Report - www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D

Report Overview

Visited public
2023-12-11 13:35:22
Tags
crypto phishing
URL
www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Finishing URL
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
IP / ASN
104.23.129.67
#13335 CLOUDFLARENET
Title
МЕТАМАSK
Phishing - Generic Crypto/Wallet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.questionpro.com	188232	2000-06-30	2018-08-23 05:20:24	2023-12-03 07:23:10	1.6 kB	91 kB	104.23.130.67
moz-extension-kyc.ddnss.eu	unknown	unknown	2023-11-26 00:35:37	2023-12-10 05:25:39	13 kB	346 kB	8.222.178.6
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-11 05:09:28	517 B	157 kB	151.101.1.229
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-11 11:26:03	455 B	85 kB	142.250.74.138
www.questionpro.com	135391	2000-06-30	2012-08-04 22:53:21	2023-11-30 18:38:23	11 kB	579 kB	104.23.130.67

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-07	medium	moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn	Crypto/Wallet

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-12
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 07:04 Times Seen8062 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/js/script.js	ScriptElement	199 B	2023-03-10	2025-04-02
Pretty URL moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/js/script.js IP 8.222.178.6 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:11 Last Seen2025-04-02 12:18 Times Seen465 Hash c13cd45cb0fadddf8d912280d6b821df 39992c6f09ac5a26ea2bb56a1a58d0c43cb87aa2 8f9e97cd76e0b6591e9c5c6764c17114722f36eb1ad86f61ef831a87031bae3b Loading...

HTTP Transactions (42)

URL IP Response Size

www.questionpro.com/images/waiting.gif

104.23.130.67

5.6 kB

URL
www.questionpro.com/images/waiting.gif
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 25 x 25 - data
Size
5.6 kB (5571 bytes)
Hash
508c08c04ca6ac258de4cbedb7dc906d
712595af61863abb0d33366933850dcbfe5512f9
eb348899027c90610413cf25020666064be31235da9841b8ef62c8425632f109

HTTP Headers

GET /images/waiting.gif HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:57 GMT
content-type: image/gif
content-length: 5571
last-modified: Thu, 30 Nov 2023 17:16:31 GMT
etag: "6568c36f-15c3"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: private
cf-cache-status: BYPASS
set-cookie: QPSTATIC=static|ZXcQB; path=/; HttpOnly; Secure
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1ba6ea965694-OSL
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/jquery-input-mask-phone-number.js

104.23.130.67

105 kB

URL
www.questionpro.com/javascript/takesurvey/jquery-input-mask-phone-number.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (454)
Size
105 kB (105238 bytes)
Hash
89bf5dd14a86eec413a05d20cf192d83
2f929790dd218be0acd875873a9efb9bd53d9edc
e730b84ee5cdaad9b7b505a40fbbf0f46888cb186a3a1de39b2e06e75f3a2982

HTTP Headers

GET /javascript/takesurvey/jquery-input-mask-phone-number.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2897
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-b51"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6165
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1ba71b055694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/stylesheets/2016/takesurvey/fonts/fira-sans-font/va9E4kDNxMZdWfMOD5Vvl4jL.woff2

104.23.130.67

21 kB

URL
www.questionpro.com/stylesheets/2016/takesurvey/fonts/fira-sans-font/va9E4kDNxMZdWfMOD5Vvl4jL.woff2
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 21244, version 1.0 - data
Size
21 kB (21244 bytes)
Hash
78773521b0ffe376bc7edd8ec2a591fb
298df2fcb48b2e9b51e81a6e12d5529835204e29
ca0b35aa0f48d8359e7fce9feec83f90ed60c0b857cdf29784f0803b70de4e55

HTTP Headers

GET /stylesheets/2016/takesurvey/fonts/fira-sans-font/va9E4kDNxMZdWfMOD5Vvl4jL.woff2 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/stylesheets/2016/takesurvey/take-survey-fonts.css?version=95.3.1
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA; QPSTATIC=static|ZXcQB
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:59 GMT
content-type: application/octet-stream
content-length: 21244
last-modified: Thu, 30 Nov 2023 17:16:33 GMT
etag: "6568c371-52fc"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1baf2f075694-OSL
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/interactiveSurvey.js?version=95.3.1

