{"report_id":"c106c320-c074-4bcb-8a7f-54e033f23b39","version":6,"status":"done","tags":[],"date":"2026-03-26T07:51:03Z","url":{"schema":"http","addr":"h5.metamask.eu.cc","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":0,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"title":"MetaMask","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"h5.metamask.eu.cc","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":0,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-30T07:51:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"h5.metamask.eu.cc","ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":234,"request_count":78,"received_data":7119946,"sent_data":36711,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ws.metamask.eu.cc","ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":8,"request_count":4,"received_data":832,"sent_data":2412,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static-dev.bbbtrade.net","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-08-02","domain_rank":0,"first_seen":"2025-03-06T21:41:36.123586Z","last_seen":"2026-03-08T12:34:01.598679Z","alert_count":0,"request_count":3,"received_data":0,"sent_data":1442,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"124.220.203.60","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2026-03-25T20:42:33.284631Z","alert_count":0,"request_count":1,"received_data":579,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api-dev.bbbtrade.net","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-08-02","domain_rank":0,"first_seen":"2025-07-16T11:12:10.257454Z","last_seen":"2025-10-11T09:04:18.971461Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":437,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d278965385479f78e450e857a9fd2cb9","sha1":"7da08f9827edff669ecdada652bd1e1adbc139ce","sha256":"74eb878f2a33a25aa8a39db8e316a4f14390cd53416aebfabca9e97325a0a3ff","sha512":"2a1697802e843d392cac843190bf5d970e5b76e2524cf2824a209555029413f779fd6f20b041f0c9f9c61d516daee4a78835dcee899f2d5113b2e8a50b305801","ssdeep":"","tlshash":"add0728431c32a000a820c007a6f2888a03c9402b20c1663cac8eac52a490fae23bcdd","size":290,"data":"","first_seen":"2025-10-11T09:04:26.5552Z","last_seen":"2026-06-05T02:19:33.682665Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"10218488a91a2e85d0a374b16a6c7357","sha1":"e9df8703894c434b7bb91c988f95e3ee8fa9b7b9","sha256":"1aaeb005c6daaf231a66f43b1212e940e04223793c8bcfc1ab5390ba6f859048","sha512":"b76f0a874d461a0a63ef5682c7e1347885d8a35bd56f2d9e2a6feaf672dfebe2fa27d4a2ec698616d1b99006294c363a779b0ae8ac90d001b372c03e34cf1d9a","ssdeep":"","tlshash":"35c08cc4e0c62d141602a41510af25e4a028802670481b539c94d8482e220b08233e98","size":141,"data":"","first_seen":"2025-06-19T20:06:53.567497Z","last_seen":"2026-03-26T07:51:16.082634Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"e828cec276073102fca63758c0221e15","sha1":"fcb79ed9f6a4102782c9a7c2e0b4e02137e942d1","sha256":"99739074202d9e056929b6edd48e5dc822d1a169b957146fe0f8a0801915ca96","sha512":"2abe8a03f0b76b8ed764a4b103af2c3eeaacf09afc4d2462234bc267838c40a8e10921de1cb172ec506b1eb7669487d4eee557168fb69c322ddb4b8db5a9df5d","ssdeep":"","tlshash":"9cc08cc4b0c23e202606651124ff39e49034402a70483b12cea4d8482e630b08233eec","size":151,"data":"","first_seen":"2025-06-19T20:06:53.572493Z","last_seen":"2026-06-05T02:19:33.693544Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c6c2269dcff4415159deb07cabae7636","sha1":"0be016ee8921b95e9977376e0385ed593d8840e3","sha256":"71e3159b107e2cddfe3ab06f2acf91ea309186f78a56bd5a555264dde0883670","sha512":"b047ee555e8dce60ec85353f9949252e45d0a03f59625ac7c25e87e631b21741569753ce92d16f43e4f4f173725662a6bc0ce6387dfcc476c2b95ba0c6d87917","ssdeep":"","tlshash":"e7c08cc4a0d37d001602655221af24e49034402674881b22dc94d8482e220b08233e98","size":143,"data":"","first_seen":"2024-08-20T19:06:52.661817Z","last_seen":"2026-06-05T02:19:33.687336Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"4ab90d4b211783f77d1699c0121324fd","sha1":"8ed72e574f088d5c11e25d89c423a016b405fad2","sha256":"6c2de34ff88f5a6e2b3bc4e3284eb1b56c718e0713a59ba7293c37953f133fd6","sha512":"19f55df73b2cdbacba8679dd26db388e6fc4f75cda269023aff0141c053cca053314f9e9b0581bbfc83ee073512a7b252070972848393aaa939be0aa3e7d0bdd","ssdeep":"","tlshash":"56c08cd5a0d23d005602685025bf28e49034402674482b12cd94e8482e620b48233e98","size":142,"data":"","first_seen":"2023-12-27T11:05:41Z","last_seen":"2026-06-03T15:55:51.100821Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/cblogo192.D7wYePgb.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"dfcb3df7096db588aa7f11017db40944","sha1":"692c7012175a8cca70241cff5ada975bf7b55208","sha256":"b26738b1e5b07204b35ed3c41d5c845df0f9131540676edf0075a929bbd438ec","sha512":"8cc004ea871e5d23f636bd395d5e74cb398b7b6263fb116d9e8335ead9d86caa2b3ecdec00a7490189ce38529243561bc321efc8acd9939ec65ad0548b216aab","ssdeep":"96:1lprlt2zyFByj9i+OcLajkqH49wVqw8IcTwq5UE:1lh3OJ9GjkCoIKxH","tlshash":"90a17dbb2752f5860a4e9404d24c0934da48ccea337cc853d78caf086de9611bbda7c8","size":4917,"data":"","first_seen":"2026-03-26T07:51:16.048064Z","last_seen":"2026-06-05T02:19:33.616594Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"92443b26c22a5cdf332d8f825ce6fda4","sha1":"9d14ea89bc8670f39ae47828ea619d04308e9aa8","sha256":"f0bcfe115786564dc4d1a9a038aa024e501357486509a63c304db82b2f971812","sha512":"a03444cf910691ad3d23603a02ebbbb0aa4965608e4ea351bf7a078ddb2c2ec3c165e42a1563273c37c445c0575ee28a1d3bbdf60a848c0519c677fd5419438c","ssdeep":"","tlshash":"bcc08cc4b0c26d001a26645010bf24e4a03440aaf04c1b038d94e8482e624b08237ed8","size":143,"data":"","first_seen":"2023-11-22T06:47:57Z","last_seen":"2026-06-05T02:19:33.647533Z","times_seen":54,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6fb5cd5e0934b236b4f6db902eaf0dad","sha1":"365bc8e4aeb220ea1fba23181c22450003c7a841","sha256":"4b8472addf00a08869fd75618c890498a6b4650bcaeefda6c82db8fb08b9acbb","sha512":"9e4c038a6ddff9ee70513b1c0c503f53a4ebc84193a8f7ac021fb57cb1965be17e97d790e41d31f23ed192596968b84180e0f529ccc4aecbe5da909fbe9287c5","ssdeep":"","tlshash":"dcc080c4b1d26d002755585171ef35f450384016784957579c94d8592e735b48237fec","size":164,"data":"","first_seen":"2025-10-11T09:04:26.552125Z","last_seen":"2026-06-05T02:19:33.650323Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7a2da7a82565fbb3da041e938d8a352e","sha1":"52190a672d77c6175dae06e966db86d9d0cd8685","sha256":"8511e4d0cc34df15aeaa2807f240d43f3e2bd255b4b46d4d1b336e913afe5400","sha512":"f7404fa913506f06bb8a191dd46eeb6f25ad6cdd31e3efeca28fc89398fc20c8dc1f500de75c67ee1350f82571d8f13044a1af35fcfe5f426dc6ed606c2f9ccb","ssdeep":"","tlshash":"4dc08cc5b0d76e101682682810bf3ce8a0285026794c1b039d98e8492e630f08233eac","size":151,"data":"","first_seen":"2025-10-11T09:04:26.545063Z","last_seen":"2026-06-05T02:19:33.684448Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/_plugin-vue_export-helper.BCo6x5W8.