Report - connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/

Report Overview

Visited public
2023-09-18 06:34:11
Tags
crypto phishing
URL
connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Finishing URL
connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
IP / ASN
92.87.6.114
#9050 Telekom Romania Communication S.A
Title
Auth
Phishing - Generic Crypto/Wallet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
connect-metamask-secure01c.com	unknown	unknown	No data	No data	12 kB	246 kB	92.87.6.114
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-17 18:12:14	666 B	1.4 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-09-17 21:52:08	554 B	8.7 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/	ScriptElement	1.3 kB	2024-08-21	2024-08-21
Pretty URL connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/ IP 92.87.6.114 ASN #9050 Telekom Romania Communication S.A Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 06:28 Last Seen2024-08-21 06:28 Times Seen1 Hash 9ebbabac4c5fe41039df573df55316db fa12421b78967592afc84e8048ecfb67edc0fb39 2c0de12eb41b62e870a17757fe1317c358219a7f1dca570c7497346f8e4259f0 Loading...

HTTP Transactions (23)

URL IP Response Size

connect-metamask-secure01c.com/

92.87.6.114

247 B

URL
connect-metamask-secure01c.com/
IP
92.87.6.114:0
ASN
#9050 Telekom Romania Communication S.A

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
247 B (247 bytes)
Hash
5fcd8668f12534c34f38c055512ca044
980822bd70fa011fd499632f6b34ebda6f009a25
d30bb887ef96c9d0462857515e6099a0fd67ed455d4ecabecf043c8d47b25b4b

HTTP Headers

GET / HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Mon, 18 Sep 2023 06:33:56 GMT
Server: Apache
Location: https://connect-metamask-secure01c.com/
Content-Length: 247
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

connect-metamask-secure01c.com/

92.87.6.114

250 B

URL
connect-metamask-secure01c.com/
IP
92.87.6.114:0
ASN
#9050 Telekom Romania Communication S.A

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
250 B (250 bytes)
Hash
1167d83210e75f26d74eae6c41575e94
f2d1e4e1997ebcce1e9cd66a58a15c219b091da6
43a057e90efc5aa9150b3fad7b056109f96f9df9d7fd40b39e1d819df7281a32

HTTP Headers

GET / HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-length: 250
content-type: text/html;charset=ISO-8859-1
date: Mon, 18 Sep 2023 06:33:56 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/

92.87.6.114

200 OK

5.7 kB

URL User Request GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19545)
Size
5.7 kB (5680 bytes)
Hash
aa2478d3461d509202fa50a5140048e2
c2b9eda4f6e2f39ef1d6652a984305189b0164de
ceac496205c6cea8986c70f47bba597c73acccad37be6b799805582ba95393b1

HTTP Headers

GET /ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/ HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0; path=/
vary: Accept-Encoding
content-encoding: br
content-length: 5680
content-type: text/html; charset=UTF-8
date: Mon, 18 Sep 2023 06:33:54 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/normalize.css

92.87.6.114

200 OK

2.5 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/normalize.css
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
ASCII text, with CRLF line terminators
Size
2.5 kB (2462 bytes)
Hash
519121fa4cdf6782a4c1c412564605e2
dcd9297e0c5c4a9a8ba8fb02a7d93cf85984ccd3
25194b73ec31c5fa1e315cd30fd7428f4075d725740663aea2e60d1de61288cb

HTTP Headers

GET /ses/156da5b8f/0044c30730/normalize.css HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 2462
content-type: text/css
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/css

92.87.6.114

200 OK

252 B

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/css
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
ASCII text
Size
252 B (252 bytes)
Hash
d75dbb7a19763e296b99fa0b3f42546d
8b7752a815b8325ece966de1476e4f43ee1dcdc9
8daea9a40be31e567300edc7daeb077f232cf7c32baed3aebff9ee9260b0d5a0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b/css HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 252
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308/dapp-aave.png

92.87.6.114

200 OK

14 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308/dapp-aave.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 560 x 560, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14347 bytes)
Hash
521a00d54b7fe1cb1d7712b655ca54a6
8c5aa52335bf25183781e62843ede770bf6877ba
506d6d9d5ad22253976f2906bbf141c94d19eb15466ed62b8c6cfb887bf07b55

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308/dapp-aave.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:32 GMT
accept-ranges: bytes
content-length: 14347
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7e/dapp-compound.png