104.23.130.67

68 kB

URL
www.questionpro.com/javascript/takesurvey/interactiveSurvey.js?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3357)
Size
68 kB (68160 bytes)
Hash
271098def2ef07a086dc0c8cf19ff09e
61ed1b34a2221341df966769081a4952ad8d78f8
73a614f77bc459dcb5446a11458103f43075059c558f25de00d02a9f0ea519fa

HTTP Headers

GET /javascript/takesurvey/interactiveSurvey.js?version=95.3.1 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=53009
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-cf11"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cf-cache-status: BYPASS
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1ba74b995694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/stylesheets/2016/takesurvey/fonts/fira-sans-font/va9B4kDNxMZdWfMOD5VnPKreRhf6.woff2

104.23.130.67

21 kB

URL
www.questionpro.com/stylesheets/2016/takesurvey/fonts/fira-sans-font/va9B4kDNxMZdWfMOD5VnPKreRhf6.woff2
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 20952, version 1.0 - data
Size
21 kB (20952 bytes)
Hash
b39aa336eef260975654fde0959de6fe
bf3a9bba96f463ead8c236ec49e61e917b31b089
abfac797fa70f1ba92ca2447c3d53a163815b874e8c1de2e8bc29cd588841cb3

HTTP Headers

GET /stylesheets/2016/takesurvey/fonts/fira-sans-font/va9B4kDNxMZdWfMOD5VnPKreRhf6.woff2 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/stylesheets/2016/takesurvey/take-survey-fonts.css?version=95.3.1
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQC; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:02 GMT
content-type: application/octet-stream
content-length: 20952
last-modified: Thu, 30 Nov 2023 17:16:33 GMT
etag: "6568c371-51d8"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc5dd565694-OSL
X-Firefox-Spdy: h2

www.questionpro.com/stylesheets/2016/takesurvey/take-survey-fonts.css?version=95.3.1

104.23.130.67

47 kB

URL
www.questionpro.com/stylesheets/2016/takesurvey/take-survey-fonts.css?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (24101), with no line terminators
Size
47 kB (47071 bytes)
Hash
8885590f6c9eb3dc87169af050de22b3
b50bcc9105401447ac6baf59f382c12006c949b0
f1288d80f3aa27b6baa56721935a231c454bed758b8141329e3351e24f0ff55f

HTTP Headers

GET /stylesheets/2016/takesurvey/take-survey-fonts.css?version=95.3.1 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQB; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=29775
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c371-744f"
last-modified: Thu, 30 Nov 2023 17:16:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc0be9e5694-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.questionpro.com/stylesheets/2021/bootstrap/3.4.1/css/bootstrap.min.css?version=95.3.1

104.23.130.67

42 kB

URL
cdn.questionpro.com/stylesheets/2021/bootstrap/3.4.1/css/bootstrap.min.css?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65369)
Size
42 kB (41607 bytes)
Hash
bbbac04cb90f77fb07ace4837963a970
3a7ed05b0c26d424582f790ba812485b43ba77cb
c28eb8900abce3c478234e62390838556d839c10b7073b2ba42bcbae20d6e2fc

HTTP Headers

GET /stylesheets/2021/bootstrap/3.4.1/css/bootstrap.min.css?version=95.3.1 HTTP/1.1
Host: cdn.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/
Cookie: siteRef=4326019; QPSTATIC=static|ZXcQB
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: text/css
last-modified: Thu, 30 Nov 2023 17:16:33 GMT
etag: W/"6568c371-1da44"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: private
cf-cache-status: BYPASS
set-cookie: QPSTATIC=static|ZXcQC; path=/; HttpOnly; Secure
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc0ae955694-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.questionpro.com/javascript/2021/2.29.4-moment/moment.min.js?version=95.3.1

104.23.130.67

20 kB

URL
cdn.questionpro.com/javascript/2021/2.29.4-moment/moment.min.js?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (58064), with no line terminators
Size
20 kB (19984 bytes)
Hash
c80207c947912a0a24c577d793c91088
aff601d1102ead4000873722c46865db0102e1a9
3abec75692735d0664a10337b1403620f8edf2b4cb4b9fc5216dea2e623b1f34

HTTP Headers

GET /javascript/2021/2.29.4-moment/moment.min.js?version=95.3.1 HTTP/1.1
Host: cdn.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/
Cookie: siteRef=4326019; QPSTATIC=static|ZXcQB
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:59 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
etag: W/"6568c370-e2d0"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bb2ac095694-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.questionpro.com/stylesheets/2021/font-awesome/4.7.0/css/font-awesome.min.css