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"41bf66d156aac38dbf7a45b53cb4db18","sha1":"4aa693a2afcc34b6a577e1bfc4be3ef5a458dce0","sha256":"a7dbb0eaed9de79041d555c4563be4bb0514099b8d169a2b548ab2d07102cb55","sha512":"64e1a5c2939052c93692338bf78b66723ae6673121d2915a9fb0848449e4b2657c1a31c8940bc7c9ec77554fd4c04ffae1b787297f0fba23983a987e85caee15","ssdeep":"","tlshash":"40b012e500824138432175c796f444649e08005c394756d144480d52c143080541bc3c","size":91,"data":"","first_seen":"2023-03-26T04:51:44Z","last_seen":"2026-06-08T06:01:07.230945Z","times_seen":1554,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"afd6dadb9533533d8514ac548303e331","sha1":"0b297795e161099658da59b3912482e86732e56d","sha256":"e378d3c8bb137aed4116bdd0c560231896d500f4edbb80088c14fd8fb220c3a9","sha512":"0df2fd8eb6e505ad35fff7e135feb15d50d1ae87d9990d9fa472fb834b7baf48ca73b3e8850042c74584e60de2daa8b9a4a981e5bef460ab48ad5f8ddb5d03e6","ssdeep":"","tlshash":"6cc08cc4a0c22d101602661014bf29e59024802671881b42cc94e8882e220f08233e98","size":140,"data":"","first_seen":"2023-06-06T09:30:31Z","last_seen":"2026-06-08T12:43:52.016346Z","times_seen":880,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"e411f1a9d872d771baec2b843a210369","sha1":"2af9bf51811e734df2250634396670416c44bc20","sha256":"dda6f0710d2edc4118ed2fd0828b4c8d02620fa63b06d85913304ca9a21ed1f1","sha512":"ea6199e39cd448cd99acb03f076e5fef20a9589587c667f5ec18b64d505d84550d286243f632f6dca13cb63836b41f1a0f25ca5ecf4fe20037fa6f737287ccad","ssdeep":"","tlshash":"71c080cca1d63d2029155814106f35d460344027b14c1b46dcd4ec542e130f09277e9c","size":163,"data":"","first_seen":"2026-03-26T07:51:16.093894Z","last_seen":"2026-06-05T02:19:33.67953Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"3ca9bfdb272d0f99ef4ff26677b28d49","sha1":"fbb6bbdce8bf3047c34a2d8a422fc89168478ba2","sha256":"ddf5c78b107bc0c0c1dc421a47d16738a098b61347d939c03f96c99fc3b1120b","sha512":"3b43ef5646f747f249302742db13b575fd7fad0add6cba196700d32ad969dd4848c0e8f669aafae66883283c6ce8cbeb1cbd8c8f4fcab83ecbddd4b6f68d9402","ssdeep":"","tlshash":"4fc08cc4b0c27d001a06641110af25e49024402670882b429ce4d8482e620b08233e98","size":139,"data":"","first_seen":"2023-06-03T18:56:31Z","last_seen":"2026-06-05T02:19:33.683603Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5d31ff7e60917b0ed4a4b70d37f66a2b","sha1":"c50f1dcef18065974e84265a1a49bdd0ee29e449","sha256":"aa6fd728eecb263d1055ba5f0b243644492895c8b51fdf396aeb35f2026ac848","sha512":"37b9cf72e1f471ea4b8ab70e1ced41fd251b10d068879907f2f7dd3276ac5c5cd9b0c3b90a731ee5449d42ba3b181ce145207561b4e72ddb32bbf1337361fb8e","ssdeep":"","tlshash":"72c08cc8b0c22d001606641010af24e49024402670482b028dd4d8482e220b48233e98","size":138,"data":"","first_seen":"2023-06-06T19:23:28Z","last_seen":"2026-06-08T02:55:51.752036Z","times_seen":302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"bbd22edd23ea34adc33d479042014033","sha1":"8df23d259a201211c72d04edcffb4552023382ca","sha256":"cfc1ffb4d1ec5802bbd6e3b52a6f2c039d9f5caa2aa8dcaa295bd1c1378ea22e","sha512":"13d8977aedf59d9dad475da341fe83e6bc2f4ce9a054f98f65e2b85ee13cfb11b02e8ce14d57028320956b3264c61f28e9d11d8ef2dbfef2f46624d22ac59d5d","ssdeep":"","tlshash":"28c08cc4a0d23d202a02b42010af35e4a028402b704c1b27ddd4d8892e23db88237e98","size":152,"data":"","first_seen":"2024-12-31T04:27:31.954862Z","last_seen":"2026-06-05T02:19:33.695858Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"fd36096a936b69fbe1eca8358ce0d045","sha1":"55f96747a71eeb9fd0902dca8b5042d06c6fefab","sha256":"95c202405b8f1e893e9f61c9981602622f285691cfb689114483ee81ff96616d","sha512":"9eb450becfa9a713a0b4f995cb4feadfa2f004a694e4fa3cc6fb7c44695e0220e28fc4620eb27e5d3213bfff8f2e638294d7a694692b854ffffa93f911513dea","ssdeep":"","tlshash":"dac08cc8b0c33e003606a46064af38e4a034402b70881b128ca4ec4b2e320f49233eac","size":153,"data":"","first_seen":"2023-12-01T02:41:06Z","last_seen":"2026-06-05T02:19:33.681108Z","times_seen":67,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f2d562f0482af28097a1e8bff743e202","sha1":"ab1f7442f13da01242f874f07b84041f32ff8cb8","sha256":"8ea8193c70220762139c7844d4be3c37d53d805256513bc224b53d16ad35730a","sha512":"2cf8993becc7c96e42b0499e72862eefa57d365830253e8b580c35ee9f854d4adb0b5b6817b56dfb125acdbc496ae99e8e78d7f73220c4093e8f2d2e521205f0","ssdeep":"","tlshash":"21c08cc5a0c23d002616641011af38e49028402674481b029c94e8482e230b48233e98","size":137,"data":"","first_seen":"2023-06-05T11:50:57Z","last_seen":"2026-06-07T18:30:53.001133Z","times_seen":498,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f16f28a9c4872061b2b36f384e4ea78e","sha1":"cd56a42bac5ec346486cec73bf12604846d80bfb","sha256":"54fa6a20458789668b5911a657c305875a98ad1a64d1327adaad92f5ebb9df6d","sha512":"036b8267ab3b8a98839d09e030023e245f1640b78259abfde2c6303dc2f76ea608e3cf8992d3822b8bba41758359c2f3d639e927de4d3368e8a6648fbefb57c9","ssdeep":"","tlshash":"7dc08cc5a0e76d002616685015af34e4a028402678881b038c94d89c3e220b49237ea8","size":144,"data":"","first_seen":"2023-12-03T06:20:29Z","last_seen":"2026-06-07T18:30:52.97317Z","times_seen":316,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"870d5a341deb35b0fa70aa7678972985","sha1":"46aa41a6765dfb799fb25decd0ad14f65bef0624","sha256":"66b5c7da551cf1d24194977513ae641793570de9c2e9eaf5286a0e92b125145f","sha512":"d61ed13c30e2bcca933a6e1aa7676b8fd836cc2927f76417f629b0bb9b24e39af87caf0f65adb1641a1377caea0a6ee1e8dcbdeffadd642924aff18b6ca126b8","ssdeep":"","tlshash":"81c08ccaa0ca3e109622642854af38ec9035442a74485b53cce8e8493e270f48233efc","size":155,"data":"","first_seen":"2025-10-11T09:04:26.503504Z","last_seen":"2026-05-03T02:06:24.364671Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni-icons.CeORqMFo.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"0a7db9e2d261ae77acd4bfe36ff5d028","sha1":"e87642cbf71ef0651fe30658b394e81346f25977","sha256":"273cf0487684a18a13eacc4a27854c57ec48605f2ee392b95bf49572096b8aa9","sha512":"3567545c5f6b11dcb8ec88d3b6cd8db39aee1ccaf59afaa2cd36906b275ce8a651f088b750b75973069401cbbe7714c2900ee4160b8848bca94a2e27a51ea1ed","ssdeep":"192:+mrXEy1lUnUG6qkFqA8TkJcYyqn5SxK5TgeaaBVZ0O6mNj:9rX/BqQcY15T5PVZ076","tlshash":"de721349cb8c299c2fbba74d74cc7076114e0f95c90e3cec6c65e74ea5dcda6268132a","size":17426,"data":"","first_seen":"2026-03-26T07:51:16.002038Z","last_seen":"2026-06-05T02:19:33.604614Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff6b22aebeb465761b33cafb299a861a","sha1":"5e901f28e4fb78a33e75dab990a68a2fe371636f","sha256":"e2b9b500d781c2e8a301050dc6b8dfc51e474510d41ad5f86061244f37cfe88b","sha512":"4803d333aa1e4eed39ce4c6a7492e4798b7d66d967c8a8e6fac9145e0a08cab2b3a8c4db6e7230f16b1c0bd26aead4fd4751866bf928ba5001e5037bab7ba0da","ssdeep":"192:yQoxZHzC5k9F/UogsLUWaT6FtAgzz0I6DnvvGf4pVCjW02adjgfKhZSRihh4M9LD:y/ZHzC5k9PRUjTGtAIJaV4W0VB93fcK","tlshash":"5fb24209ff1cc6786ca22118c09a8060757a99afd505385fa2f4bf3f4266d2859ddb3f","size":24388,"data":"","first_seen":"2026-03-26T07:51:16.035782Z","last_seen":"2026-05-03T02:06:23.94489Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"536c3c6b90ee834a439d489c79336cc3","sha1":"525e609e9477124df7f5cda9187c6b27ee26acee","sha256":"bf39d3c99af9e308dcc07f4b745feb8ffce05370775f35be27da1f1dd2a818de","sha512":"744a7d7420ef72b7068a5fd2a321abaa1e1d4041d3cc399668533d267a7e5f3d496ef0d343385a60dde3fd8770c9bb8e158bfe61c4859c5ead5fcfac70ccde33","ssdeep":"","tlshash":"2bc08cc4b0d62d002602682050af34e49024442670481b428c94d8482e630b08233e98","size":136,"data":"","first_seen":"2024-06-29T09:12:59Z","last_seen":"2026-06-05T02:19:33.664866Z","times_seen":150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a39b5ff589ae67a49f0f4bbea75fa0ea","sha1":"0f45ec9451ac9f73f27f52e89128f3b2b374db12","sha256":"46a0fa78a104a1c19b1d3e1c4f6235ad61d83af59abffece54765565ca01e6f8","sha512":"d71db39910f77555c1ff7a0e7daf2feafe3c62ca6b648f37f11563e3fff8eff43736e952c083854d7287b4c91803344f5e3cedbdb039c2d44ef40142bd5c3b6d","ssdeep":"","tlshash":"03c08cc4a0c26d102612a41010af34e4a024402a70481b128c98e8492e230b08233ea8","size":136,"data":"","first_seen":"2023-07-14T08:52:04Z","last_seen":"2026-06-08T13:17:04.199303Z","times_seen":5008,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"1ca81d3ea46b1319caf799768928f814","sha1":"a7eb87758ab9d548b3204450a144de0f10ab7d03","sha256":"05df158645dfe5735335c1aff217264359e89dac84e1c7fea23cd657afa3860e","sha512":"0236808446811ca8527c7101b0a110a98e6b5ee324b25ce45ceba069c52eeec95791172dfc4542fe89e81f52ff1c904d801704c3e1a227111db509ad78f824a8","ssdeep":"","tlshash":"7dc08cc4a0c32d101a52655010af25e490344026b04d1b02cd94d8882e220b09233e98","size":145,"data":"","first_seen":"2025-07-16T11:12:21.739292Z","last_seen":"2026-06-05T02:19:33.654194Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"3027ecbed48e2be2f50a536422ed9ffe","sha1":"6d6a03e5f30f0035ae511ceda0aa7541663adefa","sha256":"35da71a997c9e053673933a4161b1dff616a09a492a7a3e79a8442eb78f08bd4","sha512":"8b8c87d1a147d31852460743831f418d60866098a76386436c9b294813805fff664961d9df2e7054d915da09f5e0e0242a1205623875db6d91c4976a38581688","ssdeep":"","tlshash":"4dc080c8b0d72d5499175451157f35e85035442b70481b528c94dc553f730f0d133ed8","size":167,"data":"","first_seen":"2025-10-11T09:04:26.556272Z","last_seen":"2026-06-05T02:19:33.676056Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"034cd464971bc756ef3bd625955fdcd8","sha1":"c4d12fd6e130bfa0f6023ad9312edf23a0f36963","sha256":"0e57f1eeed8b10e6a6cbdbdbdca79c79f182d095640336d0b4a412c2b4111006","sha512":"78169e7f15f43d3d9e7cfd0ceb951061147aed160e2d1ba6e454f4d24d06ff8bee96b579f64d898cd26f581f017ad67609a132d6ba1fff3975141665c58af74d","ssdeep":"","tlshash":"38d023c5e0d13e1017127551747f25f0d1304456744c5711ddd4d94d3f560b14333d5c","size":210,"data":"","first_seen":"2025-10-11T09:04:26.510183Z","last_seen":"2026-06-05T02:19:33.688237Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c2d9f9c64c64f635fde7ba9fb77a2a8c","sha1":"35688654ceb98b5b1a1a6104467cac8f80ceed3b","sha256":"bf69d85e92852816b2c8a3eeab185bbf76cda999fb0e0a9c1a7eac0608ac5f41","sha512":"d887a59a7532da1f8831071da2d59e03a5501b3037f92706e11360c721eb05776641fb26cfdc668b60926a8e58004438f056b8d3a5c7bc249b24d72134545459","ssdeep":"","tlshash":"5dc08cc4a0d23d101602a8a225af29e8a034402774481b229c94d84c2e224b48233ea8","size":143,"data":"","first_seen":"2025-06-19T20:06:53.569386Z","last_seen":"2026-05-31T18:39:52.225107Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5948bc3b90afab1829ab7ee61269f24e","sha1":"517e29a82521418181f702543be8ae74a3bf68b3","sha256":"14fc83a84c91770211dc352186f8e87ddc85e87c2dba0c80a159b45897b9ae2d","sha512":"05c079bbf0389ad341941c3e837aca91dc9aff681cee8da0b4560551ba13e6bbb76b01213af6514e6991e3369062870866a41e67e6d67a37038ddba3ddee7d5f","ssdeep":"","tlshash":"a5c08cc4a0c26d002606691010af24e49028802670485b028c94e8592e264b08233ea8","size":139,"data":"","first_seen":"2023-07-01T13:40:07Z","last_seen":"2026-06-08T12:43:52.033748Z","times_seen":1013,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/index-Bvkv05nm.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"89e4db0293580cdfe393673257ce5c14","sha1":"c440e95f0d17a80a02786c1393168457cf378a1c","sha256":"684230895b20ba086ad4b7029fc5618ac9f0f72f8257a5eeada3325e4e0a6e78","sha512":"4c315861918ae136047c220c240949d91f3a73476d549d2aad8395941b2e2ff8c35da9668247b3b1b6621a85a6a213024d172baf9b6fe4fb6121c0003e495dd0","ssdeep":"49152:JjTjU3e7gTZ4v1QdgWm+jOkKbCakYCvjTuBIYYeYHmsuNjIMdUloMkOokO4kO1k7:9qu/","tlshash":"bca5c62c2a5bf354e959c0d7f9373c84919de18ab00714d14fb98bb30ba5782eaadd13","size":2108849,"data":"","first_seen":"2026-03-26T07:51:16.10794Z","last_seen":"2026-05-03T02:06:24.333711Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni-app.es.DryKfclR.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"39b47d91b737c4ea36792cc321fcf87d","sha1":"9ef7c05c4749651e944e023859c108b98297ee93","sha256":"f2fa8a1205df8dd9e48b1269e689d709ef3f5e59f785743a1660db20230dfb49","sha512":"0e80cbc1d107e792e21534bb94c0e3460a2096d67873e11312e4735f2ff2af90290e45b15a62e135b719caf36ff2d89438c99a1c4fe9cb299bdbc0c1a9a7fbd2","ssdeep":"","tlshash":"77a01207604130125802284000a6640b51f611f145888e3081d913245ff44ec812c90b","size":84,"data":"","first_seen":"2026-03-26T07:51:16.007695Z","last_seen":"2026-06-05T02:19:33.591999Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"534f707176abd4fa5828298e08e02e84","sha1":"67b7709d0fe7b17d88e9a16be7cd1e931c358081","sha256":"f441d55158084d4bc2c9f31ebd4e3f61d2221a3d40f81d6f6f9b76a5e816e7ec","sha512":"03fac4c354ad7a137b8a1f0d4629afd3a07c5d6358e8fbe9ab455e02fa89a0323736c08265743e5cb207e21f078c8623c44dca6307f3cc3b23f75669075d2e5a","ssdeep":"","tlshash":"48c08cc8a0c22d001602681011bf35e490244026b0481b029de4d8482e230b08233ed8","size":141,"data":"","first_seen":"2024-08-20T09:58:59.107733Z","last_seen":"2026-06-05T02:19:33.662121Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"44a314d5006b40415ee8ce332795a096","sha1":"37c2fea15fa7b03c50ad8c6e45c686d060af2afe","sha256":"6990016294a3d3d7cf9a55b4ed775e0551a331e514582a81f8affa64671e6aa8","sha512":"dbae0b355d6befd1c0d00b075a63620dd8e5d54b1c240ba1fdd4241b8d0cfcc47717a3b4b80d2d27c60e0a56d74cff6a2634a6155d981277bd352ec56cd717e8","ssdeep":"","tlshash":"53c08cc4b0c26e401602692014af24e490244027b0882b428c94d85c2e220b08233eac","size":141,"data":"","first_seen":"2023-12-22T11:18:51Z","last_seen":"2026-06-07T18:30:52.997522Z","times_seen":208,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5f3ab12d935926923cd234cc86c658f0","sha1":"4ceb77001ba466756e20d597568bb3fe1da01138","sha256":"0a207956f29d9546e41a4e3b8354ef52baeeb8ae4c8a5c82252e64f528425a4f","sha512":"1e822812677eac95e857a87c73cba93104bc07719a8144e63731529672933355451f9f0e38ca48254f749e7c8dedd76d149ad6feec1527523b08f069d1baa928","ssdeep":"","tlshash":"f1c08cc8a0ca2d001612745010af25e4a0248027744c1b128ce8d8582e230b08233e98","size":140,"data":"","first_seen":"2023-06-05T11:50:58Z","last_seen":"2026-06-08T05:16:21.759055Z","times_seen":167,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