kyc.extension-app.net Open in urlscan Pro
65.108.212.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kyc.extension-app.net/
Submission: On May 10 via api (May 10th 2024, 12:09:00 am UTC) from US — Scanned from FI

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 65.108.212.65, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is kyc.extension-app.net.
TLS certificate: Issued by R3 on May 9th 2024. Valid for: 3 months.

This is the only time kyc.extension-app.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

	IP Address	AS Autonomous System
11	65.108.212.65 65.108.212.65	24940 (HETZNER-AS) (HETZNER-AS)
4	151.101.1.229 151.101.1.229	54113 (FASTLY) (FASTLY)
15	2

11 65.108.212.65 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.65.212.108.65.clients.your-server.de

kyc.extension-app.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.1.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	extension-app.net kyc.extension-app.net	113 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 310	40 KB
15	2

	Domain	Requested by
11	kyc.extension-app.net	kyc.extension-app.net
4	cdn.jsdelivr.net	kyc.extension-app.net cdn.jsdelivr.net
15	2

This site contains no links.

Subject Issuer	Validity	Valid
kyc.extension-app.net R3	`2024-05-09` - `2024-08-07`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://kyc.extension-app.net/
Frame ID: F9F642188C8A3402CECA16A0C9D128B8
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MetaMask

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

153 kB
Transfer

472 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
kyc.extension-app.net/ 5 KB
2 KB 1282ms
797ms Document
text/html 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: b6b2b3c56ec22aaf95e0bc7d5f7b6abbd4aaeafe62587f01c20a218d15f5d2d9

Request headers

Accept-Language: fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-length: 1988
content-type: text/html; charset=UTF-8
date: Fri, 10 May 2024 00:08:53 GMT
referrer-policy: no-referrer
server: Apache
vary: Accept-Encoding

GET
H2 200 get.css
cdn.jsdelivr.net/gh/smolix01/ksamatek@main/ 3 KB
1 KB 1857ms
602ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/smolix01/ksamatek@main/get.css

Requested by

Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b535659a8bf04f61ae6f33aedc4dc56c2052a2ab9a0e2b3418b94e98ccdc1433

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 10 May 2024 00:08:55 GMT
x-content-type-options: nosniff
content-encoding: br
age: 42919
x-jsd-version: main
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1101
x-served-by: cache-fra-eddf8230032-FRA, cache-hel1410023-HEL
x-jsd-version-type: branch
etag: W/"d0a-ZNySe2q2VU5+xaQhCPHPqZjkUfE"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 index.css
cdn.jsdelivr.net/gh/smolix01/ksamatek@main/ 37 KB
4 KB 1857ms
603ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/smolix01/ksamatek@main/index.css

Requested by

Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c7cf5c9f16a7d76df316be68735cd2abd650980ee3ee338dfab76c14ea2c65b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 10 May 2024 00:08:55 GMT
x-content-type-options: nosniff
content-encoding: br
age: 42919
x-jsd-version: main
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3977
x-served-by: cache-fra-eddf8230052-FRA, cache-hel1410023-HEL
x-jsd-version-type: branch
etag: W/"9413-ZHdcXUuAam9SKM4DcJbK1F6bJjo"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 zankok.css
kyc.extension-app.net/css/ 8 KB
3 KB 213ms
211ms Stylesheet
text/css 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kyc.extension-app.net/css/zankok.css
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: 7df418d6a3da6735ada9ce5b0085e1e1cdec04e14f6c9df843d2579d98ad35f6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:54 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "1fd0-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 2664

GET
H2 200 dmex.css
kyc.extension-app.net/css/ 4 KB
1 KB 262ms
261ms Stylesheet
text/css 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kyc.extension-app.net/css/dmex.css
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: b1e20c5588f6f64ca4d87648b877f1cd16a8f38b93d8c36ebb5a8ce4f54f14e2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:54 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "fab-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1084

GET
H2 200 amine.css
kyc.extension-app.net/css/ 8 KB
2 KB 282ms
280ms Stylesheet
text/css 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kyc.extension-app.net/css/amine.css
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: 31af39683579608126fc0d437499278791f4b279a7acdc13a14e1c2f6311c958

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:54 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "1ea3-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1961

GET
H2 200 eth_logo.svg
kyc.extension-app.net/images/ 156 KB
98 KB 862ms
861ms Image
image/svg+xml 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kyc.extension-app.net/images/eth_logo.svg
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: f2e9f044b1f4215acc67611f04c3a6ee3a7bc863a9e9303a006be02202a48f19

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:54 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "270a0-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes

GET
H2 200 linea-logo-mainnet.svg
kyc.extension-app.net/images/ 684 B
434 B 260ms
260ms Image
image/svg+xml 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kyc.extension-app.net/images/linea-logo-mainnet.svg
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: f6562b7726d55e7211f83a28453b0eb079b581cbfe3a97de148201d77441f073

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:54 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "2ac-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 368

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/ 227 KB
35 KB 1503ms
512ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css

Requested by

Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7f1d37f0d90b6385354c2ac10e2bb91563c46bd7a266ed351222ebcac8496c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 10 May 2024 00:08:55 GMT
x-content-type-options: nosniff
content-encoding: br
age: 19611157
x-jsd-version: 5.3.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 34860
x-served-by: cache-fra-eddf8230088-FRA, cache-hel1410023-HEL
x-jsd-version-type: version
etag: W/"38dd2-sjFlHg/Wi72HWBifvTZCxGLTT6Y"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 style.css
kyc.extension-app.net/css/ 4 KB
1 KB 191ms
190ms Stylesheet
text/css 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kyc.extension-app.net/css/style.css
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: 19980a48354051442f3dcc0ab45f57c8024bfc55f0ad596551f0c8072056be5f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:55 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "1086-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1184

GET
H2 200 spinner.svg
kyc.extension-app.net/images/ 7 KB
697 B 389ms
383ms Image
image/svg+xml 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kyc.extension-app.net/images/spinner.svg
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: 20280204cadc493195304b7ddd100909ce2a4ef702652658b03033b20424432d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:55 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "1afb-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 642

GET
H2 200 script.js Show response
kyc.extension-app.net/css/ 2 KB
770 B 347ms
345ms Script
application/javascript 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kyc.extension-app.net/css/script.js
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: cbec0db65361fc4b300e5c47d3d10a871ecf7d4ababb1fc33d2e848694bd82c9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:55 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "7cf-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 699

GET
H2 200 black.svg
kyc.extension-app.net/images/ 8 KB
2 KB 247ms
246ms Image
image/svg+xml 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kyc.extension-app.net/images/black.svg
Requested by: Host: kyc.extension-app.net
URL: https://kyc.extension-app.net/css/amine.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: 34e80b7f6521ad8bd5dcf18210b3edbc92057886511e591d1336c02aadf3cd84

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kyc.extension-app.net/css/amine.css
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:56 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "20a5-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2342

GET
H2 404 EuclidCircularB-Regular-WebXL.ttf
cdn.jsdelivr.net/gh/smolix01/ksamatek@main/fonts/Euclid/ 0
0 1994ms
724ms Font
text/plain 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/smolix01/ksamatek@main/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/smolix01/ksamatek@main/index.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cdn.jsdelivr.net/gh/smolix01/ksamatek@main/index.css
Origin: https://kyc.extension-app.net
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Fri, 10 May 2024 00:08:57 GMT
age: 0
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 87
x-served-by: cache-fra-eddf8230058-FRA, cache-hel1410028-HEL
etag: W/"66-YMzTYUcTCf6Vc08+yDZzYa9KaoI"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=60, s-maxage=60
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 favicon.ico
kyc.extension-app.net/images/ 1 KB
2 KB 279ms
279ms Other
image/x-icon 65.108.212.65
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kyc.extension-app.net/images/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.108.212.65 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.65.212.108.65.clients.your-server.de
Software: Apache /
Resource Hash: 214080adac9969108cb602cb68617e332db1288e95e18c29c10f9396c6d3744c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 00:08:58 GMT
content-encoding: gzip
last-modified: Wed, 08 May 2024 17:02:20 GMT
server: Apache
etag: "5fc-617f443f73f00-gzip"
vary: Accept-Encoding
content-type: image/x-icon
accept-ranges: bytes
content-length: 1555

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| placeholder object| customSelect object| dropdown

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kyc.extension-app.net/	1970-01-21 05:13:55	Name: visitor_id Value: 663d6595aa46d
			kyc.extension-app.net/	1970-01-20 20:28:21	Name: visited Value: KGfqpAD73NI%2B1TMO0ZKQaA%3D%3D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.jsdelivr.net/gh/smolix01/ksamatek@main/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
kyc.extension-app.net
151.101.1.229
65.108.212.65
19980a48354051442f3dcc0ab45f57c8024bfc55f0ad596551f0c8072056be5f
20280204cadc493195304b7ddd100909ce2a4ef702652658b03033b20424432d
214080adac9969108cb602cb68617e332db1288e95e18c29c10f9396c6d3744c
31af39683579608126fc0d437499278791f4b279a7acdc13a14e1c2f6311c958
34e80b7f6521ad8bd5dcf18210b3edbc92057886511e591d1336c02aadf3cd84
7df418d6a3da6735ada9ce5b0085e1e1cdec04e14f6c9df843d2579d98ad35f6
7f1d37f0d90b6385354c2ac10e2bb91563c46bd7a266ed351222ebcac8496c2a
b1e20c5588f6f64ca4d87648b877f1cd16a8f38b93d8c36ebb5a8ce4f54f14e2
b535659a8bf04f61ae6f33aedc4dc56c2052a2ab9a0e2b3418b94e98ccdc1433
b6b2b3c56ec22aaf95e0bc7d5f7b6abbd4aaeafe62587f01c20a218d15f5d2d9
c7cf5c9f16a7d76df316be68735cd2abd650980ee3ee338dfab76c14ea2c65b6
cbec0db65361fc4b300e5c47d3d10a871ecf7d4ababb1fc33d2e848694bd82c9
f2e9f044b1f4215acc67611f04c3a6ee3a7bc863a9e9303a006be02202a48f19
f6562b7726d55e7211f83a28453b0eb079b581cbfe3a97de148201d77441f073

kyc.extension-app.net Open in urlscan Pro 65.108.212.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

153 kBTransfer

472 kBSize

2 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

kyc.extension-app.net Open in urlscan Pro
65.108.212.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

153 kB
Transfer

472 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!