104.23.130.67

27 kB

URL
cdn.questionpro.com/stylesheets/2021/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
27 kB (26621 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /stylesheets/2021/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdn.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/
Cookie: siteRef=4326019; QPSTATIC=static|ZXcQB
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: text/css
last-modified: Thu, 30 Nov 2023 17:16:33 GMT
etag: W/"6568c371-7918"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 3202
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc0ae965694-OSL
content-encoding: br
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b

8.222.178.6

301 Moved Permanently

162 B

URL User Request GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b
IP
8.222.178.6:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
HTML document text - HTML document text - HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 11 Dec 2023 13:35:04 GMT
content-type: text/html
content-length: 162
location: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/jquery.ui.touch-punch.min.js

104.23.130.67

37 kB

URL
www.questionpro.com/javascript/takesurvey/jquery.ui.touch-punch.min.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (1431)
Size
37 kB (37354 bytes)
Hash
1d1378528814f8e53210db8e21c4cb59
c91b1f21ea30fdb824dd396cf4bcb47330e79b14
e233f337a0e8bc7223e998e5ba5ae79d75b001e21cd15fd8b17430f0b0899dfb

HTTP Headers

GET /javascript/takesurvey/jquery.ui.touch-punch.min.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:57 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
etag: W/"6568c370-660"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cf-cache-status: BYPASS
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1ba6eaa85694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/interactiveSurvey.js?version=95.3.1

104.23.130.67

8.1 kB

URL
www.questionpro.com/javascript/takesurvey/interactiveSurvey.js?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3357)
Size
8.1 kB (8089 bytes)
Hash
271098def2ef07a086dc0c8cf19ff09e
61ed1b34a2221341df966769081a4952ad8d78f8
73a614f77bc459dcb5446a11458103f43075059c558f25de00d02a9f0ea519fa

HTTP Headers

GET /javascript/takesurvey/interactiveSurvey.js?version=95.3.1 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQB; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=53009
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-cf11"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc13f5e5694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/javascript/flowplayer.min.js

104.23.130.67

43 kB

URL
www.questionpro.com/javascript/flowplayer.min.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32009)
Size
43 kB (42819 bytes)
Hash
e6654fe944f75ed501dd796ab20eb2b5
541bd0e166e718bb2d930539ed4c389e4fd61cf7
40fbfe0601ea8a73a95f240ee0ab00f7dd47475c901fc81eb2e665c4aea74557

HTTP Headers

GET /javascript/flowplayer.min.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQB; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
etag: W/"6568c370-8b30"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6356
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc12f4e5694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/javascript/appnavigation/jquery.history.js

104.23.130.67

23 kB

URL
www.questionpro.com/javascript/appnavigation/jquery.history.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (22929), with no line terminators
Size
23 kB (23228 bytes)
Hash
29eac8abb91b5f27ba1fea8d4e1adbd1
21bb5781dc7af49ddfbe3c7dc9194dadff13ac4e
f46572aaab64b2ecadee3814654e65ee8e1f8b4952ab192f900ec941551a5750

HTTP Headers

GET /javascript/appnavigation/jquery.history.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:57 GMT
content-type: application/javascript
cf-bgj: minify
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-5991"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6097
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1ba6eaac5694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/sectionDisplayScript.js?version=95.3.1

104.23.130.67

34 kB

URL
www.questionpro.com/javascript/takesurvey/sectionDisplayScript.js?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3511)
Size
34 kB (33949 bytes)
Hash
2d0f4bd72255893353edc579d5cfd592
8a7cac385a47cb6c43e2a4c17eb1e7e3c80bd166
b77eeaddee156989378c7d2cc6bd90d545aaafe478c2d3fcd336430c03d22527

HTTP Headers

GET /javascript/takesurvey/sectionDisplayScript.js?version=95.3.1 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQB; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=223711
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-369df"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6100
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc12f3f5694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/jquery-input-mask-phone-number.js

104.23.130.67

697 B

URL
www.questionpro.com/javascript/takesurvey/jquery-input-mask-phone-number.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (454)
Size
697 B (697 bytes)
Hash
89bf5dd14a86eec413a05d20cf192d83
2f929790dd218be0acd875873a9efb9bd53d9edc
e730b84ee5cdaad9b7b505a40fbbf0f46888cb186a3a1de39b2e06e75f3a2982