6c4b63197790d25a07f25a43bd99b082","sha1":"9cf651883e08001a9ec271a0c3c2d4ba8cbfda2d","sha256":"cab5094ca7bb9e74a1d0753500ab633f54ee468f574b0c71293e95e0eeb863b6","sha512":"019ba7e344e3b8e2fb0b9b422fc54931b8f5650f519c8532a13b38b604c7761110390b28f6531300602e1e130ef426834d9ce94baa0654db26da7edfbba9b19e","ssdeep":"","tlshash":"5dc08cc4a0c23d101a02641020ef24e8a024806a70881b028c94d8482e230f08233ed8","size":140,"data":"","first_seen":"2023-06-19T06:03:31Z","last_seen":"2026-06-07T11:27:45.487824Z","times_seen":717,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5f3ab12d935926923cd234cc86c658f0","sha1":"4ceb77001ba466756e20d597568bb3fe1da01138","sha256":"0a207956f29d9546e41a4e3b8354ef52baeeb8ae4c8a5c82252e64f528425a4f","sha512":"1e822812677eac95e857a87c73cba93104bc07719a8144e63731529672933355451f9f0e38ca48254f749e7c8dedd76d149ad6feec1527523b08f069d1baa928","ssdeep":"","tlshash":"f1c08cc8a0ca2d001612745010af25e4a0248027744c1b128ce8d8582e230b08233e98","size":140,"data":"","first_seen":"2023-06-05T11:50:58Z","last_seen":"2026-06-08T05:16:21.759055Z","times_seen":167,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6f5107feee82cc0eee2048842c333c84","sha1":"b9d071c4f70aa9212c9c82b4b056068139ecb446","sha256":"0ae20d5ff6b0c6264e85628633db8a1c8e163c86dbbf4ca5e5d093fbca986e8e","sha512":"cd2079ee48eb3ddbc6fd6d70550aeca453f7b6bf091d123e1c806ba0fb4946edde541654479362afb1d033f84f6f541411d55f54c0a38c04af8a4fe757cefeb5","ssdeep":"","tlshash":"71c022c6f1c26f00495150701aaf28e8a028802661888b468ca8dca93a134bc533feec","size":194,"data":"","first_seen":"2025-10-11T09:04:26.547658Z","last_seen":"2026-06-05T02:19:33.694223Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/drawer-icon4.DunHuFkW.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"2cda18a37ea92c29ef1e6a6363c70ab8","sha1":"8516208f971a08b9f0161c3fca4ca2d036b48b1a","sha256":"9add3ce44eb9862bc1840f3f4e152a47ed43f5526af1ed5e081a2823add47a74","sha512":"236bdea2f490fd9aeac6c3375a1ef4c6137b79e56e1279cf655f4dbf03906da56cb79debce5ab1539ff0c7dbe0ee291ff90a778ccf065683bd6ec0be95e40473","ssdeep":"384:PT9kBCayC5T/kgOnL+akiuFY6cA6rw28Sk:PRkBCay8Ig6L8bFhp28Sk","tlshash":"1d929e3a342d7db54dc5526021090202de2a2a5ec4b8317ebfbdb7ef7f49c50666a734","size":19616,"data":"","first_seen":"2026-03-26T07:51:15.99389Z","last_seen":"2026-06-05T02:19:33.59624Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/pages-opening-opening.D7QEmFY1.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"501cca50df966e93d3e728cb832d292a","sha1":"712a0d0a8195abf91b23b15358549793647148da","sha256":"191fc365110c82b3580cb27a1c0536a49c8b091d80b6e13240cbf065b706f8c3","sha512":"6b04e80eae7e9c73bd4b8f7b9ca26cdb5224829675080fe83208be4127f8db920b7be31ccf6a97de866eac9a5e7a671722534f5c63429e3413754c572359be3c","ssdeep":"","tlshash":"d2f0202c0719a0b1c62400d49113b7981c242270032a8889e7b4e81ffe10dcff32dcb9","size":557,"data":"","first_seen":"2026-03-26T07:51:16.020229Z","last_seen":"2026-06-05T02:19:33.602003Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d91a76641e60f759d6c8c4d41b9ac625","sha1":"c1784eb12a27dd2d6537d0de2303b62f355193fe","sha256":"ef095fc3d49ede648c56556b340858a6c0ea412e09f3326a742f143cf8a099b6","sha512":"e7e0a329e752ef3c9c0b4ea1eb59a7e02f9996f5d5fd15424311aa282481f0f60f43419378664b17b4ad48039a8a6fd3bab767d676c8f39cea44a87af844788c","ssdeep":"","tlshash":"b0c08cc4a0c22d001616641411af28e89028402774481b029c94e8482e220b48233e98","size":138,"data":"","first_seen":"2025-06-19T20:06:53.559343Z","last_seen":"2026-06-05T02:19:33.673029Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d91a76641e60f759d6c8c4d41b9ac625","sha1":"c1784eb12a27dd2d6537d0de2303b62f355193fe","sha256":"ef095fc3d49ede648c56556b340858a6c0ea412e09f3326a742f143cf8a099b6","sha512":"e7e0a329e752ef3c9c0b4ea1eb59a7e02f9996f5d5fd15424311aa282481f0f60f43419378664b17b4ad48039a8a6fd3bab767d676c8f39cea44a87af844788c","ssdeep":"","tlshash":"b0c08cc4a0c22d001616641411af28e89028402774481b029c94e8482e220b48233e98","size":138,"data":"","first_seen":"2025-06-19T20:06:53.559343Z","last_seen":"2026-06-05T02:19:33.673029Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"9475cfd7336d78ae64ded85e4184c272","sha1":"e5d3364a97caa068ed7ccb7a2dd47df61cfd928d","sha256":"f9f26d47749d73d74ad729652077870cde85bcc6bd4e060ae1d88fe1b9cd3792","sha512":"906d05f7fee2fd2e438f9cfa9fb528187541809897d0ad6b9140b48edca10572f4de6e29466c59fe256772efe7da45e30271665bfeafa5df362b8a36d159b42b","ssdeep":"","tlshash":"7ac08cc4b0c22e201a066464a0bf34e890344436b04c9b02dca4d84c2e264f0c333ed8","size":150,"data":"","first_seen":"2025-10-11T09:04:26.509017Z","last_seen":"2026-06-05T02:19:33.651165Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"cea72de87d48c2b430f36bd3133a5f2d","sha1":"4e53a13d6a4057aff49b3e5194fee7d4f17c9141","sha256":"2b149acbe391875ef6aea3b10865be92ee058ad819b48e83813c2a2c8ebb7304","sha512":"a69b9a961d6cbce11721200b8a5bc9c8e58a1e77f9225bc5cf9dfa46beacf0e080da75babdfa2ed39835fd1e84671d268efc250c95d9c8820beb3e80b1a559ec","ssdeep":"","tlshash":"5bc012c9a0c6295415116514186f25d4a024401670486b029ed4d8542aa30b84233e9c","size":161,"data":"","first_seen":"2025-10-11T09:04:26.539003Z","last_seen":"2026-06-05T02:19:33.699849Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"73ee08be9899a159093bcfc4191a3370","sha1":"298697c66aafbb5b2711546740dc154a4a24a1bc","sha256":"6bffe0fa7da37fac1bbcef4d7dd78e823ddc850e41f2713ed598c31d096435d6","sha512":"0e08e7a07a4cc8d76bb653daed9a36cdf22ba208da71d5d24734de497584492f2d90703f55c0037f2a68ec936aaf39ff0200147007b4f8b5d903cd2632124aba","ssdeep":"","tlshash":"ace026da82e12b684a22114061fe15e88036503ab4085b49a89492952a914f492bb9ac","size":306,"data":"","first_seen":"2025-10-11T09:04:26.548733Z","last_seen":"2026-06-05T02:19:33.697656Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3df38511ddc1798fced45fd3ddc0ae4e","sha1":"5172a9514fc72f60710569ad9195f5a1ce38f265","sha256":"d6800be8d60d81a72514f449f3ea2039ae413185c00a2fa267c02e34457a0f63","sha512":"087916c44269173d5526aa64fca5d62f7bde043600251e2997fc2edf70374736183d8993e80133032c9532032bcb1e279b42f10dc4d1432160c8aacb24f5c4c5","ssdeep":"","tlshash":"91e068c260b7294c1220c156304ac4031fb608739e868d613c8c77a58ff9b5bc56d899","size":383,"data":"","first_seen":"2025-03-02T13:36:53.293678Z","last_seen":"2026-06-05T07:28:30.70317Z","times_seen":948,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"617d5b8a19009ac018d52e4da473494f","sha1":"0c43d2c3d1b3b8dfcf072591f205e4b2d2c605d9","sha256":"31301f431c4ac94b7e3a838177d9608f28f641c7472b85a36f51bad84dd1187d","sha512":"b8241183d03759e84b78846bd892fd89b28bf7eb7d72c1691a70d90cdd7ee65a37982e7c34b3b63d6f129f9b02a43da779815eb6dc29a00a148651083b80ddaa","ssdeep":"","tlshash":"46c08cc5a0d62d002606685015af24e8a024402a78881b02cc94d84c3e220b49237ea8","size":140,"data":"","first_seen":"2023-04-15T19:29:40Z","last_seen":"2026-06-08T00:29:40.352014Z","times_seen":1514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