urlscan.io logo urlscan.io
SecurityTrails logo

metamask.com.view.extension.com.psikologicare.com Open in urlscan Pro
2001:df7:5300:2::23  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://metamask.com.view.extension.com.psikologicare.com/
Submission Tags: phishing spamreports malicious Search All
Submission: On June 18 via api from BG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2001:df7:5300:2::23, located in Indonesia and belongs to IDNIC-DENEVA-AS-ID PT Deneva, ID. The main domain is metamask.com.view.extension.com.psikologicare.com.
This is the only time metamask.com.view.extension.com.psikologicare.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

IP Address AS Autonomous System
4 2001:df7:5300... 138115 (IDNIC-DEN...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
6 3
Domain Requested by
4 metamask.com.view.extension.com.psikologicare.com metamask.com.view.extension.com.psikologicare.com
1 ajax.googleapis.com metamask.com.view.extension.com.psikologicare.com
1 stackpath.bootstrapcdn.com metamask.com.view.extension.com.psikologicare.com
6 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-05-17 -
2021-08-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://metamask.com.view.extension.com.psikologicare.com/
Frame ID: 7AA2B659E155FBE34B5F84D03B600B37
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

6
Requests

33 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

128 kB
Transfer

480 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
metamask.com.view.extension.com.psikologicare.com/ 		20 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://metamask.com.view.extension.com.psikologicare.com/
Protocol
HTTP/1.1
Server
2001:df7:5300:2::23 , Indonesia, ASN138115 (IDNIC-DENEVA-AS-ID PT Deneva, ID),
Reverse DNS
Software
domainesia /
Resource Hash
06d13f27ace5670ebf348a4aed093ff52e3de629b128cc12082a57af07a4c5aa
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
metamask.com.view.extension.com.psikologicare.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Server
domainesia
DN-Request-ID
1ec065babe8fa97ac569383e1ef58596
DN-Cache-Status
BYPASS
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer-when-downgrade
Content-Security-Policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 18 Jun 2021 06:44:02 GMT
X-Page-Speed
DN
Cache-Control
max-age=0, no-cache
Content-Encoding
gzip
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 		156 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
Requested by
Host: metamask.com.view.extension.com.psikologicare.com
URL: http://metamask.com.view.extension.com.psikologicare.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
http://metamask.com.view.extension.com.psikologicare.com
Referer
http://metamask.com.view.extension.com.psikologicare.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 18 Jun 2021 06:44:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
5906
cdn-cachedat
2021-06-08 15:14:35
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0abf75ddb500004e50ca8d5000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:09 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
cabc9b74fc8dde35e7a0cf1ab6c94de5
cf-ray
66128c0f8c0f4e50-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: metamask.com.view.extension.com.psikologicare.com
URL: http://metamask.com.view.extension.com.psikologicare.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://metamask.com.view.extension.com.psikologicare.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 18 Jun 2021 06:33:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
637
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 18 Jun 2022 06:33:28 GMT
main.css
metamask.com.view.extension.com.psikologicare.com/assets/css/ 		43 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://metamask.com.view.extension.com.psikologicare.com/assets/css/main.css
Requested by
Host: metamask.com.view.extension.com.psikologicare.com
URL: http://metamask.com.view.extension.com.psikologicare.com/
Protocol
HTTP/1.1
Server
2001:df7:5300:2::23 , Indonesia, ASN138115 (IDNIC-DENEVA-AS-ID PT Deneva, ID),
Reverse DNS
Software
domainesia /
Resource Hash
5c70630c181ca235f17e92bd9eea4a4c5b39f6c94279f9280193cf506f35a77a
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
metamask.com.view.extension.com.psikologicare.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://metamask.com.view.extension.com.psikologicare.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://metamask.com.view.extension.com.psikologicare.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Security-Policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding
gzip
ETag
W/"PSA-pdZrMbXd6x"
X-Original-Content-Length
44432
Connection
keep-alive
Content-Length
6494
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 14 Apr 2021 23:39:54 GMT
Server
domainesia
X-Frame-Options
SAMEORIGIN
Date
Fri, 18 Jun 2021 06:44:02 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
DN-Cache-Status
MISS
Cache-Control
max-age=315360000, public, s-maxage=10
Accept-Ranges
bytes
Content-Type
text/css
X-Content-Type-Options
nosniff
Expires
Thu, 31 Dec 2037 23:55:55 GMT
main.js
metamask.com.view.extension.com.psikologicare.com/assets/js/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://metamask.com.view.extension.com.psikologicare.com/assets/js/main.js
Requested by
Host: metamask.com.view.extension.com.psikologicare.com
URL: http://metamask.com.view.extension.com.psikologicare.com/
Protocol
HTTP/1.1
Server
2001:df7:5300:2::23 , Indonesia, ASN138115 (IDNIC-DENEVA-AS-ID PT Deneva, ID),
Reverse DNS
Software
domainesia /
Resource Hash
d206e33c674350d0687e13f1c4eeea293061b1ceb9171ffafc4a7343f2a77fe3
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
metamask.com.view.extension.com.psikologicare.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://metamask.com.view.extension.com.psikologicare.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://metamask.com.view.extension.com.psikologicare.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 18 Jun 2021 06:44:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 14 Apr 2021 22:30:58 GMT
Server
domainesia
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
DN-Cache-Status
BYPASS
Cache-Control
max-age=315360000, public, s-maxage=10
Content-Security-Policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Type
application/javascript; charset=utf-8
Expires
Thu, 31 Dec 2037 23:55:55 GMT
EuclidCircularB-Regular-WebXL.ttf
metamask.com.view.extension.com.psikologicare.com/assets/fonts/ 		151 KB
59 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://metamask.com.view.extension.com.psikologicare.com/assets/fonts/EuclidCircularB-Regular-WebXL.ttf
Requested by
Host: metamask.com.view.extension.com.psikologicare.com
URL: http://metamask.com.view.extension.com.psikologicare.com/assets/css/main.css
Protocol
HTTP/1.1
Server
2001:df7:5300:2::23 , Indonesia, ASN138115 (IDNIC-DENEVA-AS-ID PT Deneva, ID),
Reverse DNS
Software
domainesia /
Resource Hash
08b11e464af41dc1764715793aee5078e632b68606feb061b996f3ff8be7401c
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Origin
http://metamask.com.view.extension.com.psikologicare.com
Accept-Encoding
gzip, deflate
Host
metamask.com.view.extension.com.psikologicare.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://metamask.com.view.extension.com.psikologicare.com/assets/css/main.css
Connection
keep-alive
Cache-Control
no-cache
Origin
http://metamask.com.view.extension.com.psikologicare.com
Referer
http://metamask.com.view.extension.com.psikologicare.com/assets/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 18 Jun 2021 06:44:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 14 Apr 2021 23:30:32 GMT
Server
domainesia
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
DN-Cache-Status
BYPASS
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public, s-maxage=10
Content-Security-Policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Type
font/ttf
Expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| showBtn function| isAddress undefined| a undefined| stracc undefined| item

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block