HTTP Headers

GET /javascript/takesurvey/jquery-input-mask-phone-number.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQB; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2897
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-b51"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6169
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc12f515694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/javascript/flowplayer.min.js

104.23.130.67

24 kB

URL
www.questionpro.com/javascript/flowplayer.min.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32009)
Size
24 kB (23975 bytes)
Hash
e6654fe944f75ed501dd796ab20eb2b5
541bd0e166e718bb2d930539ed4c389e4fd61cf7
40fbfe0601ea8a73a95f240ee0ab00f7dd47475c901fc81eb2e665c4aea74557

HTTP Headers

GET /javascript/flowplayer.min.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:57 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
etag: W/"6568c370-8b30"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6352
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1ba71b035694-OSL
content-encoding: br
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Firefox_1Firefox.png

8.222.178.6

200 OK

10 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Firefox_1Firefox.png
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
PNG image data, 107 x 100, 8-bit/color RGBA, non-interlaced - data
Size
10 kB (10509 bytes)
Hash
715129c60a9f70f0ccbb6c4395799e95
4dfc6120523fda842c83261ddd922a9ce15a66d7
52c88349bd9d45937236e20a4c9928f8a15db9dc7418436900e667b344e079c5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Firefox_1Firefox.png HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: image/png
content-length: 10509
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-290d"
expires: Wed, 10 Jan 2024 13:35:05 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/focus-visible.js?version=95.3.1

104.23.130.67

20 kB

URL
www.questionpro.com/javascript/takesurvey/focus-visible.js?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (706)
Size
20 kB (20229 bytes)
Hash
80397bab8ac23dd66573917d47238b92
4f4df5bcfcce8ecc38f754836b0e5755680428ba
66219075250d55bd3d4f2e55d0e66d85c3635138e3e5876a4c564cae8d93c68b

HTTP Headers

GET /javascript/takesurvey/focus-visible.js?version=95.3.1 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQB; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5825
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-16c1"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc13f5c5694-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/sectionDisplayScript.js?version=95.3.1

104.23.130.67

70 kB

URL
www.questionpro.com/javascript/takesurvey/sectionDisplayScript.js?version=95.3.1
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3511)
Size
70 kB (70468 bytes)
Hash
2d0f4bd72255893353edc579d5cfd592
8a7cac385a47cb6c43e2a4c17eb1e7e3c80bd166
b77eeaddee156989378c7d2cc6bd90d545aaafe478c2d3fcd336430c03d22527

HTTP Headers

GET /javascript/takesurvey/sectionDisplayScript.js?version=95.3.1 HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=223711
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
etag: W/"6568c370-369df"
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6096
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1ba70afb5694-OSL
content-encoding: br
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Regular-WebXL.woff2

8.222.178.6

404 Not Found

146 B

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Regular-WebXL.woff2
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
HTML document text - HTML document text - HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 11 Dec 2023 13:35:06 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Bold-WebXL.woff2

8.222.178.6

404 Not Found

146 B

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Bold-WebXL.woff2
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
HTML document text - HTML document text - HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 11 Dec 2023 13:35:06 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Regular-WebXL.woff

8.222.178.6

404 Not Found

146 B

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Regular-WebXL.woff
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
HTML document text - HTML document text - HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 11 Dec 2023 13:35:06 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/jstz.min.js

104.23.130.67

4.3 kB

URL
www.questionpro.com/javascript/takesurvey/jstz.min.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12020)
Size
4.3 kB (4262 bytes)
Hash
48f703a2b72224c19334f03ba294d924
4291cd3b259d2060460c2a6ab99f428d3c0c9537
ebcb35563ab0d4a54fd83891e6e3629594237feb45e88ad023d3e329363cf273

HTTP Headers

GET /javascript/takesurvey/jstz.min.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey?tt=0qpaHa9rzUQECHrPeIW9eQ%3D%3D
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQA|ZXcQA; QPSTATIC=static|ZXcQB
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:34:58 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
etag: W/"6568c370-2f2c"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: max-age=14400
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bb16a555694-OSL
content-encoding: br
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/webclip.png

8.222.178.6

200 OK

12 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/webclip.png
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced - data
Size
12 kB (11764 bytes)
Hash
48400a28770e10dd52a8c0e539aeb282
151bcd0c431ed79f30193731de564106a5b11956
27712ebee35bae5474f124f7cbf6cb2ca60d5121e561d284c9f11a4e69efd663