0f876fbb26770bd14a1c24fefe42bb12","sha1":"c1f81c04c4979e8aea61aba7d9b355d4b9701d1c","sha256":"f4ba4ef1ca15075f6dca80cd463f54e3f84ad70f2d288bdbd83f4da9a9d7b267","sha512":"2efe3ea4d8d3f73a8511cb49823035c5f53859f97264f0db333105111d2c0029ca34a73eb105a1dd4333dfecdb06aeba8318d1efb32f07bbcd37d9dc90dac751","ssdeep":"","tlshash":"5ed02b86e18938601962a599147e68d98038086930544f0d4c94c80437222b5c333a88","size":248,"data":"","first_seen":"2025-10-11T09:04:26.507688Z","last_seen":"2026-06-05T02:19:33.696714Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"e5c6b39383c1f6beadfc464ff77a58ea","sha1":"24783bce7ac0a47c10b9bb418deecd3b86e7ac12","sha256":"097135a5a99eebc151675b4fedc40b64d267627f4e3276a80631886c8d5a83be","sha512":"d0cdc02cc16b70209f60d14cc95a16250e6b95894a106ddc92539ae14b7206138d123dd2efb2194c451e3da5daa8d5cd3101b4d28db84405e300978121dd3346","ssdeep":"","tlshash":"62d02bc6a0d5390585a7e00051af64d4707c8415248407879c64d8791d730708323d8d","size":252,"data":"","first_seen":"2025-10-11T09:04:26.498418Z","last_seen":"2026-06-05T02:19:33.670612Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"e27337b44baf1e764e9605f98de81496","sha1":"050e67e4313cc53aec3d708e6af0e493ba316820","sha256":"d1b393469157f4691282f0da3fdfdff8646dcf7d1b0b4dd66abd69eb0e903e87","sha512":"8e172c514ef5f2a4ba91996752a7fb78261e537cf7c3a81e2c1c0d56821dd4928750215e198a24f87c3de3254c75266980f5a960930d32f48d3f6ab96b7a15b1","ssdeep":"","tlshash":"ffe07d8ea2a139a1a651396550ff37cce9391079319c8681cc4894a97f570b4833bfdc","size":319,"data":"","first_seen":"2025-07-16T11:12:21.755323Z","last_seen":"2026-05-03T02:06:24.498884Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f1a43563c75f0f600404de94d378149a","sha1":"39ba0783d667b209a0dccacf27fa6e0a93ca3bc9","sha256":"cadb530f5b17955972c55bebc16c0c07b349df7b53877ffd64efe1c6c92fdfd1","sha512":"993ccaa6ca5d3b1b19bbc87860b25a39968a07e393cb673debf6d78f2ae992f2b6a2489240ba69143d26fd3cdfe980287989c395836f8a7231f91e7fed1d8222","ssdeep":"","tlshash":"12c08cc5a0d77d006626646064af64e8a034802b70482b438dd4d88a2e620f08233e98","size":147,"data":"","first_seen":"2025-10-11T09:04:26.520505Z","last_seen":"2026-05-03T02:06:24.183292Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0f40806f855fc503ec7fe0e2cdc6da5f","sha1":"ad59d99993690064ee6565eea713ee4c5260f572","sha256":"954bc1931a5584c910a5391a0e2c05ba7190f3c672433a85c162ac948a74a44f","sha512":"7ea9c1cffaf640bc7083f2306a134368aa54ae775230a1f1990c43817594d950ecbf94412ea7ab6262bb8add4715ab6fffe7579f85b0a1c07f6acc4f8207cd9e","ssdeep":"","tlshash":"1fc08cc4a0c2ad001a12649010af24e49034402770481b029c94e8492e220b08237e98","size":137,"data":"","first_seen":"2023-04-13T00:16:19Z","last_seen":"2026-06-08T13:56:48.019363Z","times_seen":5633,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"784a5917a9e1594e6d9b2af55f810cbb","sha1":"e12423de2f87634c81c2c865a5be64bfe7e8b240","sha256":"71a85795de4b27364739b895b284e8809367b50ab0a9a649621a4c6516fcf2cb","sha512":"dcb2ccf1f8ff712bab5e2729b62f68e8c8d546d1a6f67aa6ed025c020da64bc1de4bade66fecff0f776ea4e8e69422903c785089dfa275a3dd4850590993f9d4","ssdeep":"","tlshash":"85c080c4b0c23e101507945164bf34d45024441770486b56cdd4d8542e320f05333d9c","size":157,"data":"","first_seen":"2025-10-11T09:04:26.517373Z","last_seen":"2026-06-05T02:19:33.649051Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"78f892a6cfef93f07558761073154f55","sha1":"709b139cc0edda8dd81d62e01b7d1b25e98cb681","sha256":"1c41adab46d50baf11f93365929c9bb19e5509251dc3edf77121189ee99d6617","sha512":"36ad297cf367d877ed0395bfd59422fa6fbc802d26cb41f465bcae70950fe7ae3b428d3048f8bcffbe99a6d8da08f387c8b252f91a8cc8315c3866a1c75a9df8","ssdeep":"","tlshash":"5bc08cc4a0c22d105606641010af29e49024402670889b02cca4e8492e230b08233e98","size":136,"data":"","first_seen":"2024-08-20T08:22:25.451659Z","last_seen":"2026-06-05T02:19:33.652504Z","times_seen":121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0f40806f855fc503ec7fe0e2cdc6da5f","sha1":"ad59d99993690064ee6565eea713ee4c5260f572","sha256":"954bc1931a5584c910a5391a0e2c05ba7190f3c672433a85c162ac948a74a44f","sha512":"7ea9c1cffaf640bc7083f2306a134368aa54ae775230a1f1990c43817594d950ecbf94412ea7ab6262bb8add4715ab6fffe7579f85b0a1c07f6acc4f8207cd9e","ssdeep":"","tlshash":"1fc08cc4a0c2ad001a12649010af24e49034402770481b029c94e8492e220b08237e98","size":137,"data":"","first_seen":"2023-04-13T00:16:19Z","last_seen":"2026-06-08T13:56:48.019363Z","times_seen":5633,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5948bc3b90afab1829ab7ee61269f24e","sha1":"517e29a82521418181f702543be8ae74a3bf68b3","sha256":"14fc83a84c91770211dc352186f8e87ddc85e87c2dba0c80a159b45897b9ae2d","sha512":"05c079bbf0389ad341941c3e837aca91dc9aff681cee8da0b4560551ba13e6bbb76b01213af6514e6991e3369062870866a41e67e6d67a37038ddba3ddee7d5f","ssdeep":"","tlshash":"a5c08cc4a0c26d002606691010af24e49028802670485b028c94e8592e264b08233ea8","size":139,"data":"","first_seen":"2023-07-01T13:40:07Z","last_seen":"2026-06-08T12:43:52.033748Z","times_seen":1013,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-icon.CkGhA6dg.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"271fdd3f4ae2aa8f0288125ee5dc5908","sha1":"709b090535d17ae6c40c0813bece5f0ed0ab7b71","sha256":"d94c8e6535d3c8f080463255cbcef024bb3bd6d63e13ab67f756e704914a35f6","sha512":"5b10cb0ecff56343dfc59d55537f25092b54bbdc33dc03e03eba9d9733b33cce8e87aa16df7b7b3dd697ab763ac397e1414c4e21691007977e74690592591ce4","ssdeep":"","tlshash":"7981834e64f9ac2b6e8e7dca544c1203d0d19f58e9e0fc52ac9e08e5e57e954b20df2c","size":3972,"data":"","first_seen":"2026-03-26T07:51:16.025863Z","last_seen":"2026-06-05T02:19:33.598171Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-drawer.Ble5JxOT.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"958d21a3b5b0313a533b21618299873d","sha1":"c0abf61cf63cc89a8c3acd10f899e0f78225091c","sha256":"8b247b50b8cd262a67bbf8d108d1da192bccdf4ab2988b9546e9f46608269ef4","sha512":"f27a4bb5e0f932c58e024d5b57bf517f6f47e7f276b7ed4cb63bd1ce6a1b7fcc6b327845af6f41b7dc197955d9477fa07bc6f04a9d5ffe7805de7f5b1400840c","ssdeep":"","tlshash":"6f4176357008383734aac4b5707224880c7c272cefba3bbebdf1a3799e80458614e729","size":2008,"data":"","first_seen":"2026-03-26T07:51:16.055628Z","last_seen":"2026-06-05T02:19:33.592761Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"e2afd6a6074dd2653c2423615ce736fd","sha1":"4476024c7fc2edf3efea42a4111a937f4fafa98d","sha256":"e3339d58480507c04283bf11951ae595d8ef1fcd1d22990993247dfbf6b902c2","sha512":"39f3f33c6df73180700a08253487b10d71ad904da782a348278c7949d02e8b99ec6b0dc97ea60a37243c0dee8f724beb34aa1c4f047640c8685698448838f0de","ssdeep":"","tlshash":"c0c08cc4a0c22d101602681010af25e49024402670481b028ce4d8482e220b08233e98","size":137,"data":"","first_seen":"2023-05-21T18:09:43Z","last_seen":"2026-06-06T16:42:49.431826Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"4158ec4cc7f502c658b395478fbc573b","sha1":"79172da18dd5a1c9d4926935197d532724f3ea90","sha256":"1792c1f3c551148a90c8923cfcb5066823f6831b33be677be5395039849e2c6c","sha512":"96d300207f30b4cf5b7dfd732440c2f69c35d35dbe8c72e9ce93bc32a817517bb84bf713c5ca7cb49872a9e77aff041f764461d8566167ba6f82be8b585458f2","ssdeep":"","tlshash":"40c022c4e5c3bc110a03b628046f34e09024c02a308c8a22dcbce9582f130bc8137e88","size":193,"data":"","first_seen":"2025-10-11T09:04:26.536733Z","last_seen":"2026-06-05T02:19:33.691683Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"afd6dadb9533533d8514ac548303e331","sha1":"0b297795e161099658da59b3912482e86732e56d","sha256":"e378d3c8bb137aed4116bdd0c560231896d500f4edbb80088c14fd8fb220c3a9","sha512":"0df2fd8eb6e505ad35fff7e135feb15d50d1ae87d9990d9fa472fb834b7baf48ca73b3e8850042c74584e60de2daa8b9a4a981e5bef460ab48ad5f8ddb5d03e6","ssdeep":"","tlshash":"6cc08cc4a0c22d101602661014bf29e59024802671881b42cc94e8882e220f08233e98","size":140,"data":"","first_seen":"2023-06-06T09:30:31Z","last_seen":"2026-06-08T12:43:52.016346Z","times_seen":880,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"536c3c6b90ee834a439d489c79336cc3","sha1":"525e609e9477124df7f5cda9187c6b27ee26acee","sha256":"bf39d3c99af9e308dcc07f4b745feb8ffce05370775f35be27da1f1dd2a818de","sha512":"744a7d7420ef72b7068a5fd2a321abaa1e1d4041d3cc399668533d267a7e5f3d496ef0d343385a60dde3fd8770c9bb8e158bfe61c4859c5ead5fcfac70ccde33","ssdeep":"","tlshash":"2bc08cc4b0d62d002602682050af34e49024442670481b428c94d8482e630b08233e98","size":136,"data":"","first_seen":"2024-06-29T09:12:59Z","last_seen":"2026-06-05T02:19:33.664866Z","times_seen":150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/currency.B1sKu_8h.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"6cd405b81f50797fb0e3c214367c76e4","sha1":"d3f1dc6e547f27291952f307325debee87bd59c3","sha256":"a6fe24fee996bb92cec473d01a5f1965c5351835291ba52bd56c34b114829619","sha512":"1d60aa9ef0ef6eb461d054f51a772ccea649493ddcaa5e13149155481621cd4e3de29f8079d7e5c3904588895ef30e0d7ecefc45e9c25e159bd5ea9f709e473a","ssdeep":"","tlshash":"ddf096dbd4a2d4e2c1795b44752962140037bbb1341b9ae03b8d32c6f3d8187c036d7b","size":561,"data":"","first_seen":"2026-03-26T07:51:15.991452Z","last_seen":"2026-06-05T02:19:33.614607Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c5d7f6a8ecd91ebf6cc974297f65c918","sha1":"33887bc7c32f4f1ca776e2da09a07ecc28e7cce1","sha256":"73f2d76b712bcad7f6c8699c180afd8cb5e44451c9a8005e4e8b5818a99dae6a","sha512":"91cac552941ef0df049023c4f9fb67c51f0782eaaa9dda76d4109f1435efaaf4991886d0eedfb47e33c508fb3b05b44cc946fa1877dad879398a8071b67a02cc","ssdeep":"","tlshash":"65c08cc8b0c36e00160264101aaf25e4a028402670482b128d94e8483e230b08233eac","size":147,"data":"","first_seen":"2023-04-12T10:08:15Z","last_seen":"2026-06-08T12:17:39.515903Z","times_seen":2980,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"cf22cdb5c495761f76ab9992ebf13ad3","sha1":"b57aef5b20e486cdeeaa8034cd187d3f3f9bceff","sha256":"3e05e030f3d66bfe7ae10e6b050b45cf7eb3aa94f0d51883b1a8b0110999ceb2","sha512":"f8ad839258b9999fb5f167f325e1e3f2b27e15c3a544ddc0683f28e13f0d0820b1f151de63e4a450505073c33d8b44ba009b18f2aa1b1eeee25f443f6c2e67dd","ssdeep":"","tlshash":"afc08cc4a0ca2d002a03781020af24e49024402670c81f03cc94dc982e220b48233ea8","size":141,"data":"","first_seen":"2023-04-13T00:16:19Z","last_seen":"2026-06-08T12:43:51.968729Z","times_seen":389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/index-Bvkv05nm.js?v=1757894889","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"89e4db0293580cdfe393673257ce5c14","sha1":"c440e95f0d17a80a02786c1393168457cf378a1c","sha256":"684230895b20ba086ad4b7029fc5618ac9f0f72f8257a5eeada3325e4e0a6e78","sha512":"4c315861918ae136047c220c240949d91f3a73476d549d2aad8395941b2e2ff8c35da9668247b3b1b6621a85a6a213024d172baf9b6fe4fb6121c0003e495dd0","ssdeep":"49152:JjTjU3e7gTZ4v1QdgWm+jOkKbCakYCvjTuBIYYeYHmsuNjIMdUloMkOokO4kO1k7:9qu/","tlshash":"bca5c62c2a5bf354e959c0d7f9373c84919de18ab00714d14fb98bb30ba5782eaadd13","size":2108849,"data":"","first_seen":"2026-03-26T07:51:16.10794Z","last_seen":"2026-05-03T02:06:24.333711Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5c475876724a4565137e0248af5d26fe","sha1":"ddf48cc1ed4517dae9e2903438e6752c6594ab96","sha256":"34e880319f67485eb5e5edcc6b5f357104692e25cfdd9f4886d4473abd6c8af5","sha512":"1e656311e465cebbb3e380453390740708d35f83749f5389445e71ee4ef0ef943bec563a99eef8ee98d0da1123996f1baf9e71e064ed89508232d9f73f8708d6","ssdeep":"","tlshash":"02c080c561c67d505552751460bf24e89036401670486b039ed4dc492d621f48137d9c","size":157,"data":"","first_seen":"2025-10-11T09:04:26.537755Z","last_seen":"2026-06-05T02:19:33.692703Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"218bcafcb2a51d736b42202177293328","sha1":"b6d686c07f64cc7bb692ddd311a92270d9812a1d","sha256":"f3d8ab04ba8796f984aeb6190aeb699c4bb8685857ac586e663533824dbed9de","sha512":"2b5ce78163a793bffd5b7866bc03d232b5272c668704d726dc33b85c3ac82071033dc59dbb5e7939be73c55e3cc32d384549738efb7244877fca901891f3a04f","ssdeep":"","tlshash":"f6c08cc4b0c22d102602641050af24e490244027744c1b028c94d8482e220b08233e98","size":135,"data":"","first_seen":"2023-05-21T18:09:44Z","last_seen":"2026-06-06T16:42:49.403187Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"82d5441b9c0539dcd27ea88d9ea3d917","sha1":"679e08e4c20256961c134c23b002741bf3f76a83","sha256":"a1029146ad9d3aab8e0d6ca0d3017b2d02a59b0257327193a08f8fab6e97214c","sha512":"b0839627f39dbe6d9696303ecb57dd7c6851c16ea87c9c79b66f37ef317767388f89869a193ae9140e2643b500a703bed6f1e022093a32423ca891e3243c54eb","ssdeep":"","tlshash":"fee061c6f0d2aa509153112236db16ac517ac016700c6782a80dac5537568fd9133e58","size":361,"data":"","first_seen":"2025-10-11T09:04:26.519339Z","last_seen":"2026-06-05T02:19:33.681782Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"91b70dd0b5864ff9a0b110bad4a1baf7","sha1":"06dcd4878d0be66465dd516507f0b60173f2e1fb","sha256":"1278f8effbd320adb3192ab0e8a3b9079b101aa52733518018684f595faa31a8","sha512":"f193108fdd8c503ad7bf17f3dd3536f3ff3af0295158a5cfae120eb4faa370bff179fd074747af0d5b947ed8c911df0ff575d3a73637e2792023d3c38bcfe44c","ssdeep":"","tlshash":"d9e07d57b2c23b24271315a199af26d4d219481572185b92ccb8f79c3b1e57083b3fcf","size":317,"data":"","first_seen":"2026-02-11T16:16:56.165665Z","last_seen":"2026-05-03T02:06:24.299283Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/pages/home/home","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7618c6855ba5e41ca3b3a43b46e87bfd","sha1":"ff87734b6cacaa7e5797c59279180fdce60aa3a4","sha256":"c663788074e93b14032c003703971dc0435fbdb01cf9ccdb60b3b0d9638dd0f2","sha512":"178800611dd9698ca8e2920d944ae3371427d6d4b74506bbaa1fd04699c188db1325a68be8f7dde179d58de81baf65b305321b465bb5fa23f1c0351a66e388cd","ssdeep":"","tlshash":"f3c08ccde0d26e102a06645222af3ee4e028806bb0885b028ca4d95c3ea24b0c237fdc","size":161,"data":"","first_seen":"2025-07-16T11:12:21.757053Z","last_seen":"2026-05-03T02:06:24.37722Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"78f892a6cfef93f07558761073154f55","sha1":"709b139cc0edda8dd81d62e01b7d1b25e98cb681","sha256":"1c41adab46d50baf11f93365929c9bb19e5509251dc3edf77121189ee99d6617","sha512":"36ad297cf367d877ed0395bfd59422fa6fbc802d26cb41f465bcae70950fe7ae3b428d3048f8bcffbe99a6d8da08f387c8b252f91a8cc8315c3866a1c75a9df8","ssdeep":"","tlshash":"5bc08cc4a0c22d105606641010af29e49024402670889b02cca4e8492e230b08233e98","size":136,"data":"","first_seen":"2024-08-20T08:22:25.451659Z","last_seen":"2026-06-05T02:19:33.652504Z","times_seen":121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/#/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5f3ab12d935926923cd234cc86c658f0","sha1":"4ceb77001ba466756e20d597568bb3fe1da01138","sha256":"0a207956f29d9546e41a4e3b8354ef52baeeb8ae4c8a5c82252e64f528425a4f","sha512":"1e822812677eac95e857a87c73cba93104bc07719a8144e63731529672933355451f9f0e38ca48254f749e7c8dedd76d149ad6feec1527523b08f069d1baa928","ssdeep":"","tlshash":"f1c08cc8a0ca2d001612745010af25e4a0248027744c1b128ce8d8582e230b08233e98","size":140,"data":"","first_seen":"2023-06-05T11:50:58Z","last_seen":"2026-06-08T05:16:21.759055Z","times_seen":167,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"3d5272693eb411e5b8b13a243f76c720","sha1":"6a586ab8e0a4bf12bbc60eea6ca9f2418625a22c","sha256":"9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8","sha512":"03fc5614f48fc9a2e3c4a30626fdbacde74c1fda09ffa9d1cde0393d31cd5fe1588e270c241f4cedb473c6e5cc224ff16c141468a29519ea6159accf3e3a18f1","ssdeep":"","tlshash":"a4c08c8350e2080c8210861b848880050b8808b04f9308a22cd85b7ecc9ae88c8f804c","size":148,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-06-07T08:18:02.151537Z","times_seen":15899,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/invite-banner-Bb_tatbk.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/invite-banner-Bb_tatbk.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-7d07\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32007,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 720 x 720, 8-bit colormap, non-interlaced","md5":"53641687aa2e1d8fa67bb00978984fbe","sha1":"4a87c6025969601522e2231ca0283b539a147a20","sha256":"5c1c6585175d674cb72579e8188007a5621334a981a78cd867d0bc968b1ac612","sha512":"8f80878b902d8dc44e35703e57662a1b27a7fc12b4c3e3cc0e2139b9ac295204d02a1f02f56b56711de8c83432dc4a0343f3ce33c7b70a94f34338a70548d70a","ssdeep":"768:uAOgn0DQS+KGYsfDIevdmnRp8h08XArg1URNKDIKW0ho7ooPjXC2bu:uVgnMGNbJvq8XagiRNaW0q7oKjyYu","tlshash":"a8e2e1b088d591c9d34c78b78cf478f55e64c6907234c1eeeae92a6688823e63755e0b","first_seen":"2024-08-19T21:19:37.597823Z","last_seen":"2026-06-05T02:19:33.590121Z","times_seen":24,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"ws.metamask.eu.cc/?token=17745114428266717316$contract\u0026sub=contract","fqdn":"ws.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:46.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.metamask.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:15 GMT","end":"Tue, 23 Jun 2026 09:00:14 GMT"},"fingerprint":{"sha1":"5B:37:D7:39:0A:ED:4A:75:AB:92:65:36:B9:89:D4:5B:52:48:76:28","sha256":"29:CE:57:C1:0A:5A:B6:DD:28:88:D8:A4:C1:D1:29:26:71:A3:39:54:E3:C9:46:25:87:C6:56:B5:CA:5E:50:85"}}},"request":{"raw":"GET /?token=17745114428266717316$contract\u0026sub=contract HTTP/1.1\r\nHost: ws.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://h5.metamask.eu.cc\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: BJaGo0mcxAO1AOBRElrbBQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Thu, 26 Mar 2026 07:50:47 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-Websocket-Accept: u+9mBH50mO7rYXG1K+K0MfLa0Z0=\r\nSec-Websocket-Version: 13\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":484,"timings":{"blocked":0,"dns":1,"connect":157,"send":0,"wait":157,"receive":1,"ssl":168},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/favicon.ico","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 15086\r\nlast-modified: Mon, 15 Sep 2025 15:44:44 GMT\r\netag: \"68c8346c-3aee\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"3390e889d3441bfe915d400de808d66f","sha1":"8b966861a2446c4177c79622bfee8f748479cdda","sha256":"1f48f496b1608ddd9cba8129afce9feacd5d6a54e16934b075ba3505a38586a5","sha512":"0ff65294c1d50dd934814a9890bd83285534fde0a77160487431f165c5e2b59e8237dacc9cad5f7909d07680dafd6fc01f13111659fb3536fda7a68068358d20","ssdeep":"96:jpYsiqZb7/230JfZ8j1ySQUSqBy/bf9T7QzLX9kf:jCsiqfUSq2Qg","tlshash":"af62c3366154194dc44c0c7b4016de3e8043fcad9f829b7a621a3cabf26ae2e5d2c57f","first_seen":"2025-04-26T21:55:15.120483Z","last_seen":"2026-06-05T02:19:33.586922Z","times_seen":29,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/account/userinfo","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"POST /api/account/userinfo HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511443\r\nContent-Type: application/json\r\nContent-Length: 2\r\nOrigin: https://h5.metamask.eu.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 109\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"595e2fe887b748ea62ccde36a88a563a","sha1":"af2da798609e9581dc106acf5714c708d100c5b6","sha256":"ffd03cdf521d68de4f23defce0cf1411913c9f9a8278fd49d5f29e2faf93da91","sha512":"4fa055b97a1cfda53e40d97102ce2e01e3991141b41186344f5740ea7f325c9901b66946953894ccc0b7d08d6c3fd0a88ff49eb71b3fc69434d44fe507618e2b","ssdeep":"","tlshash":"ecb0129e0645362caae25373709e399937a7414047392cc1c444c578e908450331b3bb","first_seen":"2025-06-19T20:06:53.547472Z","last_seen":"2026-06-05T02:19:33.611303Z","times_seen":11,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-icon-D7orQT4U.ttf","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/fui-icon-D7orQT4U.ttf HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/fui-icon-CBHgIZkq.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 39852\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-9bac\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39852,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"GSUB\", 18 names, Macintosh, Created by iconfonticonfontRegulariconfonticonfontVersion 1.0iconfontGenerated by svg2ttf from F","md5":"3125fb3a4c418d00fb97f84596c60955","sha1":"2595714be10a8fb085a4f928ef68cb9601bb2ce0","sha256":"2783439a7bb3351d5482ffe589cc96e956ed8479818074bcd3eb627496422763","sha512":"e2f72f6679476da886a2f90a1a3cc548d8abe6e7fb0ce1a3800e2cc329b4a517e6e417c650c49b4b4a253d7749ee34deaa6887028e5e8e07d7d2bc302af95198","ssdeep":"768:1NNFsXekphznzGbXQNwRWD9Axlo9bhaSNnB9tqpDs5ej0RAlxbrEM1jRlpl5VQPU:hmXecznzGbXQ2kD9Axu9bhaSNnB9tqpD","tlshash":"bc035d78535d5ffaf6b843bf44638581d4bfb70098c8dfab6505912a080bcb51264afb","first_seen":"2023-11-15T21:35:22Z","last_seen":"2026-06-05T02:19:33.600015Z","times_seen":68,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/index-Bvkv05nm.js?v=1757894889","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:41.