{"report_id":"7e139235-e0aa-464c-bf45-89700a7dcea9","version":6,"status":"done","tags":[],"date":"2026-01-18T22:21:17Z","url":{"schema":"http","addr":"metamaskinsurance.live","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"metamaskinsurance.live/","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"title":"MetaMask - Your Home in Web3","dom":{"size":53337,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (52412)","md5":"0a9a65dc550c1c73aa8bacedd1f61c56","sha1":"c0b27c3abbf15cd862450dcdec4a1774cdf514ff","sha256":"8020a854ff7c006f3c87bacadef0ca33f61ae26d66e1b21018df497a7502c960","sha512":"736f6938fed653a3d5928d42ed05f02485c35779984da53f7c64c5773d55519c8491d6c09612d1ef9bc0c7da44ae593a7cdcd7d6bf0544345032c11b7acaca44","ssdeep":"768:XnkncuQhaxUlj0jcYjbA7WKsNvt8BHLkxwLkOLkpjpDp7e2SlPZII:39Uy0907Wvv+BKppepp","tlshash":"573362722289047ee6074aedfad3f72dd157c299cb7f50cce7e805671786c88e819688","dom_hash":"domhash816ae332ec24852de2ba24d1a27ef006","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"metamaskinsurance.live","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-22T22:21:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"metamaskinsurance.live","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-18T22:21:18.055703Z","last_seen":"2026-01-18T22:21:18.055703Z","alert_count":14,"request_count":7,"received_data":581634,"sent_data":4731,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-18T22:14:28.232245Z","alert_count":0,"request_count":2,"received_data":96922,"sent_data":1100,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-18T22:17:29.309663Z","alert_count":0,"request_count":1,"received_data":6873,"sent_data":546,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"metamaskinsurance.live/assets/index-CjWGvABO.js","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"37becdbe00e58f8d9f40d013e7d86295","sha1":"c54da24704f48b49349fe6746f2093a200036b73","sha256":"3b2088ad0e1e20f005d15601ef4db0b0ff9347600eb6c1ae232661a955008b6c","sha512":"a42d62d3bc1e3ecfdc56b7d94938279d4c88c25d37e38500244bb2097387f315ad7b73f2c2b79d94ceaf00353420662ddfb54d4a21b4bdee1da6f88f84a407d2","ssdeep":"6144:ylTwZWft+yd4JuG3wWWG48GkmcAFSHoIagrJFJRU/G7OoWeV1QScKN19+4RN/puw:yl3d4JuG3o1nF8HoIaWpvL","tlshash":"5ca45ad47196f5699fa344e2507f0106b23e2d15b00d8490f1b8ecea3a79c46b27bfad","size":483638,"data":"","first_seen":"2026-01-18T22:21:22.040489Z","last_seen":"2026-01-18T22:21:22.040489Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"metamaskinsurance.live/assets/output-onlinepngtools_1768602465646-CoEtbHKK.png","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:57.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"metamaskinsurance.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 21:54:47 GMT","end":"Thu, 16 Apr 2026 21:54:46 GMT"},"fingerprint":{"sha1":"09:C6:EE:D6:35:F7:E8:72:E4:90:53:87:CC:5B:CE:75:5E:B1:00:CF","sha256":"4B:0B:2D:DA:0A:A8:B4:08:47:9A:5D:04:08:39:4B:5D:60:78:F4:A4:F8:4D:FC:F7:E8:D9:C9:7E:50:35:C0:0B"}}},"request":{"raw":"GET /assets/output-onlinepngtools_1768602465646-CoEtbHKK.png HTTP/1.1\r\nHost: metamaskinsurance.