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/webclip.png HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:07 GMT
content-type: image/png
content-length: 11764
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-2df4"
expires: Wed, 10 Jan 2024 13:35:07 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.questionpro.com/javascript/takesurvey/bootstrap.min.js

104.23.130.67

31 kB

URL
www.questionpro.com/javascript/takesurvey/bootstrap.min.js
IP
104.23.130.67:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (39553)
Size
31 kB (30602 bytes)
Hash
2f34b630ffe30ba2ff2b91e3f3c322a1
b16fd8226bd6bfb08e568f1b1d0a21d60247cefb
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

HTTP Headers

GET /javascript/takesurvey/bootstrap.min.js HTTP/1.1
Host: www.questionpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.questionpro.com/a/TakeSurvey
Cookie: siteRef=4326019; JSESSIONID=aaadizWlPP_gc5zx-qsXy; QPRUN=cngx2|ZXcQC|ZXcQA; QPSTATIC=static|ZXcQB; questionpro_survey=11731087=114196373
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:35:01 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 17:16:32 GMT
etag: W/"6568c370-9b00"
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
amp-access-control-allow-source-origin: *
content-security-policy-report-only: default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
cache-control: private
cf-cache-status: BYPASS
set-cookie: QPSTATIC=static|ZXcQC; path=/; HttpOnly; Secure
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e1bc11f185694-OSL
content-encoding: br
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/js/script.js

8.222.178.6

200 OK

199 B

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/js/script.js
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
ASCII text, with no line terminators
Size
199 B (199 bytes)
Hash
c73a97bde426eb3cfdaf2c7eb3382b11
be2f282a7b71a076babe7497686a283147f56503
ab81760c6892705adeb7255fd18ea101af5b730cb7d911996c33ddab087f24be

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/js/script.js HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: application/javascript
content-length: 199
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-c7"
expires: Tue, 12 Dec 2023 01:35:05 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Edge.png

8.222.178.6

200 OK

35 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Edge.png
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced - data
Size
35 kB (34658 bytes)
Hash
372e0f14122bc985fc25c9adf18e8dd1
0da9b96762170fcdca32a35630e161064d45b3f2
6643f9327bc18e8108d0bc474eee816d0807a10dc8ad3702797e8f81f23c888b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Edge.png HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: image/png
content-length: 34658
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-8762"
expires: Wed, 10 Jan 2024 13:35:05 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/normalize.css

8.222.178.6

200 OK

7.8 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/normalize.css
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
ASCII text, with very long lines (8193), with no line terminators
Size
7.8 kB (7815 bytes)
Hash
bb3ad69396b798677f7f296c8db74c4f
cf6b99d3a58e080d48f8fdb069c27efde0412ec1
1d659700a9d3accb4f62f59010869925d3bfba32f3a8ccfd6fc65e1cc53f0e91

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/normalize.css HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: text/css
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
vary: Accept-Encoding
etag: W/"65771008-1e87"
expires: Tue, 12 Dec 2023 01:35:05 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

151.101.1.229

200 OK

156 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type

Size
156 kB (155845 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://moz-extension-kyc.ddnss.eu
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Mon, 11 Dec 2023 13:35:05 GMT
age: 15824947
x-served-by: cache-fra-eddf8230097-FRA, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/mm-logo.svg

8.222.178.6

200 OK

12 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/mm-logo.svg
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
SVG Scalable Vector Graphics image - , ASCII text, with very long lines (1001)
Size
12 kB (12019 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/mm-logo.svg HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: image/svg+xml
content-length: 12019
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-2ef3"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/

8.222.178.6

200 OK

31 kB

URL User Request GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
IP
8.222.178.6:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type

Size
31 kB (30566 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/ HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/favicon.png

8.222.178.6

200 OK

1.5 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/favicon.png
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced - data
Size
1.5 kB (1532 bytes)
Hash
b7919ea38a8beed9b4763858c4f7412b
1aa57bcd7ca8a0c3352923c9ee06c472f23d5b63
214080adac9969108cb602cb68617e332db1288e95e18c29c10f9396c6d3744c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/favicon.png HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:07 GMT
content-type: image/png
content-length: 1532
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-5fc"
expires: Wed, 10 Jan 2024 13:35:07 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Bold-WebXL.woff

8.222.178.6

404 Not Found

146 B

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Bold-WebXL.woff
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
HTML document text - HTML document text - HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Mon, 11 Dec 2023 13:35:06 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Brave.png

8.222.178.6

200 OK

19 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Brave.png
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced - data
Size
19 kB (19073 bytes)
Hash
fbe69790d36bf636e87e83f5413218a7
709f392de11c5f48cbbbefa95d0a6cb56e2592db
cd70b79d81f32aa721dedf46ea682f1f0c1808d2ffe09da63730b2a01380c214

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/Brave.png HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: image/png
content-length: 19073
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-4a81"
expires: Wed, 10 Jan 2024 13:35:05 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/style.css

8.222.178.6

200 OK

423 B

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/style.css
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
ASCII text, with very long lines (446), with no line terminators
Size
423 B (423 bytes)
Hash
6062288fd8ee6ab2e8fc781c38e227c4
adc9b483f10454ccca0f95600af10bf62978d6d6
036b7b82d8a5d911a375a6770cf03fad30ab522955ef418afd45535da787e055

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/style.css HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: text/css
content-length: 423
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-1a7"
expires: Tue, 12 Dec 2023 01:35:05 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn

8.222.178.6

301 Moved Permanently

31 kB

URL User Request GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn
IP
8.222.178.6:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type

Size
31 kB (30566 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 11 Dec 2023 13:35:03 GMT
content-type: text/html
content-length: 162
location: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/

8.222.178.6

302 Found

31 kB

URL User Request GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/
IP
8.222.178.6:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type

Size
31 kB (30566 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/ HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 11 Dec 2023 13:35:04 GMT
content-type: text/html; charset=UTF-8
location: 6429b
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/metamask-staging-2.webflow.css

8.222.178.6

200 OK

107 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/metamask-staging-2.webflow.css
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
ASCII text
Size
107 kB (106930 bytes)
Hash
89f6a14f29d16d37b72ad7b8d9824841
7d0aa327576702f0d2a81dae560fe5d1b01dc31b
f0be991998b5b13faf449e2cb52086b98013da518d6ee76dd5665be00bfb52f1

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/metamask-staging-2.webflow.css HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: text/css
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
vary: Accept-Encoding
etag: W/"65771008-1a1b2"
expires: Tue, 12 Dec 2023 01:35:05 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.138

200 OK

84 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (32061)
Size
84 kB (84245 bytes)
Hash
e40ec2161fe7993196f23c8a07346306
afb90752e0a90c24b7f724faca86c5f3d15d1178
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:00:58 GMT
expires: Fri, 06 Dec 2024 16:00:58 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 336847
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/webflow.css

8.222.178.6

200 OK

39 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/webflow.css
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type

Size
39 kB (39045 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/css/webflow.css HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: text/css
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
vary: Accept-Encoding
etag: W/"65771008-9885"
expires: Tue, 12 Dec 2023 01:35:05 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/chrome_1chrome.png

8.222.178.6

200 OK

3.9 kB

URL GET HTTP/2
moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/chrome_1chrome.png
IP
8.222.178.6:443
ASN
#0

Requested by
https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Certificate
IssuerLet's Encrypt
Subjectmoz-extension-kyc.ddnss.eu
Fingerprint80:D8:36:D2:C5:7C:19:26:DB:2A:15:77:4F:2C:73:2A:40:F6:BD:94
ValiditySat, 25 Nov 2023 22:42:44 GMT - Fri, 23 Feb 2024 22:42:43 GMT

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced - data
Size
3.9 kB (3890 bytes)
Hash
162fd1e613c0f3a992365a980a4fd6cc
3401907394d4810392719d9696ce0088a8847618
90af37bb98146aba902ae19d013dc16ead7ea6f5050f339a5728eaf2a068c7ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/images/chrome_1chrome.png HTTP/1.1
Host: moz-extension-kyc.ddnss.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://moz-extension-kyc.ddnss.eu/fbeogaeaoehlefnkodbefgpgknndsqdqs/aeaoehlefnko/befgpgknn/6429b/
Cookie: PHPSESSID=m7oq9ru0umcnfai93ta6nol91q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:35:05 GMT
content-type: image/png
content-length: 3890
last-modified: Mon, 11 Dec 2023 13:35:04 GMT
etag: "65771008-f32"
expires: Wed, 10 Jan 2024 13:35:05 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN