times Seen6 Hash 687f21facc25d5da64d7013766a2cd06 8591897844f2936ca77146ac1beb2949a39c5b09 27de14d048847fde6aae1a5f4d32582b09c5fb410f6b6b8129f0afafcb1a8589 Loading...

HTTP Transactions (53)

URL IP Response Size

metamask.io.merge.reef.co.ke/secure.html

5.9.235.235

200 OK

3.2 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/secure.html
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
3.2 kB (3239 bytes)
Hash
0d9924c70f4d78dd25e5eeacb226f71a
dd9382fe1274d9c01c6c8450ff1fa697cd07984e
d4cfd293ada5554238495c05a9d09887bf542306ac909fdbef1ab3d7b24e5415

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /secure.html HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Sun, 27 Nov 2022 21:25:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3239
date: Sun, 29 Jan 2023 06:28:24 GMT
server: LiteSpeed

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11981
Expires: Sun, 29 Jan 2023 09:48:05 GMT
Date: Sun, 29 Jan 2023 06:28:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11813
Expires: Sun, 29 Jan 2023 09:45:17 GMT
Date: Sun, 29 Jan 2023 06:28:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6056
Expires: Sun, 29 Jan 2023 08:09:21 GMT
Date: Sun, 29 Jan 2023 06:28:25 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 05:35:34 GMT
content-type: application/json
age: 3171
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: xfnGEyx5N/Ee0BKajc5QX/bP42BHTZIgTuoRtrFENox0YtJKJmMyVuQxNU0bL8GrsN8ltw2bdsgq81LqVevohg==
x-amz-request-id: 146QBXF7HQD45W2K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 06:21:17 GMT
age: 428
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 06:28:25 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

metamask.io.merge.reef.co.ke/meta/normalize.css

5.9.235.235

200 OK

2.6 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/normalize.css
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
2.6 kB (2633 bytes)
Hash
74b55c54efadbc58b06a6042cc858472
127ffb851c8bb77bf00de3280d0e078571704de7
435035717bcd1da635fd11e9d0d22c40d2753c48383b1728f66bfd1607bcd54a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet

HTTP Headers

GET /meta/normalize.css HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 15:30:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2633
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/plx.chock.js

5.9.235.235

200 OK

312 B

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/plx.chock.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
312 B (312 bytes)
Hash
f8a281c232ca490b0fb6a69a0a69aa93
8586880ea6c9a49dd4b2b45ee6f7eff01c5c7683
4acac0377cad7da2cbf6e18c4e9096e95484429bf4589b472bbc276c43b6110e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/plx.chock.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 312
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/webfont.js

5.9.235.235

200 OK

5.4 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/webfont.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (2134)
Size
5.4 kB (5431 bytes)
Hash
f2e75ef01e8ce9b37cec75250d84e8bf
76e367a654e7cdaa51872ab26a31eb96605b4544
4a40bdcd270c0a713cc75ff940ab738302bb466ad84bd39780d96dfb77bfedde

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/webfont.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5431
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/css.html

5.9.235.235

200 OK

274 B

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/css.html
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
274 B (274 bytes)
Hash
a0a15fba936f518c2c1c071b0089c64c
6f8526c13dda4943229b9535931f8a6fd169da3a
6e9864f7491582647d88fee2b9503d22fc8735f673bb9be1809437c11af8af96

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/css.html HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Wed, 22 Dec 2021 15:30:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 274
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/tag.js

5.9.235.235

200 OK

7.6 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/tag.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (21652), with no line terminators
Size
7.6 kB (7583 bytes)
Hash
030e152d0cbf5d9c345726676e20f490
d39cd836763535ada905adb47e4d028a80f51849
01cb61852e9ab6166e2651c568c84e93d2dd80a7296b26d2f0539e5dc614787f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/tag.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:44 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 7583
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 06:28:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

metamask.io.merge.reef.co.ke/meta/enterprise.js

5.9.235.235

200 OK

617 B

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/enterprise.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (1008), with no line terminators
Size
617 B (617 bytes)
Hash
d81ef5cb351ba48ede3354fa5248ce44
9a08bcf54317bb24610116e0650b520b32dcb7e3
69e117e70a745175180e8c577cec146b059da38bfd77265a8544cfc78a51e32b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/enterprise.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 617
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/analytics.js

5.9.235.235

200 OK

20 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/analytics.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (1325)
Size
20 kB (20110 bytes)
Hash
f6172b83fb5bcd8fadd246270f6e7948
910ba56b59eac08dd3461bbf81a19378028b2664
62559499e80252ed5f16b8d9972825db8479ad069a5f3e63a82c37a0d9d4ce91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/analytics.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 20110
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/storage.secure.min.js

5.9.235.235

200 OK

13 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/storage.secure.min.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (38562), with no line terminators
Size
13 kB (13331 bytes)
Hash
3d92102abedfdb24487dce53034d530b
98a4881577f81b625bc08bf33331295fd996df48
b6df362a0fb0fa4eb5c3e8724f44a5a483550e971d2ff3131c82efcfb7d262a2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/storage.secure.min.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 13331
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/bootstrap-tagsinput.js

5.9.235.235

200 OK

5.5 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/bootstrap-tagsinput.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
5.5 kB (5491 bytes)
Hash
5b983ffbdbd303a37f5b153798286001
a4782d23a57b811c34547d75e27bbf0073093413
caa4acd6da83afa0cd99d45b91093277c3fbb93c37f0afa0fa7f9f48761d6919

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/bootstrap-tagsinput.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Tue, 03 Nov 2015 08:26:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5491
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/script.js

5.9.235.235

200 OK

832 B

URL HTTP/1.1
metamask.io.merge.reef.co.ke/script.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with CRLF line terminators
Size
832 B (832 bytes)
Hash
3143e4a1018d9472497d7a0803f1441e
e768323e37397f612fd9ca43f82a87fd07756909
add4f4304448bb080562a01fd4b0233588eeb5f9ed1e001bdd5bbaad1c93e0ac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /script.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Sun, 27 Nov 2022 21:27:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 832
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/jquery-3.5.1.min.dc5e7f18c8.js

5.9.235.235

200 OK

31 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/jquery-3.5.1.min.dc5e7f18c8.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (65451)
Size
31 kB (30970 bytes)
Hash
21ab05a6dc4822c20e4f8e617d59503e
0431002ed053581f86ceeca6589f3b3fc039d1ee
d55c3c4566cd69b2af1ac0ef1f24f7d9e781bd67701c2e84a2300a8464636b34

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/jquery-3.5.1.min.dc5e7f18c8.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30970
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/webflow.css

5.9.235.235

200 OK

9.4 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/webflow.css
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (2587)
Size
9.4 kB (9350 bytes)
Hash
d143e827e4004f5af028b3c37e3748dd
7531565e84fd2011b5ca8a9b179ecdd4b65d89b6
f425ff60551250b2f1dc6a40d92d5ab84847781d370740a945b6b8f1866c4e84

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet

HTTP Headers

GET /meta/webflow.css HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 15:30:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 9350
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
02ca930aac2c76f4965e54a1ef5fc591
b8718ea1d00aea1c062a1ee5e1a5c03106b43d1d
0761a8d2d271dd8364b368426460914870f9e5564533075d3a76f7115c94d4ee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159407
Date: Sun, 29 Jan 2023 06:28:25 GMT
Etag: "63d5cc49-1d7"
Expires: Tue, 31 Jan 2023 02:45:12 GMT
Last-Modified: Sun, 29 Jan 2023 01:30:49 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: trah_xoZ7ZWWEs2Cn6VtTK6L5uiChWdzritIdWu0GypnLcuO9dwO9g==
Age: 4463

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 06:28:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

metamask.io.merge.reef.co.ke/meta/metamask-staging-2.webflow.css

5.9.235.235

200 OK

18 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/metamask-staging-2.webflow.css
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
18 kB (17590 bytes)
Hash
53ff35d49ab5d2089b65f13389233f86
cf1714af3125e0fc6b07408fa4269ab003baa162
509ea7e5aac1909a1a0b328b497e47f04cd10eaa3927e65a37cf1900bea5996f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet

HTTP Headers

GET /meta/metamask-staging-2.webflow.css HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 15:30:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 17590
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/webflow.js

5.9.235.235

200 OK

147 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/webflow.js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (50020)
Size
147 kB (147063 bytes)
Hash
8a4663ee78192e5c9506c2a338ce7723
dba17ca619195bfb7ff1a1b55d196bff2029b89f
f2892479732a4c07ecece62f4c8f12fd9ade7fab06766368a9c87f3bbe96dd59

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/webflow.js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 15:30:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 147063
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/mm-logo.svg

3.3 kB

URL
metamask.io.merge.reef.co.ke/meta/mm-logo.svg
IP
:0
ASN
#0

File type
gzip compressed data, from Unix\012- data
Size
3.3 kB (3289 bytes)
Hash
75536fc9d6e2f24b5d4a43206f59daea
d6b451451650bb4028e6e36562cf590370534324
1fec7292d135f29856c58b107c76d144f532a9a3b5d36acefa89ae4e3e990c61

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/mm-logo.svg HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.74

200 OK

301 B

URL HTTP/1.1
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
301 B (301 bytes)
Hash
7fb212f619185f162769684274cb1dfe
414b678cfcbcd25c44569e72369a8218bea8756d
d53161ae9523414449dd0f7083f66fda679084bac2cb18a92b884a43616c1fd5

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 29 Jan 2023 06:28:25 GMT
Date: Sun, 29 Jan 2023 06:28:25 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

metamask.io.merge.reef.co.ke/meta/EuclidCircularB-Regular-WebXL.woff2

5.9.235.235

200 OK

45 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/EuclidCircularB-Regular-WebXL.woff2
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/meta/metamask-staging-2.webflow.css

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: font/woff2
last-modified: Wed, 22 Dec 2021 15:30:26 GMT
accept-ranges: bytes
content-length: 45196
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/Institutional-Illustration.png

5.9.235.235

200 OK

290 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/Institutional-Illustration.png
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 876 x 1040, 8-bit/color RGBA, non-interlaced\012- data
Size
290 kB (289564 bytes)
Hash
85607339bb7e3cc70e1b7568ed4d29b2
7c6301d70e1ab599857be6e9795b94418cef6079
5bdf1ea203497adb942fa639a322195c744910ae8980d625d986ddead1f8ed37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet

HTTP Headers

GET /meta/Institutional-Illustration.png HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/meta/metamask-staging-2.webflow.css

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: image/png
last-modified: Wed, 22 Dec 2021 15:30:30 GMT
accept-ranges: bytes
content-length: 289564
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/meta/EuclidCircularB-Bold-WebXL.woff2

5.9.235.235

200 OK

44 kB

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/EuclidCircularB-Bold-WebXL.woff2
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type
Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size
44 kB (44544 bytes)
Hash
9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/meta/metamask-staging-2.webflow.css

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: font/woff2
last-modified: Wed, 22 Dec 2021 15:30:26 GMT
accept-ranges: bytes
content-length: 44544
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 06:28:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 05:49:04 GMT
age: 2361
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

216.58.207.227

200 OK

128 kB

URL HTTP/2
fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0\012- data
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://metamask.io.merge.reef.co.ke
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 12:51:13 GMT
expires: Sat, 27 Jan 2024 12:51:13 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 25 Aug 2022 00:26:06 GMT
content-type: font/woff2
age: 149832
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

200 OK

7.9 kB

URL HTTP/1.1
fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://metamask.io.merge.reef.co.ke
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 7900
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 27 Jan 2023 15:18:49 GMT
Expires: Sat, 27 Jan 2024 15:18:49 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 21 Apr 2022 17:15:19 GMT
Content-Type: font/woff2
Age: 140976

