{"report_id":"00c527fd-4950-4a13-ad31-db31de9dcbea","version":6,"status":"done","tags":[],"date":"2026-04-06T12:34:02Z","url":{"schema":"http","addr":"metamask.web3-1.top","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":0,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"final":{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"title":"Metamask","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"metamask.web3-1.top","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":0,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-11T12:34:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"metamask.web3-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-05T22:33:08.106483Z","alert_count":0,"request_count":1,"received_data":306560,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-05T22:16:34.770209Z","alert_count":0,"request_count":1,"received_data":29247,"sent_data":541,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-05T22:20:18.514512Z","alert_count":0,"request_count":1,"received_data":1830,"sent_data":471,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"metamask.web3-1.top","ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"domain_registered":"2026-04-01","domain_rank":0,"first_seen":"2026-04-06T12:34:03.812716Z","last_seen":"2026-04-06T12:34:03.812716Z","alert_count":6,"request_count":6,"received_data":1446435,"sent_data":2686,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"80c2f6487b7784f807a440b1be7772ef","sha1":"0ad5dcd8a19ee001fdb3b1664254692ae6b1ee82","sha256":"51996ecac415f93ea9502b7a33dac90af265a91a8f5b72cc30b9858ce7545add","sha512":"7860f38709fc140d71d3ff8082acbdef628e95e6a49bbe2fc9205d2b43cb0021541efb05012a2db8395ce3fcbde0fb158b1ad3f2321200df006dff1230d938dc","ssdeep":"","tlshash":"26b01230101c8738059dc84cb0b06b803b30824172011021943cc80d53f1fd14130dce","size":94,"data":"","first_seen":"2026-04-06T12:34:09.168761Z","last_seen":"2026-04-06T12:35:41.139764Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"ca1df0742d1d7a7315a059bab78b9b14","sha1":"b5425c25ec60bb383ae02cc5dac00c7faba51b95","sha256":"0bf76436724af4bde5b530d5ca27b8b8b143463bfb47a510b715adc735e9bfd7","sha512":"9218e616be684bc59c9380a817820508372b286d257be65d120e8abfd5d873027308793a23557ad3f6a1990e2ddd876a0d1715c8e972319ba99616866b55bfa8","ssdeep":"","tlshash":"5d01dd29ede35292a8e7249a76ba3128656680333521e0013cdd9b9c9f85d01435bde9","size":701,"data":"","first_seen":"2026-04-06T12:34:09.170673Z","last_seen":"2026-04-06T12:35:41.142258Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"1dc42d97d2601fddb27f2db67af9d4e4","sha1":"9d79b2038424cb2e3360165f74d1e8a3dda123a8","sha256":"1f7962c675893698abfc69ba4d21704b731c7789a797bfa3e7ad33383ebcb6ce","sha512":"41fd547eeb8a174e0a3023a5743c785dfb5e5acd58e62cd78f94336b606a918e938bbcb1ceb747c0bfe3a0a3d96278d70bd728732b6636cbfcb06b88dd9c0620","ssdeep":"192:swHk93lhDvpx8JhXtT3QKWc/8vzj3P5b7HJE/DdT+Z5HoUdMJr7YHoCO3aQlbR7n:UNk2r7vltiejuB","tlshash":"14125208c4992e2556c1530ad2f69696282b8203ad42f4b8b39fe5151f5dacfc2f72fc","size":9833,"data":"","first_seen":"2026-04-06T12:34:09.172176Z","last_seen":"2026-04-06T12:35:41.144032Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"75cb3b88982040d3eaf014c28ce4cab5","sha1":"690a9fc7687924786e6cebea99fcca3c95ed0937","sha256":"42c615a1494ec712b130233f4198545d87b13e734ac5e4456504369037af00b0","sha512":"94d5fd1e752d74cdc1ef8540e59670a0d3787d5446a0a9aa2cc81858b7978ee33163610b9a97b0a842233dfd59a6fc013c6e36756704d6f0bcaa42687c1fb547","ssdeep":"","tlshash":"4511283453f28b314227d86f63e7ac442b718597610dc8133c4ea15c9fc16b9e3b26d5","size":938,"data":"","first_seen":"2026-04-06T12:34:09.173601Z","last_seen":"2026-04-06T12:35:41.147307Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/bodymovin/5.12.2/lottie.