92.87.6.114

200 OK

11 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7e/dapp-compound.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (11355 bytes)
Hash
3818f9cfccbd94fad91a10d3c5ee356c
7c6af849177aa8bf6ef9bcbf801dc375e1997900
20a34c84f82590d99a060210ea362878975f21cfd65c3a70c54e7fb99dce1f76

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b7e/dapp-compound.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:32 GMT
accept-ranges: bytes
content-length: 11355
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308/dapp-axieinfinity.png

92.87.6.114

200 OK

43 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308/dapp-axieinfinity.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 560 x 560, 8-bit/color RGBA, non-interlaced\012- data
Size
43 kB (42713 bytes)
Hash
5f662391fe3ddc927134ba8e15263eaf
ab5ea7aacdc8c97238247f59761abc02033b2a67
7faefc7f99e94d6251527c95794a5fdfb3e644baf25ae56f4e13afd125246421

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308/dapp-axieinfinity.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:32 GMT
accept-ranges: bytes
content-length: 42713
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/mm-logo.svg

92.87.6.114

200 OK

3.2 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/mm-logo.svg
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001), with CRLF line terminators
Size
3.2 kB (3220 bytes)
Hash
7915373f26761992664272083eef55af
7b69d64a0ff01d6b0cf0b95558349e83ee4d0698
4ad9d7c985fe9bc858d79cfe642d805da47e0fe84ea092acaab8691e20ad8670

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c30730/mm-logo.svg HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 3220
content-type: image/svg+xml
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/dapp-gitcoin.png

92.87.6.114

200 OK

8.0 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/dapp-gitcoin.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (7998 bytes)
Hash
c710e9a5c39e89136a73edf0a1c99abe
aca40362b7d87533d00250e102ba852d19e2231c
7077eb7da3a6f399014d67a1032ab6d67f099055a1a2594cb4753022b843dc43

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c30730/dapp-gitcoin.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:34 GMT
accept-ranges: bytes
content-length: 7998
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7ed/dapp-maker.png

92.87.6.114

200 OK

6.9 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7ed/dapp-maker.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
6.9 kB (6852 bytes)
Hash
720871ca002e89a10d26e5c516066311
8648fe12645cd5c3473a73faba1d42cef78de444
f0d7356ee903d26301b8960783f70c108efc0382f20c804e0d09872a5443ce96

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b7ed/dapp-maker.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:34 GMT
accept-ranges: bytes
content-length: 6852
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/webflow.css

92.87.6.114

200 OK

9.6 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/webflow.css
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
Unicode text, UTF-8 text, with very long lines (2587), with CRLF line terminators
Size
9.6 kB (9579 bytes)
Hash
37e8ff8c9e36800d288cfeb9e8a502ff
7257a2ce46a36ff69f9c0906f2d04adeb01af38d
802e8b84706da1ef1028f35f53234a1a035d9705d28692cef23aa9f861d6fda9

HTTP Headers

GET /ses/156da5b8f/0044c307308b/webflow.css HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 9579
content-type: text/css
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/metamask-staging-2.webflow.css

92.87.6.114

200 OK

16 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/metamask-staging-2.webflow.css
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
ASCII text, with CRLF line terminators
Size
16 kB (16016 bytes)
Hash
3440f7434113574d7b0ae75513306e5c
21c4dd6e65b78ba226ae4cb4c40f4423d95c4367
1567c444039f02aa86d33c0d812f33d2c5289cbea9c94a08c1d6c191f23ec99d

HTTP Headers

GET /ses/156da5b8f/0044c307308b/metamask-staging-2.webflow.css HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 05 Dec 2022 22:39:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 16016
content-type: text/css
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7ed/dapp-rarible.png

92.87.6.114

200 OK

6.8 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7ed/dapp-rarible.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 560 x 560, 8-bit/color RGBA, non-interlaced\012- data
Size
6.8 kB (6840 bytes)
Hash
b9f7c0fd11c34c044799e673947103f8
491baab057af39b2b24bf0c671d0eb05454b8c48
29db12a282df5639db8fa232831bbe9a7220884eecf79f1776f1b27237a4597c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b7ed/dapp-rarible.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:34 GMT
accept-ranges: bytes
content-length: 6840
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/dapp-uniswap.png

92.87.6.114

200 OK

10 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c30730/dapp-uniswap.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10268 bytes)
Hash
1948962ad395727d902bd6b5fcd01807
f7e85e096b084ef6d9f550afbcd702fd889031a5
ad0237265584181a6797c454ca123aa5d3df08001ae39b27bddfc66856b6751b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c30730/dapp-uniswap.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:34 GMT
accept-ranges: bytes
content-length: 10268
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7e/dapp-opensea.png