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamaskinsurance.live/\r\nCookie: GAESA=Cp4BMDA1ZWI2OTc0Y2M4MTAwNjAxMjQzNWU5MTIwYTRmNzE5YzNlZTVlN2QxNDgyMDQwN2Y4MDk0Y2FjZThmYWViZmFkZTU4ZDE3OTAxNzM0MWQ3YTA1MmQzZjViNDM2NjhhNGRhNGUxMTQ3Mzg4NDljYzhkN2FkYTAzODNhNTBlYTVhMjRkZDVlMWZlYTY5MGY4NjExMTYxNGE4ZDdjZDkQuN3Jmb0z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-09T00:17:25.723561Z","times_seen":16254457,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamaskinsurance.live/assets/logo-D2YGqo88.svg","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:57.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"metamaskinsurance.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 21:54:47 GMT","end":"Thu, 16 Apr 2026 21:54:46 GMT"},"fingerprint":{"sha1":"09:C6:EE:D6:35:F7:E8:72:E4:90:53:87:CC:5B:CE:75:5E:B1:00:CF","sha256":"4B:0B:2D:DA:0A:A8:B4:08:47:9A:5D:04:08:39:4B:5D:60:78:F4:A4:F8:4D:FC:F7:E8:D9:C9:7E:50:35:C0:0B"}}},"request":{"raw":"GET /assets/logo-D2YGqo88.svg HTTP/1.1\r\nHost: metamaskinsurance.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamaskinsurance.live/\r\nCookie: GAESA=Cp4BMDA1ZWI2OTc0Y2M4MTAwNjAxMjQzNWU5MTIwYTRmNzE5YzNlZTVlN2QxNDgyMDQwN2Y4MDk0Y2FjZThmYWViZmFkZTU4ZDE3OTAxNzM0MWQ3YTA1MmQzZjViNDM2NjhhNGRhNGUxMTQ3Mzg4NDljYzhkN2FkYTAzODNhNTBlYTVhMjRkZDVlMWZlYTY5MGY4NjExMTYxNGE4ZDdjZDkQuN3Jmb0z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 4696\r\ncontent-type: image/svg+xml\r\ndate: Sun, 18 Jan 2026 22:20:57 GMT\r\netag: W/\"1258-19bc9027888\"\r\nlast-modified: Fri, 16 Jan 2026 22:52:21 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: fe2858c9816729bad9dfafba9a6b2769\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":4696,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ff8e5e8dfada58d5682200f24439094a","sha1":"d3e247d0279bbe0c89c733d18f7ce23f36d01c62","sha256":"bfa0ca3dac7efae195698c919561af77a4b66712ece41969540ec2251a9f7243","sha512":"7d755ad516a640058eeed065189c35beb01a6de9e7cf5fc7a601f17fb7015219a0d89087797eba3518ac50a2b02836d152a302fec79fd5c9016b479a6b8f0866","ssdeep":"48:2MYNSF+SBIS0FtzSdVpH0MtEO0SFeoGjZQo3UQuFWfY4n:RYNM+GIfFh+jHztb06eoGdsQuFWh","tlshash":"b2a126d9a3580dbdfd2348b8d6953272309bc9ca5460b2099c7381b2251f2dde67fdd8","first_seen":"2026-01-18T22:21:22.026668Z","last_seen":"2026-01-18T22:21:22.026668Z","times_seen":1,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/spacegrotesk/v22/V8mDoQDjQSkFtoMM3T6r8E7mPbF4Cw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:57.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/spacegrotesk/v22/V8mDoQDjQSkFtoMM3T6r8E7mPbF4Cw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://metamaskinsurance.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22288\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 17 Jan 2026 18:26:48 GMT\r\nexpires: Sun, 17 Jan 2027 18:26:48 GMT\r\ncache-control: public, max-age=31536000\r\nage: 100449\r\nlast-modified: Thu, 04 Sep 2025 17:26:34 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22288,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22288, version 1.0","md5":"87c506d88b9f587f0e2292bc271f5083","sha1":"c0781ea2f29013826dc1eb8db40f4d400d9df710","sha256":"0640890476fc1198ab4de571fb658de443c4d85b66466ec09534a8737ab1ce9d","sha512":"25171eb14ce4c75ccfdb6f1c2a7de82182fd8d3d79cfa108df2d0e015e4ac84678ad97fdf90cff2ac2f24934531fcca3289343129687f176f21964ce5cd01b02","ssdeep":"384:TB/NWnO5qgQvU7gd7EeEX5qPOJO4FqaCEuAsCyzvDfxPdjuHsrC:TBlo1vUsvZqO4MAsCKrxxuMrC","tlshash":"8aa2e15b3f6bde211a27aebf4fc957b0a3ac6c1db2dd2712c198b104408962cc5d5ce6","first_seen":"2025-09-05T05:08:09.568652Z","last_seen":"2026-06-09T00:17:02.536125Z","times_seen":18983,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":104,"dns":1,"connect":21,"send":0,"wait":22,"receive":7,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcCo3FwrK3iLTcviYwYZ90A2N58.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:57.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/inter/v20/UcCo3FwrK3iLTcviYwYZ90A2N58.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://metamaskinsurance.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 72964\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 17 Jan 2026 18:24:01 GMT\r\nexpires: Sun, 17 Jan 2027 18:24:01 GMT\r\ncache-control: public, max-age=31536000\r\nage: 100616\r\nlast-modified: Tue, 09 Sep 2025 18:33:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":72964,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 72964, version 1.0","md5":"91247c94dcda6ff52b445d71d6bbfb81","sha1":"ad2f62363ed047b430b91f32afa31df51fcd7c5e","sha256":"6a3c3e024b31eeacbf1f19c3c7be78612d91c623186f64035a50038241dad4f9","sha512":"a12dcac84e9f9ae02df3aabe29d76994281cd1005edca471194605cfcd6a0456eec872fd28c63c72ae124804d0b47d8377048caae49c40b0a18b5d6be4d6213f","ssdeep":"768:zbw+rLBkMxbCkupj4Y69/Yr71+j9pWiKahMM6+AWEqXB0oGuNGku+QCcIKE205C7:zbw+iwuS/iZWeaO1zP1/9Esvf8fXnm1","tlshash":"8f6302244e3c50c2a54d33aa286940f6f6e79c75b2b79ba4a69c589cd410f329cdfdc4","first_seen":"2025-05-29T18:51:13.223047Z","last_seen":"2026-06-08T21:57:05.644598Z","times_seen":25931,"resource_available":false,"data":null}},"time_used":377,"timings":{"blocked":163,"dns":0,"connect":21,"send":0,"wait":22,"receive":29,"ssl":138},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamaskinsurance.live/assets/output-onlinepngtools_1768602465646-CoEtbHKK.png","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:57.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"metamaskinsurance.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 21:54:47 GMT","end":"Thu, 16 Apr 2026 21:54:46 GMT"},"fingerprint":{"sha1":"09:C6:EE:D6:35:F7:E8:72:E4:90:53:87:CC:5B:CE:75:5E:B1:00:CF","sha256":"4B:0B:2D:DA:0A:A8:B4:08:47:9A:5D:04:08:39:4B:5D:60:78:F4:A4:F8:4D:FC:F7:E8:D9:C9:7E:50:35:C0:0B"}}},"request":{"raw":"GET /assets/output-onlinepngtools_1768602465646-CoEtbHKK.png HTTP/1.1\r\nHost: metamaskinsurance.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamaskinsurance.live/\r\nCookie: GAESA=Cp4BMDA1ZWI2OTc0Y2M4MTAwNjAxMjQzNWU5MTIwYTRmNzE5YzNlZTVlN2QxNDgyMDQwN2Y4MDk0Y2FjZThmYWViZmFkZTU4ZDE3OTAxNzM0MWQ3YTA1MmQzZjViNDM2NjhhNGRhNGUxMTQ3Mzg4NDljYzhkN2FkYTAzODNhNTBlYTVhMjRkZDVlMWZlYTY5MGY4NjExMTYxNGE4ZDdjZDkQuN3Jmb0z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 4125\r\ncontent-type: image/png\r\ndate: Sun, 18 Jan 2026 22:20:57 GMT\r\netag: W/\"101d-19bc9027888\"\r\nlast-modified: Fri, 16 Jan 2026 22:52:21 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: ab6bbf3121aca90bd9dfafba9a6b2cd3\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4125,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 186 x 98, 8-bit/color RGBA, non-interlaced","md5":"043cdeeceed8059c6df3f91d21f1ee0d","sha1":"5b9f9e42ec29895fa6ff7525120688bea51d318e","sha256":"3d9fbac109f45ef5447a2c37d0180ae2f2962d31f069296d1a23c3317f20f0e3","sha512":"483f9055e5e491251f3c8618d0d4f00e3256040b2cad9ff104c48547eaa9bf1e228d8bfa425cfa8b9af9d301eecccaa442154790e079bf2ba81cb81cd782a5af","ssdeep":"96:J+vmC+v9e0HPk9EB55fKI8pavmpNYM5GdYhfEBML07JBHQHIQ7:J+u1v9e0H+EBDvoNYXraLEwHv","tlshash":"c9818eaeeb78547d95e25621436153fbb3356fac472c2d07902d507c24d10bfa6ee045","first_seen":"2026-01-18T22:21:22.031608Z","last_seen":"2026-01-18T22:21:22.031608Z","times_seen":1,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamaskinsurance.live/favicon.png","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:57.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"metamaskinsurance.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 21:54:47 GMT","end":"Thu, 16 Apr 2026 21:54:46 GMT"},"fingerprint":{"sha1":"09:C6:EE:D6:35:F7:E8:72:E4:90:53:87:CC:5B:CE:75:5E:B1:00:CF","sha256":"4B:0B:2D:DA:0A:A8:B4:08:47:9A:5D:04:08:39:4B:5D:60:78:F4:A4:F8:4D:FC:F7:E8:D9:C9:7E:50:35:C0:0B"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: metamaskinsurance.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamaskinsurance.live/\r\nCookie: GAESA=Cp4BMDA1ZWI2OTc0Y2M4MTAwNjAxMjQzNWU5MTIwYTRmNzE5YzNlZTVlN2QxNDgyMDQwN2Y4MDk0Y2FjZThmYWViZmFkZTU4ZDE3OTAxNzM0MWQ3YTA1MmQzZjViNDM2NjhhNGRhNGUxMTQ3Mzg4NDljYzhkN2FkYTAzODNhNTBlYTVhMjRkZDVlMWZlYTY5MGY4NjExMTYxNGE4ZDdjZDkQuN3Jmb0z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 1145\r\ncontent-type: image/png\r\ndate: Sun, 18 Jan 2026 22:20:57 GMT\r\netag: W/\"479-19bc9027888\"\r\nlast-modified: Fri, 16 Jan 2026 22:52:21 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 2e957393808c1f17d9dfafba9a6b23af\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1145,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"ed6740d90cd839744d48523d4991a6f7","sha1":"a8e4f5b4d7be660dc6f5279389a88b0c95f5f21d","sha256":"b6acb73abb0b7e8e808d72c016e81d97860bc7e7e0eb4f06ff76ba1d16a5b04f","sha512":"d22ab125bfc6197c15d72e5119e6621e82dc0f841fde4510406ef791e0b311826c9d2d80f39230ab3f64f27750cd6da26ebd8180e455cd9a430601e386f38faa","ssdeep":"","tlshash":"6d21c64ff321e8628d9d9892290397640c11ebd0bd49308f480a5ff17572ab0878e654","first_seen":"2025-10-27T15:21:57.79985Z","last_seen":"2026-06-04T19:38:37.672125Z","times_seen":244,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamaskinsurance.live/","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-18T22:20:56.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"metamaskinsurance.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 21:54:47 GMT","end":"Thu, 16 Apr 2026 21:54:46 GMT"},"fingerprint":{"sha1":"09:C6:EE:D6:35:F7:E8:72:E4:90:53:87:CC:5B:CE:75:5E:B1:00:CF","sha256":"4B:0B:2D:DA:0A:A8:B4:08:47:9A:5D:04:08:39:4B:5D:60:78:F4:A4:F8:4D:FC:F7:E8:D9:C9:7E:50:35:C0:0B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: metamaskinsurance.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: private, max-age=0\r\ncontent-length: 959\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sun, 18 Jan 2026 22:20:56 GMT\r\netag: W/\"3bf-19bc9027888\"\r\nexpires: Sun, 18 Jan 2026 22:20:56 GMT\r\nlast-modified: Fri, 16 Jan 2026 22:52:21 GMT\r\nserver: Google Frontend\r\nset-cookie: GAESA=Cp4BMDA1ZWI2OTc0Y2M4MTAwNjAxMjQzNWU5MTIwYTRmNzE5YzNlZTVlN2QxNDgyMDQwN2Y4MDk0Y2FjZThmYWViZmFkZTU4ZDE3OTAxNzM0MWQ3YTA1MmQzZjViNDM2NjhhNGRhNGUxMTQ3Mzg4NDljYzhkN2FkYTAzODNhNTBlYTVhMjRkZDVlMWZlYTY5MGY4NjExMTYxNGE4ZDdjZDkQuN3Jmb0z; expires=Tue, 17-Feb-2026 22:20:56 GMT; path=/\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 2cd7e73c8e0d0d85cfc8626d54b4d616;o=1\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":959,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"26332a9392f7597542434e48f07010ee","sha1":"0230dac8eb776fb1a65f0018e26a6d83b7b947db","sha256":"ef81a9580965b54f42f31809c991793d9ad65bcd09717d70b5b6dc060fd20f5c","sha512":"ca4a095191d194888d3beab6aff6d30f4fb2702543310b6c87f7750803f46f5aaa64812e2c890a6a51db9bbc363bcb7b3eb7d120816dc7fa6d53e757cc8b139b","ssdeep":"","tlshash":"3911844759d08918231043a13de0b03add03874f4388e99439e2207ecbc47c3c89b96c","first_seen":"2026-01-18T22:21:22.035219Z","last_seen":"2026-01-18T22:21:22.035219Z","times_seen":1,"resource_available":false,"data":null}},"time_used":466,"timings":{"blocked":119,"dns":42,"connect":26,"send":0,"wait":228,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Space+Grotesk:wght@300..700\u0026family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:56.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Space+Grotesk:wght@300..700\u0026family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamaskinsurance.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 18 Jan 2026 22:20:56 GMT\r\ndate: Sun, 18 Jan 2026 22:20:56 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6187,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"afc49503b04e9129fe6b15f69a515a8d","sha1":"28ec96ac56201be734db077b6c5525ca0f6a9fca","sha256":"4db5192e7dc263d82c452906ae152234d9f0b51d5f4556d22d2742847630bc24","sha512":"c6537f72427b42f4592950a4ef71188f2335678a8431571e7bba1fc3cb42c07cd57ad967c065785f829c5236d3b56d2e25b97b87e913601e3c95463c75b193d3","ssdeep":"192:vywfydyGy63gy/yFVyR73xpmj3U8fHeRfGSW:vtfcHjg8ciIuk","tlshash":"0ad1ed92006f9504ea431cd627cf7e32ad8ea1956082d67d6ffe2cc9acdbd22532474d","first_seen":"2025-09-27T14:43:07.541895Z","last_seen":"2026-06-04T03:25:32.668315Z","times_seen":66,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":60,"dns":1,"connect":7,"send":0,"wait":19,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"metamaskinsurance.live/assets/index-CujohUU0.css","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:56.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"metamaskinsurance.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 21:54:47 GMT","end":"Thu, 16 Apr 2026 21:54:46 GMT"},"fingerprint":{"sha1":"09:C6:EE:D6:35:F7:E8:72:E4:90:53:87:CC:5B:CE:75:5E:B1:00:CF","sha256":"4B:0B:2D:DA:0A:A8:B4:08:47:9A:5D:04:08:39:4B:5D:60:78:F4:A4:F8:4D:FC:F7:E8:D9:C9:7E:50:35:C0:0B"}}},"request":{"raw":"GET /assets/index-CujohUU0.css HTTP/1.1\r\nHost: metamaskinsurance.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamaskinsurance.live/\r\nCookie: GAESA=Cp4BMDA1ZWI2OTc0Y2M4MTAwNjAxMjQzNWU5MTIwYTRmNzE5YzNlZTVlN2QxNDgyMDQwN2Y4MDk0Y2FjZThmYWViZmFkZTU4ZDE3OTAxNzM0MWQ3YTA1MmQzZjViNDM2NjhhNGRhNGUxMTQ3Mzg4NDljYzhkN2FkYTAzODNhNTBlYTVhMjRkZDVlMWZlYTY5MGY4NjExMTYxNGE4ZDdjZDkQuN3Jmb0z\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 83808\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Sun, 18 Jan 2026 22:20:56 GMT\r\netag: W/\"14760-19bc9027888\"\r\nlast-modified: Fri, 16 Jan 2026 22:52:21 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: cc949f141a9773cbd9dfafba9a6b29b1\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":83808,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"75e0cf641757b0665cfd5b6673927d2b","sha1":"3ea95657cd8f41c43277bef823debd93a2a516b7","sha256":"808187bad1902ade052bbfa20944c313f19bc5bdf940cd76bae583fef2be4401","sha512":"3f141c3dcff31660083ccef5858ec47000afd0bb90399f0b585cc8784609d2385bb510cf44eca1b5aab3d8782c613ba20baa8b2960e7147ffb587f8b03c468e2","ssdeep":"1536:qofh+wX8YNw8G6oUmMGpfC378VQZkt5FxPbTZs:qofh+wXtw8QUmMGpfC378VQZkt5Fh/Zs","tlshash":"c783872d7958607f3c67a0f4d3cc7aace10af1c0de3e05aabd86412567d23f25daa944","first_seen":"2026-01-18T22:21:22.038325Z","last_seen":"2026-01-18T22:21:22.038325Z","times_seen":1,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"metamaskinsurance.live/assets/index-CjWGvABO.js","fqdn":"metamaskinsurance.live","domain":"metamaskinsurance.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://metamaskinsurance.live/","date":"2026-01-18T22:20:56.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"metamaskinsurance.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 21:54:47 GMT","end":"Thu, 16 Apr 2026 21:54:46 GMT"},"fingerprint":{"sha1":"09:C6:EE:D6:35:F7:E8:72:E4:90:53:87:CC:5B:CE:75:5E:B1:00:CF","sha256":"4B:0B:2D:DA:0A:A8:B4:08:47:9A:5D:04:08:39:4B:5D:60:78:F4:A4:F8:4D:FC:F7:E8:D9:C9:7E:50:35:C0:0B"}}},"request":{"raw":"GET /assets/index-CjWGvABO.js HTTP/1.1\r\nHost: metamaskinsurance.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://metamaskinsurance.live/\r\nCookie: GAESA=Cp4BMDA1ZWI2OTc0Y2M4MTAwNjAxMjQzNWU5MTIwYTRmNzE5YzNlZTVlN2QxNDgyMDQwN2Y4MDk0Y2FjZThmYWViZmFkZTU4ZDE3OTAxNzM0MWQ3YTA1MmQzZjViNDM2NjhhNGRhNGUxMTQ3Mzg4NDljYzhkN2FkYTAzODNhNTBlYTVhMjRkZDVlMWZlYTY5MGY4NjExMTYxNGE4ZDdjZDkQuN3Jmb0z\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 483638\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 18 Jan 2026 22:20:56 GMT\r\netag: W/\"76136-19bc9027888\"\r\nlast-modified: Fri, 16 Jan 2026 22:52:21 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 4174b14452ca525dd9dfafba9a6b28ca\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":483638,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (37669)","md5":"37becdbe00e58f8d9f40d013e7d86295","sha1":"c54da24704f48b49349fe6746f2093a200036b73","sha256":"3b2088ad0e1e20f005d15601ef4db0b0ff9347600eb6c1ae232661a955008b6c","sha512":"a42d62d3bc1e3ecfdc56b7d94938279d4c88c25d37e38500244bb2097387f315ad7b73f2c2b79d94ceaf00353420662ddfb54d4a21b4bdee1da6f88f84a407d2","ssdeep":"6144:ylTwZWft+yd4JuG3wWWG48GkmcAFSHoIagrJFJRU/G7OoWeV1QScKN19+4RN/puw:yl3d4JuG3o1nF8HoIaWpvL","tlshash":"5ca45ad47196f5699fa344e2507f0106b23e2d15b00d8490f1b8ecea3a79c46b27bfad","first_seen":"2026-01-18T22:21:22.040489Z","last_seen":"2026-01-18T22:21:22.040489Z","times_seen":1,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":64,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"metamaskinsurance.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}