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"55bf86203909151984bef8cbe4739d64","sha1":"543e646b2ff86405b77bd2514b1aede8a8b4cbd8","sha256":"a0757321f974527bda3cc2593bf56cc7ffe4578421249ced6ae49ffb1c529f90","sha512":"8c49ee0edea37de7028ed850009f9e774313540fbee592a69547260c606fdaf508fd1127e85b88762c4b367413faf2aeb04da18539368acddc16fbf9c00f9282","ssdeep":"3072:xnEwejqNqAvPSIoPayIYzfq526QGK2y0mbsZmml+39xzKMTlB6k:xUjqNqAvPSIoPayIYzfq52tU1l4fRRBl","tlshash":"a85419597254343805c540a9806f0a4bb736292e246ac49cb76cf4ffacbde8d31beb75","size":305543,"data":"","first_seen":"2023-07-18T12:10:25Z","last_seen":"2026-04-22T03:56:17.087379Z","times_seen":1405,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"65918e43a85fad504f65d575c4b474a4","sha1":"9d9583865792fd58482bdd21a950860ebb6ed012","sha256":"1f5df1e62d811b0935c7b9bbbc00618b4ebd05211ecd71306945cb43045d7303","sha512":"64d412078e315f4fead1f5dfa9b1026f506960b3e922396a236b10c238a5bd82eef6ee64b33b0034b314835b923aa9e2cae8705d0b3aed1b0f5755194441aaf3","ssdeep":"","tlshash":"42118e5633a23a354ae72d575b8742c43763908336c1e001394e83521f37e6458f7bcc","size":1007,"data":"","first_seen":"2026-04-06T12:34:09.174911Z","last_seen":"2026-04-06T12:35:41.149767Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"94f590bfcfcde6a77ca38e14b5304ff1","sha1":"0bda41c481a02a76b3e5b1411a51072519e9b728","sha256":"9f4087f4540057418bb79a453f108bf8cfada8adeb00667db415b3ad9d28478a","sha512":"7963543ddf02053371b300602440ec8b8570face859754da632e8cc9e842e9b72fca9cdc2172c0a27cd4ed9377b91c88d1ec5e3c453c3c927fef3078fc34b99a","ssdeep":"","tlshash":"db0159a332a505345bb7617e8aafc01519321203a955e9acfe2c9e988f54f2877b35e0","size":737,"data":"","first_seen":"2026-04-06T12:34:09.17608Z","last_seen":"2026-04-06T12:35:41.151844Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/wallet/main.js","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1b2cdaf314806a0ecf1a6132d676d52","sha1":"a1cc839b0f5955cf9add64bec1ca00dcef395b51","sha256":"8f569ec2481093aa7d9bcf5792b20f2da1eb326725238b93d168d9c8dda35a0f","sha512":"4168a860a6c8e78b12f517403f67f27184814c81e3de852286df722905e3ce4e85726e50dd49c9159cb8d6a4312fe6006a452fb15687bcecd26d32649509430b","ssdeep":"384:TQLcamM4rJxUC0bn8WX+GhN2t8QNCBfUrs9:Raw+Cy858QNCBMrs9","tlshash":"df82e7b6b6e312397653e32ea7db121831307053352ac9553d9cb2806fdca2d19b5afc","size":19076,"data":"","first_seen":"2026-04-06T12:34:09.160494Z","last_seen":"2026-04-06T12:35:41.1201Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"metamask.web3-1.top/","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-06T12:33:41.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web3-1.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 13:12:48 GMT","end":"Tue, 30 Jun 2026 13:12:47 GMT"},"fingerprint":{"sha1":"50:69:90:6A:2D:5E:25:03:4E:1A:19:6F:BE:0B:5C:09:8F:00:A0:E8","sha256":"F1:29:04:FB:2A:62:FE:D1:B9:68:3C:A9:C0:4C:11:DF:0E:D0:E2:52:90:A3:29:3F:8F:C2:E4:A3:20:AF:8E:8C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: metamask.web3-1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 06 Apr 2026 12:33:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33409,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3185)","md5":"a0f20abc57dc4018a5b79093c181d8cf","sha1":"abb745bb0b9bf9e2c2ee9e0e91ab915d95eb98f8","sha256":"69ca7f8f49c849bfa1b18d70991bb61e745cb710113601d7817d03f8607016f4","sha512":"f698861ccf0b99b3711c59eaeeae0fc08c74c55ea081e517ac8713cf0f36aec116eddfa617f155a35c89a3473ee5ad823567be0550bafa00b8dc91780574f820","ssdeep":"384:jTMsZv1uIhIXJrPAsMsJ/1OAvoGT6fgNk2r7vltiejutO0k3U8:J86IXJ7p8AvvOfMk2r79ttmOp3R","tlshash":"5ae20a5cb2f419354583834ed7ba22363c228583ad469060b7cd46a41fd9edec8f79ec","first_seen":"2026-04-06T12:34:09.142282Z","last_seen":"2026-04-06T12:35:41.112193Z","times_seen":2,"resource_available":true,"data":null}},"time_used":960,"timings":{"blocked":453,"dns":355,"connect":45,"send":0,"wait":53,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"metamask.web3-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/assets/style.css","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web3-1.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 13:12:48 GMT","end":"Tue, 30 Jun 2026 13:12:47 GMT"},"fingerprint":{"sha1":"50:69:90:6A:2D:5E:25:03:4E:1A:19:6F:BE:0B:5C:09:8F:00:A0:E8","sha256":"F1:29:04:FB:2A:62:FE:D1:B9:68:3C:A9:C0:4C:11:DF:0E:D0:E2:52:90:A3:29:3F:8F:C2:E4:A3:20:AF:8E:8C"}}},"request":{"raw":"GET /assets/style.css HTTP/1.1\r\nHost: metamask.web3-1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamask.web3-1.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 06 Apr 2026 12:33:42 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 31 Mar 2026 15:48:26 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16660,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"4d4b791647c98542dcbdc8bf77313a0b","sha1":"72e70aa5b03e66165d65a4a79150336ce93524e7","sha256":"ca8b7f42b7212d1da4548d95998ed50e33bf8ce39c70d873a04f678874b1d121","sha512":"09801e0d98e2f9367cc2acbc33d9c272812cfe228a2cf5ea84852cc546ed39c0e420e13573304464a3b9936dba65249504d3247174c4ef053532ddbbaee201ba","ssdeep":"192:DIbb+aZ5LKJR0JdLY0MAKmoWdDgBYjj1fzUeGd+sZDy6+yRo+/YofOUbmuLtpf7s:UYNVmpLzAVXQVmvoV9rmwgPF+THfx5oS","tlshash":"fb72639267631a05b927895c6fe6cb4b235c8003910ac97d7fc5624d8f8a2dce5a3fdc","first_seen":"2026-04-06T12:34:09.145448Z","last_seen":"2026-04-06T12:35:41.128742Z","times_seen":2,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"metamask.web3-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/bodymovin/5.12.2/lottie.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/bodymovin/5.12.2/lottie.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamask.web3-1.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 12:33:42 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 63677\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"659c95a0-f8bd\"\r\nlast-modified: Tue, 09 Jan 2024 01:38:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 126069\r\nexpires: Sat, 27 Mar 2027 12:33:42 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cRx3IhCL1RTlvrDlhiriKGYGPNyRiydLL4NvFdmbbhfm21NRBD%2BOg5Ttd4B38qjR%2B7nJ2kHto158jJ%2Be0CmM32S4nm18H2xznKnt%2FiiEk8%2B2maupgFsY5uNSo88OK6TXoqLsWT1s\"}]}\r\ncf-ray: 9e80d28dfe14b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":305543,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"55bf86203909151984bef8cbe4739d64","sha1":"543e646b2ff86405b77bd2514b1aede8a8b4cbd8","sha256":"a0757321f974527bda3cc2593bf56cc7ffe4578421249ced6ae49ffb1c529f90","sha512":"8c49ee0edea37de7028ed850009f9e774313540fbee592a69547260c606fdaf508fd1127e85b88762c4b367413faf2aeb04da18539368acddc16fbf9c00f9282","ssdeep":"3072:xnEwejqNqAvPSIoPayIYzfq526QGK2y0mbsZmml+39xzKMTlB6k:xUjqNqAvPSIoPayIYzfq52tU1l4fRRBl","tlshash":"a85419597254343805c540a9806f0a4bb736292e246ac49cb76cf4ffacbde8d31beb75","first_seen":"2023-07-18T12:10:25Z","last_seen":"2026-04-22T03:56:17.087379Z","times_seen":1405,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":30,"dns":22,"connect":1,"send":0,"wait":7,"receive":3,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/geist/v4/gyByhwUxId8gMEwcGFWNPoTcZY4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:38:40 GMT","end":"Mon, 08 Jun 2026 08:38:39 GMT"},"fingerprint":{"sha1":"93:71:51:4C:A3:35:66:7B:96:98:73:5F:8A:D5:61:38:29:33:E3:58","sha256":"A7:C2:55:50:7A:01:61:98:C7:16:8F:8D:72:97:DD:77:B2:9D:D8:18:29:80:41:DE:61:95:42:E5:0F:79:FE:EF"}}},"request":{"raw":"GET /s/geist/v4/gyByhwUxId8gMEwcGFWNPoTcZY4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://metamask.web3-1.