92.87.6.114

200 OK

6.5 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b7e/dapp-opensea.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
6.5 kB (6533 bytes)
Hash
f82776f839cec899c9c87a680226aabf
43f5dedb6216cb02ee568fcb66cb19fc296c3a85
c62a1f30cdb6aff5eafdfccb45383032e61bf70aa0573572a4428347a1b5b116

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b7e/dapp-opensea.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:34 GMT
accept-ranges: bytes
content-length: 6533
content-type: image/png
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/mm-logo.svg

92.87.6.114

200 OK

3.2 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/mm-logo.svg
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001), with CRLF line terminators
Size
3.2 kB (3220 bytes)
Hash
7915373f26761992664272083eef55af
7b69d64a0ff01d6b0cf0b95558349e83ee4d0698
4ad9d7c985fe9bc858d79cfe642d805da47e0fe84ea092acaab8691e20ad8670

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b/mm-logo.svg HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Dec 2022 09:37:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 3220
content-type: image/svg+xml
date: Mon, 18 Sep 2023 06:34:02 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d281fce2707e4d03af467ca854f83111
b0c50454ec97b8dd15e1a1e15a6b203be9d4b6b9
78236e6ecac2a39afdfb01ec9cd2580b5fc0482757836cf13df046a8dea9b22b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 18 Sep 2023 06:34:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://connect-metamask-secure01c.com
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 16 Sep 2023 12:33:45 GMT
expires: Sun, 15 Sep 2024 12:33:45 GMT
cache-control: public, max-age=31536000
age: 151218
last-modified: Thu, 21 Apr 2022 17:15:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d281fce2707e4d03af467ca854f83111
b0c50454ec97b8dd15e1a1e15a6b203be9d4b6b9
78236e6ecac2a39afdfb01ec9cd2580b5fc0482757836cf13df046a8dea9b22b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 18 Sep 2023 06:34:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/EuclidCircularB-Regular-WebXL.woff2

92.87.6.114

200 OK

45 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/EuclidCircularB-Regular-WebXL.woff2
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/metamask-staging-2.webflow.css
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 05 Dec 2022 22:34:56 GMT
accept-ranges: bytes
content-length: 45196
vary: Accept-Encoding
content-type: font/woff2
date: Mon, 18 Sep 2023 06:34:03 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/EuclidCircularB-Bold-WebXL.woff2

92.87.6.114

200 OK

44 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/EuclidCircularB-Bold-WebXL.woff2
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size
44 kB (44544 bytes)
Hash
9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/metamask-staging-2.webflow.css
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 05 Dec 2022 22:34:58 GMT
accept-ranges: bytes
content-length: 44544
vary: Accept-Encoding
content-type: font/woff2
date: Mon, 18 Sep 2023 06:34:03 GMT
server: Apache
X-Firefox-Spdy: h2

connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/favicon.png

92.87.6.114

200 OK

4.2 kB

URL GET HTTP/2
connect-metamask-secure01c.com/ses/156da5b8f/0044c307308b/favicon.png
IP
92.87.6.114:443
ASN
#9050 Telekom Romania Communication S.A

Requested by
https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Certificate
IssuerLet's Encrypt
Subjectconnect-metamask-secure01c.com
Fingerprint4A:C3:6D:B2:87:00:3F:7B:A5:A3:4E:47:42:9E:CA:E5:33:E6:23:2B
ValiditySat, 16 Sep 2023 14:44:40 GMT - Fri, 15 Dec 2023 14:44:39 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
4.2 kB (4210 bytes)
Hash
7688ebe09d93b68eb4a23536f7b7aefb
5b33f4a405eb2f178146d1016fbf2046c1c77866
918a76a5bebc21af888b92725ad9207b7c6886f6035d5b5115999251b58ba9e8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ses/156da5b8f/0044c307308b/favicon.png HTTP/1.1
Host: connect-metamask-secure01c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connect-metamask-secure01c.com/ses/156da5b8f/eac4?dcbf739a=ef6effbb71cfa0a97fea4b88c1ea359e/
Cookie: PHPSESSID=eaf3567e3cc7b4cb1de3234fedaaffd0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 05 Dec 2022 22:40:38 GMT
accept-ranges: bytes
content-length: 4210
content-type: image/png
date: Mon, 18 Sep 2023 06:34:03 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash