finance.browzerexttention.com Open in urlscan Pro
2606:4700:3031::6815:5302 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Submission: On May 11 via api (May 11th 2024, 8:17:11 am UTC) from US — Scanned from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3031::6815:5302, located in United States and belongs to CLOUDFLARENET, US. The main domain is finance.browzerexttention.com.
TLS certificate: Issued by GTS CA 1P5 on April 20th 2024. Valid for: 3 months.

This is the only time finance.browzerexttention.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

	IP Address		AS Autonomous System
1 13	2606:4700:303... 2606:4700:3031::6815:5302		13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	1

13 2606:4700:3031::6815:5302 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

finance.browzerexttention.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	browzerexttention.com 1 redirects finance.browzerexttention.com	234 KB
12	1

	Domain	Requested by
13	finance.browzerexttention.com	1 redirects finance.browzerexttention.com
12	1

This site contains no links.

Subject Issuer	Validity	Valid
browzerexttention.com GTS CA 1P5	`2024-04-20` - `2024-07-19`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Frame ID: 61AA6F0FC622B90062387089DDDCDDC5
Requests: 10 HTTP requests in this frame

Frame: https://finance.browzerexttention.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
Frame ID: C8E399A4A86BB7C0B6B9E1C9164B3C17
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MetaMask

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

233 kB
Transfer

2766 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://finance.browzerexttention.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://finance.browzerexttention.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request import-with-recovery-phrase Show response
finance.browzerexttention.com/7328-121/finance/8123-1/ 36 KB
6 KB 1427ms
1387ms Document
text/html 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 6830b2893606d8c8412c0d67f9e5e33145e8694a605a4baf1d07a536e8b621ef

Request headers

Accept-Language: en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8820bb026d1443f2-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 11 May 2024 08:17:05 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L7uffLR7z4H9iaUl1hlRdMK8sioXw1czu10O950dNDrutYFMOwFQD20XNxo%2Bi2UllpudM4wWut%2Fk16yX9OymzEQUYygnj9J1imtev%2FaTeOyzTpde3y7fEGQEIJe8QMPf%2FDaDcxYg%2F6hcWOSVd6rs5qs5nsgra4Ubl%2FHvPw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 index.css
finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/ 1 MB
92 KB 355ms
351ms Stylesheet
text/css 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index.css
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d24be855db71aa21b927bdeb120ee281e6e7eaf1b95e5fadb3015d3cf4215eb1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 26 May 2023 22:58:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"56c5fc-147907-5fca0ad6b2380-br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZBV%2FcttNrncwMVMAJWQO4FT10TFuSs9AOb5dAJB5nX5o451BIXvtG6nQJvmhr2MZP3KVVaR%2BU4r57vponx3A7CDDxRaUXQOYylJdbto04iq0nMp5F2YctnNpmBSeIcuKIOuOnbPhS8gURP5JcQI2acOkAflrGLos%2BZJew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8820bb0b292b43f2-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-rtl.css
finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/ 1 MB
92 KB 339ms
337ms Stylesheet
text/css 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index-rtl.css
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86e8e2a4aece56c3eb03e621c4d19350c7e99c7cdb7231ec603fb810cf417f42

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 26 May 2023 22:58:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"56c5fd-1477d0-5fca0ad6b2380-br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B8kmRuGcT45H49YA4K%2B%2FMzmJI8Xnm%2Be2muI%2BR%2BwyfSgcDAZnk6vuhdT8W4ZH%2B3CvQLi9GA5ppIX9TaZiVesCUIQEr08%2Bd0wokLgj3H3o4Vw4mSx9eh78gmoLTSVXtqdxk76V8cjR85UGYBRyoYlF%2FrSMHQHIj4wDEQj2cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8820bb0b292d43f2-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 metamask-fox.svg
finance.browzerexttention.com/7328-121/finance/8123-1/images/logo/ 3 KB
2 KB 248ms
247ms Image
image/svg+xml 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/images/logo/metamask-fox.svg
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b855851451c3eb7220bc7331d6cf7f19dad4580ebc35610211f028848ba7fc34

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 26 May 2023 22:58:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"589634-c9f-5fca0ad89a800-br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AUEnbcVCxPSyK2d0KWz8UaPi0hDaFRs8muAQy%2B4moILhFX9PlMXn%2BUFPl8%2BnsQOPDk4NkEvIoLT5t%2BWrMr8VyTFPKyrCohPqM2Acr4lIlO4F0b%2FLCBBNLnbHM9szNuGHURoPHx%2BAyaFKMeXEdlmlPo5ZAHHWXnOBnf1VJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 8820bb0b292e43f2-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.js Show response
finance.browzerexttention.com/7328-121/finance/8123-1/assets/js/ 9 KB
2 KB 261ms
260ms Script
text/javascript 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/js/main.js
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d13203023b573c0abc8968a2698fb2fb7f4af68654a557c70a97119185fa278

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 26 May 2023 22:58:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"56c5ff-2216-5fca0ad6b2380-br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0rFMysdSyu1LTjmBPqvhskbwT93TnwsWsfDGr4q7uMfn2mc7ke7plPr%2F6VMv%2FX2Y8oYwyNIqvDGkox%2BWxrcnpVfv5%2Bg4Chx9HzxUEXBHqbslWl6jg4eMM93lUxsXRVpIMNF52E%2B8ZiFBGtmumnfFwYX19LP45Vs2ka84Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 8820bb0b292f43f2-EWR
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.js Show response
finance.browzerexttention.com/7328-121/finance/8123-1/assets/js/ 88 KB
32 KB 264ms
263ms Script
text/javascript 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/js/jquery.js
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1d34fbc46d54711adf3910880f4870c5fbff2ee7b24fd2f6dff4bb0cb2ce0ad

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 26 May 2023 22:58:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"56c5fe-160e6-5fca0ad6b2380-br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PMn%2BN5B1SUEnd6OkTePYqotXUhlM4OpXV7VMYT5SPSgC4DRiXBqjONUH%2FgXJG77tL4WhOFDEUx1Ysf8nIX8MEMxIh4CmhzLaYlGdanwOlP9wxzZRk%2FAWsoOXQ22TSn5%2FV2mgcmuJwpsRhfl1xi6xN%2FONQpIHjPOc1gqh%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 8820bb0b6da0c33e-EWR
alt-svc: h3=":443"; ma=86400

GET
H3 404 carousel.min.css
finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/react-gallery/ 0
0 262ms
262ms Stylesheet
text/html 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/react-gallery/carousel.min.css
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index-rtl.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index-rtl.css
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lX720F5CCpJ5PdS2Q4EjtME7i%2BQzk8nv343Te0vGIBxV6l%2BVjeLEoWPSD91CjQbid3bx61oFuA0Nrs66qNrItW1RxGYHic8YNfLuvjZKCHvkZ%2BPOT35KV%2BbAD6XK2J14AAE0D35YZAoJERuy1bWaR07LrJ1gY9quRPuwyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8820bb0d6e85c33e-EWR
alt-svc: h3=":443"; ma=86400

GET
H3 404 EuclidCircularB-Regular-WebXL.ttf
finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/fonts/Euclid/ 0
0 268ms
268ms Font
text/html 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index.css
Origin: https://finance.browzerexttention.com
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgENLp5KBRv7WP6LiHJKAPMbw3DGARVmANC%2Bum%2F7VWJgPybMgxas8yHS2abuuxWvOCvPgamMYO6PHTiEQXzg%2B53QZdv9a4XHET7YT0gJSiVzgyc0Bm5UmSEPyBB%2BL%2FZjvsRNOaTo%2F7C8O1Mq%2F37R1J%2FLeI2h9irf6kl3vA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8820bb0fff6cc33e-EWR
alt-svc: h3=":443"; ma=86400

GET
H3 404 EuclidCircularB-Bold-WebXL.ttf
finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/fonts/Euclid/ 0
0 269ms
269ms Font
text/html 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/fonts/Euclid/EuclidCircularB-Bold-WebXL.ttf
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/index.css
Origin: https://finance.browzerexttention.com
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Gax%2FSeOhgP09ntwu8%2B8%2BOuo%2FKVwuIqX921LHHQ12XlcZ%2BrYm1D%2FhszvWn9GZQ1QokKqSw18mrlOjXoC6SxSeScONLiaQFPr5uzrWsu4N08YX%2F3pXnitKOKFTxEYuNZrLuIcIJwE%2FhA2PFWob7TKc8NUs3%2BHK9aGDkXT7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8820bb0fff6ec33e-EWR
alt-svc: h3=":443"; ma=86400

GET
H3

200

main.js Show response
finance.browzerexttention.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/ Frame C8E3
Redirect Chain

https://finance.browzerexttention.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://finance.browzerexttention.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

8 KB
4 KB

23ms
22ms

Script
application/javascript

2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://finance.browzerexttention.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

Requested by

Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase

Protocol

Server

2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fa6327f898961e0e03f95abd02d83880cdc8d02865274b28cfa5a42ee589403

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=chHsaN3jaMx98jtal4I5dzDxy8LUo418qwgpCIEhYzjiiB5oh1%2Fivn2xld2ogxYITs%2BUm9AI80hDUpgiCf6EGhS4mDa%2FK8shPMux8Pu6LKsRivNMygKRsq6EWLL3JgtLtKsrjZkMijlg64i4jqg12Pq4bj9nhS9Mv0dDWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8820bb104f97c33e-EWR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 11 May 2024 08:17:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cKWfVNLECtN5GsXnFocy%2BVi4eqEK2EGhy7FwELpZMLHrNR12BwAv3mz46frYLLrMj3OsaQlFun97bcTQtskhegyS3vYb26iojOs4%2F8VvEPZwvJwTtaeBn4bPfp69ZYjYECkxLIG9tdyIIL%2FW2KGQZIpYWXjIaPOj1Sd68Q%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 8820bb102f82c33e-EWR
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 200 8820bb026d1443f2 Show response
finance.browzerexttention.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame C8E3 0
629 B 28ms
26ms XHR
text/plain 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/cdn-cgi/challenge-platform/h/g/jsd/r/8820bb026d1443f2
Requested by: Host: finance.browzerexttention.com
URL: https://finance.browzerexttention.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 11 May 2024 08:17:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HKE0t0zCv0C0rf8%2BEfNQCfH6Hf7JNFVMzwhyV4jNXvmvpEidQQAM8tUsp3IVEtLxAThj8q1BUp7FFsPnf%2BpPpcI4akF1%2FitTThHj%2Bzoc1VJLQ400TEtKlWqGx5hWFUilL8oqMC7DH4N8q1Sfgp5qZsaTJMTN2yijxNzJXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8820bb11b83ec33e-EWR
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 icon-48.png
finance.browzerexttention.com/7328-121/finance/8123-1/images/ 2 KB
3 KB 256ms
256ms Other
image/png 2606:4700:3031::6815:5302
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/images/icon-48.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:5302 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54cc207029d9b884192a011b5c4e530508e280823c3e445c2c57fcdf59e0e059

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://finance.browzerexttention.com/7328-121/finance/8123-1/import-with-recovery-phrase
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:17:07 GMT
cf-cache-status: MISS
last-modified: Fri, 26 May 2023 22:58:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "5895b2-96d-5fca0ad6b2380"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OA%2FiYZX1xDOsQ90OaZf%2F60T3OUVuOnpY75hL7zkxWJVtMJUENIE8kRQiX2fQmU9azHK8YtQhlhNB4HOF7Fx3CFZhwVajCTLcAzyM4HRYvHoQxxqEugzVOqMRTmSEjPRqLYDLkAanjgRX0Kiv6hvbl9SrJ6IbujmiC%2F1SgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8820bb11c849c33e-EWR
alt-svc: h3=":443"; ma=86400
content-length: 2413

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			finance.browzerexttention.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9467e996b7d967239d05c2e1819b858e
			.browzerexttention.com/	1970-01-21 05:15:51	Name: cf_clearance Value: bRXmHuHLXEGz9y4HK5XrCiMs_J0ooZPcdFWAE6OiOB0-1715415426-1.0.1.1-Ss.vQG0wqgE7oAxLx7oOsqoMnTKvctKVHMNXWckmGmveM.7ISXIGbBtMH.pQ_ecTwQe_AI2aLscPExXTmuNfNQ

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/react-gallery/carousel.min.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/fonts/Euclid/EuclidCircularB-Regular-WebXL.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://finance.browzerexttention.com/7328-121/finance/8123-1/assets/css/fonts/Euclid/EuclidCircularB-Bold-WebXL.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

finance.browzerexttention.com
2606:4700:3031::6815:5302
1d13203023b573c0abc8968a2698fb2fb7f4af68654a557c70a97119185fa278
54cc207029d9b884192a011b5c4e530508e280823c3e445c2c57fcdf59e0e059
6830b2893606d8c8412c0d67f9e5e33145e8694a605a4baf1d07a536e8b621ef
6fa6327f898961e0e03f95abd02d83880cdc8d02865274b28cfa5a42ee589403
86e8e2a4aece56c3eb03e621c4d19350c7e99c7cdb7231ec603fb810cf417f42
b855851451c3eb7220bc7331d6cf7f19dad4580ebc35610211f028848ba7fc34
d1d34fbc46d54711adf3910880f4870c5fbff2ee7b24fd2f6dff4bb0cb2ce0ad
d24be855db71aa21b927bdeb120ee281e6e7eaf1b95e5fadb3015d3cf4215eb1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

finance.browzerexttention.com Open in urlscan Pro 2606:4700:3031::6815:5302 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

233 kBTransfer

2766 kBSize

2 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

3 Console Messages

Indicators

finance.browzerexttention.com Open in urlscan Pro
2606:4700:3031::6815:5302 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

233 kB
Transfer

2766 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!