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 28412\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 05 Apr 2026 01:33:15 GMT\r\nexpires: Mon, 05 Apr 2027 01:33:15 GMT\r\ncache-control: public, max-age=31536000\r\nage: 126027\r\nlast-modified: Wed, 10 Sep 2025 16:49:32 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28412,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28412, version 1.0","md5":"a0f13f916a5805019879dd56b29bc098","sha1":"90af3a05ac9d34850f01f503e1a2582306d9245b","sha256":"04f13c87d9e172ebee6a520fe0d8cb187d1ed1f1eef505d47dd041467e36c6ec","sha512":"15993875861a0b439c76848f3bd7200a8296f917af470a53c0c058880090eb6ce325b2c12295d504b2b6fabe7a5647bfa4804c103b4c41bff4b1741bb27924db","ssdeep":"384:vOg2tlly1HTH0ZTk9hbQe3O4KGVTtRgKJMgJnynWeWkBuNyg3Bv0I5Y4hf/CGYEY:vLQlwH05kbQ+Ttvi+yskBuNFxRPHC2+","tlshash":"30d2e1a67a98b5976d61a4bb6150b00881cf7cb6230d03f21a24d561fd69fe603d373b","first_seen":"2025-09-11T19:57:45.123641Z","last_seen":"2026-04-22T03:05:26.356886Z","times_seen":936,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":58,"dns":1,"connect":7,"send":0,"wait":10,"receive":8,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Geist:wght@100..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:38:41 GMT","end":"Mon, 08 Jun 2026 08:38:40 GMT"},"fingerprint":{"sha1":"03:81:A0:0E:E1:9B:80:A3:BC:CD:F9:25:A5:7B:8A:43:07:22:C6:00","sha256":"73:8D:9A:B1:F0:C3:6E:8F:EE:C0:2F:99:C8:89:24:16:9A:DB:D1:9C:27:5D:8A:7A:A8:2B:0E:10:42:28:53:7F"}}},"request":{"raw":"GET /css2?family=Geist:wght@100..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamask.web3-1.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 06 Apr 2026 12:33:42 GMT\r\ndate: Mon, 06 Apr 2026 12:33:42 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1144,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"4aa44e343b69604bf76f989b718a8aa6","sha1":"daca57022a553b512625f2bfd866e64154c21f9a","sha256":"5c01edb14e1034c8c57ec446b07091b47f17aa95ac98513d1444f4f8a43471c0","sha512":"00a2e6a1bea83be9c2467404a23c198b9a576f5ad52da1661be7d62dc32b61b3905c3984db9f9603a60ddda403ffbb4ab644a050249d460224202360cbe2bf3c","ssdeep":"","tlshash":"3a218e810867d404eb935cc127ce7f72af0e61112444a6babbfe08dcbcaac26536675d","first_seen":"2025-09-11T19:57:45.152376Z","last_seen":"2026-04-21T07:53:44.131266Z","times_seen":249,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":128,"dns":40,"connect":22,"send":0,"wait":35,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/assets/spinner.gif","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web3-1.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 13:12:48 GMT","end":"Tue, 30 Jun 2026 13:12:47 GMT"},"fingerprint":{"sha1":"50:69:90:6A:2D:5E:25:03:4E:1A:19:6F:BE:0B:5C:09:8F:00:A0:E8","sha256":"F1:29:04:FB:2A:62:FE:D1:B9:68:3C:A9:C0:4C:11:DF:0E:D0:E2:52:90:A3:29:3F:8F:C2:E4:A3:20:AF:8E:8C"}}},"request":{"raw":"GET /assets/spinner.gif HTTP/1.1\r\nHost: metamask.web3-1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamask.web3-1.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 06 Apr 2026 12:33:42 GMT\r\ncontent-type: image/gif\r\ncontent-length: 56039\r\nlast-modified: Mon, 30 Mar 2026 14:10:46 GMT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56039,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"96406c70a63d3b470323a3d9d150911b","sha1":"8a7c68e57693e0aa3c9f7d2656d8e5c9a0bd3760","sha256":"50e6c4704adb7f8568b270658e7ed4ccd8b25ae4255a9456b4a15947b6d73990","sha512":"5004c70f637ca7b25e89f38fe107d33e38fbc179315e95be6bcb67e1fefb41e8dd28f8b506207378a943bff4e80a10938a7f2b430d5dc326aeb881b88ad83d3f","ssdeep":"768:SGA9z6vG8w4Z6sVSvRKH+TK9IYq/GkKyBaIgf+EUhWcqu6tmN9JFshIHN:yBaG8wIQRlTvIkDBRgf+/6tmBTN","tlshash":"8f43e1039566e8c9f02130f026af48d6a7e8248a7da8df67cd40775d9a83577a1e0ad3","first_seen":"2026-04-06T12:34:09.156496Z","last_seen":"2026-04-06T12:35:41.115684Z","times_seen":2,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"metamask.web3-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/wallet/main.js","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web3-1.