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 06:28:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

metamask.io.merge.reef.co.ke/images/webclip.png

5.9.235.235

200 OK

0 B

URL HTTP/1.1
metamask.io.merge.reef.co.ke/images/webclip.png
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet

HTTP Headers

GET /images/webclip.png HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: image/png
last-modified: Wed, 22 Dec 2021 21:03:30 GMT
accept-ranges: bytes
content-length: 0
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

metamask.io.merge.reef.co.ke/images/favicon.png

5.9.235.235

200 OK

0 B

URL HTTP/1.1
metamask.io.merge.reef.co.ke/images/favicon.png
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
openphish	Crypto/Wallet

HTTP Headers

GET /images/favicon.png HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 05 Feb 2023 06:28:25 GMT
content-type: image/png
last-modified: Wed, 22 Dec 2021 21:03:30 GMT
accept-ranges: bytes
content-length: 0
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17585
Expires: Sun, 29 Jan 2023 11:21:30 GMT
Date: Sun, 29 Jan 2023 06:28:25 GMT
Connection: keep-alive

fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

200 OK

8.4 kB

URL HTTP/1.1
fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://metamask.io.merge.reef.co.ke
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 8404
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 28 Jan 2023 12:54:20 GMT
Expires: Sun, 28 Jan 2024 12:54:20 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 21 Apr 2022 17:15:41 GMT
Content-Type: font/woff2
Age: 63245

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

216.58.211.3

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://metamask.io.merge.reef.co.ke
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 06:28:25 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.212.170.166

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.212.170.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1JUkbtC7oSVFtvBkEr9prQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LMKpG0WLQiNoJsMNCMgDV1Q9/Ng=

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19030
Expires: Sun, 29 Jan 2023 11:45:37 GMT
Date: Sun, 29 Jan 2023 06:28:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19030
Expires: Sun, 29 Jan 2023 11:45:37 GMT
Date: Sun, 29 Jan 2023 06:28:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19030
Expires: Sun, 29 Jan 2023 11:45:37 GMT
Date: Sun, 29 Jan 2023 06:28:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2627
Expires: Sun, 29 Jan 2023 07:12:14 GMT
Date: Sun, 29 Jan 2023 06:28:27 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a48d5b4-7f5e-41cd-a7b2-c3007235b59c.jpeg

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a48d5b4-7f5e-41cd-a7b2-c3007235b59c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9398 bytes)
Hash
e59316e1b1333c42d9d120fa88619bc2
669cdc8dfeba9d64f93f260adbb5f493a5649bb0
c4e78ec96322f1f151b07f9a45d51e6ca3fd46613472cf627f53bf399193a533

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a48d5b4-7f5e-41cd-a7b2-c3007235b59c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9398
x-amzn-requestid: 3b2ecbd0-b8ee-415d-9473-32cdd50de777
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: feX-4GNXIAMFuIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5a05f-7015e4eb1410a8022de024d6;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 22:23:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LX-_6oYOx0-UFWzbPAPZIaxNU4Wvvne7p6sUt8Q90kv_PASntoUcIA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 03:20:22 GMT
age: 11285
etag: "669cdc8dfeba9d64f93f260adbb5f493a5649bb0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9167 bytes)
Hash
3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 20:46:16 GMT
age: 34931
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6158 bytes)
Hash
2cbbc57c4e469baec1bda006407877cc
e988f007b1f9ec2327e7817f38cf56202096aeae
5237a8a8a7aa1fe59548582abf726fe77ad9e1fad8535bb5f88519dc6e779a86