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 13:12:48 GMT","end":"Tue, 30 Jun 2026 13:12:47 GMT"},"fingerprint":{"sha1":"50:69:90:6A:2D:5E:25:03:4E:1A:19:6F:BE:0B:5C:09:8F:00:A0:E8","sha256":"F1:29:04:FB:2A:62:FE:D1:B9:68:3C:A9:C0:4C:11:DF:0E:D0:E2:52:90:A3:29:3F:8F:C2:E4:A3:20:AF:8E:8C"}}},"request":{"raw":"GET /wallet/main.js HTTP/1.1\r\nHost: metamask.web3-1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamask.web3-1.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 06 Apr 2026 12:33:42 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 01 Apr 2026 10:04:58 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19220,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2745)","md5":"b1b2cdaf314806a0ecf1a6132d676d52","sha1":"a1cc839b0f5955cf9add64bec1ca00dcef395b51","sha256":"8f569ec2481093aa7d9bcf5792b20f2da1eb326725238b93d168d9c8dda35a0f","sha512":"4168a860a6c8e78b12f517403f67f27184814c81e3de852286df722905e3ce4e85726e50dd49c9159cb8d6a4312fe6006a452fb15687bcecd26d32649509430b","ssdeep":"384:TQLcamM4rJxUC0bn8WX+GhN2t8QNCBfUrs9:Raw+Cy858QNCBMrs9","tlshash":"df82e7b6b6e312397653e32ea7db121831307053352ac9553d9cb2806fdca2d19b5afc","first_seen":"2026-04-06T12:34:09.160494Z","last_seen":"2026-04-06T12:35:41.1201Z","times_seen":2,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"metamask.web3-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/assets/maskotInfo.json","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web3-1.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 13:12:48 GMT","end":"Tue, 30 Jun 2026 13:12:47 GMT"},"fingerprint":{"sha1":"50:69:90:6A:2D:5E:25:03:4E:1A:19:6F:BE:0B:5C:09:8F:00:A0:E8","sha256":"F1:29:04:FB:2A:62:FE:D1:B9:68:3C:A9:C0:4C:11:DF:0E:D0:E2:52:90:A3:29:3F:8F:C2:E4:A3:20:AF:8E:8C"}}},"request":{"raw":"GET /assets/maskotInfo.json HTTP/1.1\r\nHost: metamask.web3-1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://metamask.web3-1.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 06 Apr 2026 12:33:42 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nlast-modified: Mon, 30 Mar 2026 19:52:20 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1319543,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (14431), with CRLF line terminators","md5":"9149f2f9ad13a26e3043ae83d4d732be","sha1":"b017d77d45be171da9246f54242ea8dc9fb64a91","sha256":"9667afd317fc6dfb029ed8bbe266429723722df33e3ec572c252a9909dc0e2ec","sha512":"6ad927419d0b745bd99d6566764949f65117b5ffa477f321c947a87408606478e923675cb75bbcd5fa2f04ef935af5d7628b676453eddcebb9a381c50e955e0e","ssdeep":"24576:7H9LXEZRydiZXqUEB6kE0nhHqK61u9BRcMqQlMif4/TJ:JjyKhC1hWfi","tlshash":"f82512f1c519ac8600b9c43c9736bf00efa06a0793c9b99732be15ad6f5f9a0b4b5057","first_seen":"2026-04-06T12:34:09.162889Z","last_seen":"2026-04-06T12:35:41.134713Z","times_seen":2,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"metamask.web3-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamask.web3-1.top/favicon.ico","fqdn":"metamask.web3-1.top","domain":"web3-1.top","tld":"top"},"ip":{"addr":"185.66.90.106","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://metamask.web3-1.top/","date":"2026-04-06T12:33:42.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web3-1.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 13:12:48 GMT","end":"Tue, 30 Jun 2026 13:12:47 GMT"},"fingerprint":{"sha1":"50:69:90:6A:2D:5E:25:03:4E:1A:19:6F:BE:0B:5C:09:8F:00:A0:E8","sha256":"F1:29:04:FB:2A:62:FE:D1:B9:68:3C:A9:C0:4C:11:DF:0E:D0:E2:52:90:A3:29:3F:8F:C2:E4:A3:20:AF:8E:8C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: metamask.web3-1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamask.web3-1.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 06 Apr 2026 12:33:42 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-04-22T04:07:06.492976Z","times_seen":29181,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":478,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"metamask.web3-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}