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6158
x-amzn-requestid: f6073f30-9a9c-4674-8ca9-a43e1982ab44
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzV7FHtoAMFRGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce328c-08806a615c478d443f76119f;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:09:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 5AeWdtII3LLgHysTJsa4Kn5-SSmF0rkM0uYXZwtpBC0p60eJ_VSjBw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 15:00:59 GMT
age: 55648
etag: "e988f007b1f9ec2327e7817f38cf56202096aeae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e63fa9f-a982-4d0a-ac29-9acbfe59f503.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4202 bytes)
Hash
61dd48155b70501a72ec13f79745433d
4efc3d15f04a290a590b54122822d55a9d3fa1ca
9345056c111439b34aff08323fc99a2d315fa91293039dc5acf67affb50636d3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e63fa9f-a982-4d0a-ac29-9acbfe59f503.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4202
x-amzn-requestid: d33bee10-9642-4138-8dde-3486ec7f6535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa9ABFFvIAMFbqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d441ff-3b3a99db469e3f8c068d553c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:28:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yBrvQ9Y8bIsIJQcL3F2dZ5djdNlCPtTF6ZGpBmh6FqzZQ3phnA6JGQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:22:43 GMT
age: 3944
etag: "4efc3d15f04a290a590b54122822d55a9d3fa1ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7417 bytes)
Hash
6af6f32397882f56d14d22348e44a9f1
5a626376807e7507fa3a204c4e4e9e44aa074a37
478f32e98c0a1f0d62fa337795ca88b7927e14b684b681f7629b648bc2d709a5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7417
x-amzn-requestid: 53032353-8613-49b0-944d-3742236cf50c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYcMmFeQIAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d340b6-7fe2226327d90db014527c08;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:10:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zd8cTO2N1JO-OK3hCDwVO8naClCsg0raJLboRFle-DPSKhR_7k8-Yg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 03:16:35 GMT
age: 11512
etag: "5a626376807e7507fa3a204c4e4e9e44aa074a37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ff5857c-39d4-4978-9668-8754096c365b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8995 bytes)
Hash
17da02bed84fa533c12b4e833f54ec69
e0862b84c3b449722536d8c7d1373af6ad32b7c5
742b05f0d88b86d1890bca55d3cbbd4a746546ab969b866bc4f69f4e2bc8ae38

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ff5857c-39d4-4978-9668-8754096c365b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8995
x-amzn-requestid: 136f34c6-7348-4543-811e-4ecfd8ee8f5e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSRqKGhKoAMFjQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0c974-7e3f6da23d02323a5c8d86c9;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:17:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uHooyYgYAw370dVKj8BIZUbq9012nnwKsT6cyRAMD1yNWrc8PFuhHA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 15:59:17 GMT
age: 52150
etag: "e0862b84c3b449722536d8c7d1373af6ad32b7c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn.ethers.io/scripts/ethers-v4.min.js

54.230.111.14

200 OK

0 B

URL HTTP/2
cdn.ethers.io/scripts/ethers-v4.min.js
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /scripts/ethers-v4.min.js HTTP/1.1
Host: cdn.ethers.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
last-modified: Fri, 23 Oct 2020 03:52:54 GMT
x-amz-version-id: 1vIDD7850l9p1Juv2dxP72RhnSV02NFY
server: AmazonS3
content-encoding: gzip
date: Sun, 29 Jan 2023 06:28:25 GMT
etag: W/"0e66b864a27c5961a702e18683961608"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XiIwAIynW2VoJoExxijx8K19mzMnd3FMCgWKA9HaxycTm48gdSfAQg==
age: 12130
X-Firefox-Spdy: h2

metamask.io.merge.reef.co.ke/meta/js

5.9.235.235

200 OK

0 B

URL HTTP/1.1
metamask.io.merge.reef.co.ke/meta/js
IP
5.9.235.235:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /meta/js HTTP/1.1
Host: metamask.io.merge.reef.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/secure.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Wed, 22 Dec 2021 15:30:32 GMT
accept-ranges: bytes
content-length: 92325
date: Sun, 29 Jan 2023 06:28:25 GMT
server: LiteSpeed

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.74

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://metamask.io.merge.reef.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 06:28:25 GMT
date: Sun, 29 Jan 2023 06:28:25 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by