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/index-Bvkv05nm.js?v=1757894889 HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 15 Sep 2025 00:05:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c7584e-202db1\"\r\nexpires: Thu, 26 Mar 2026 19:50:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2108849,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (26503)","md5":"8f0f082cbeb620e7ada5b15ff037a46a","sha1":"9ac72f3d3513b5b32e3c89db31a9aa03daeac9a7","sha256":"a3ba27f1195ae9ffefe7f56ec69ac97d08c872476391f806d78fae2774f1900a","sha512":"71d278253158bcf320ed1c93e2be15bfe3025396f341cac7f802d2d3aad473bafff5c63d633dd469a507f719d9127b77467417cfa446f736fe55a007b101f5d7","ssdeep":"24576:JjTjU3e7gTZ4v1Qdl5/kWm+jOvMRhybCakYCvjTuBIYYeYHZi3fLPuLNjIMr5Ulk:JjTjU3e7gTZ4v1QdgWm+jOkKbCakYCvD","tlshash":"86456d4db68ba73397f242f0a05b4644707c5a83f1168098dfecdca825ec649a1d7f7a","first_seen":"2026-03-26T07:51:15.982311Z","last_seen":"2026-05-03T02:06:24.14167Z","times_seen":2,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":317,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/_plugin-vue_export-helper.BCo6x5W8.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/_plugin-vue_export-helper.BCo6x5W8.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-opening-opening.D7QEmFY1.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 91\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-5b\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":91,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"41bf66d156aac38dbf7a45b53cb4db18","sha1":"4aa693a2afcc34b6a577e1bfc4be3ef5a458dce0","sha256":"a7dbb0eaed9de79041d555c4563be4bb0514099b8d169a2b548ab2d07102cb55","sha512":"64e1a5c2939052c93692338bf78b66723ae6673121d2915a9fb0848449e4b2657c1a31c8940bc7c9ec77554fd4c04ffae1b787297f0fba23983a987e85caee15","ssdeep":"","tlshash":"40b012e500824138432175c796f444649e08005c394756d144480d52c143080541bc3c","first_seen":"2023-03-26T04:51:44Z","last_seen":"2026-06-08T06:01:07.230945Z","times_seen":1554,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/currency.B1sKu_8h.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/currency.B1sKu_8h.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 561\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-231\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":561,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (560)","md5":"6cd405b81f50797fb0e3c214367c76e4","sha1":"d3f1dc6e547f27291952f307325debee87bd59c3","sha256":"a6fe24fee996bb92cec473d01a5f1965c5351835291ba52bd56c34b114829619","sha512":"1d60aa9ef0ef6eb461d054f51a772ccea649493ddcaa5e13149155481621cd4e3de29f8079d7e5c3904588895ef30e0d7ecefc45e9c25e159bd5ea9f709e473a","ssdeep":"","tlshash":"ddf096dbd4a2d4e2c1795b44752962140037bbb1341b9ae03b8d32c6f3d8187c036d7b","first_seen":"2026-03-26T07:51:15.991452Z","last_seen":"2026-06-05T02:19:33.614607Z","times_seen":6,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/drawer-icon4.DunHuFkW.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/drawer-icon4.DunHuFkW.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-4ca0\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19616,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19577)","md5":"2cda18a37ea92c29ef1e6a6363c70ab8","sha1":"8516208f971a08b9f0161c3fca4ca2d036b48b1a","sha256":"9add3ce44eb9862bc1840f3f4e152a47ed43f5526af1ed5e081a2823add47a74","sha512":"236bdea2f490fd9aeac6c3375a1ef4c6137b79e56e1279cf655f4dbf03906da56cb79debce5ab1539ff0c7dbe0ee291ff90a778ccf065683bd6ec0be95e40473","ssdeep":"384:PT9kBCayC5T/kgOnL+akiuFY6cA6rw28Sk:PRkBCay8Ig6L8bFhp28Sk","tlshash":"1d929e3a342d7db54dc5526021090202de2a2a5ec4b8317ebfbdb7ef7f49c50666a734","first_seen":"2026-03-26T07:51:15.99389Z","last_seen":"2026-06-05T02:19:33.59624Z","times_seen":6,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/statbar/new/asset_p.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/statbar/new/asset_p.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Jan 2024 19:07:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65aac880-132a\"\r\nexpires: Sat, 25 Apr 2026 07:50:42 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4906,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 801 x 801, 8-bit colormap, non-interlaced","md5":"f9caefa295316c467f5510e3335d5fad","sha1":"f37d9374be4e3390cbe93fa1cade136ed7d80035","sha256":"ada14ff758ac1aa8798e2c3c2bc3b1a0f93e469f9a7342a64b135e64d63f004a","sha512":"c31570b74de346ccda02bfc6f775a93c34077b7d33598e9c4edf8e116c87fa2813d4fa8baf22b51970bfd7c8e8164136e0f1b62d55535b0dcb78821b1ca019b7","ssdeep":"96:Gayea6t+8gZiAQ+qwrE2fm3o8Hg7wjC8S0dpkFPBT9fqukZkBBupgh3b:GNmgZBhverHgKA0dpWBT9quYkBBu+hr","tlshash":"e9a124efa71b0c98f3e0447959dba81020b30b98fd00e69197de76554c8ee5e58ece0b","first_seen":"2025-06-19T20:06:53.535547Z","last_seen":"2026-06-05T02:19:33.595297Z","times_seen":22,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/config","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"POST /api/common/config HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511442\r\nContent-Type: application/json\r\nContent-Length: 23\r\nOrigin: https://h5.metamask.eu.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":23,"data":"{\"group_id\":1,\"key\":\"\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: text/plain\r\ncontent-length: 567\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":853,"size_decoded":0,"mime_type":"text/plain","magic":"JSON text data","md5":"ebe26f7814c57f4fea9629cc86579236","sha1":"ec485319137204ff707744f962bd2382070f1c07","sha256":"58422a2e16ad2cbb7c66d48b53de0516d8425d083af4bcb584828872371b7236","sha512":"261b60ba6ba67d41ba6b9f23716ba34e1c9a424377e4799353d9785a5d87186ec77236cca4ecde80761c32e6c2dce185964925fdfd47e1a337fc951a4b1552ce","ssdeep":"","tlshash":"c701afab6ac85d2b47521bc9f10c702e9a1a27038c989183dacb9db496bd0d96149037","first_seen":"2026-03-26T07:51:16.000106Z","last_seen":"2026-06-05T02:19:33.607249Z","times_seen":6,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni-icons.CeORqMFo.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/uni-icons.CeORqMFo.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-4418\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17432,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (17419)","md5":"0a7db9e2d261ae77acd4bfe36ff5d028","sha1":"e87642cbf71ef0651fe30658b394e81346f25977","sha256":"273cf0487684a18a13eacc4a27854c57ec48605f2ee392b95bf49572096b8aa9","sha512":"3567545c5f6b11dcb8ec88d3b6cd8db39aee1ccaf59afaa2cd36906b275ce8a651f088b750b75973069401cbbe7714c2900ee4160b8848bca94a2e27a51ea1ed","ssdeep":"192:+mrXEy1lUnUG6qkFqA8TkJcYyqn5SxK5TgeaaBVZ0O6mNj:9rX/BqQcY15T5PVZ076","tlshash":"de721349cb8c299c2fbba74d74cc7076114e0f95c90e3cec6c65e74ea5dcda6268132a","first_seen":"2026-03-26T07:51:16.002038Z","last_seen":"2026-06-05T02:19:33.604614Z","times_seen":6,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni-app.es.DryKfclR.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/uni-app.es.DryKfclR.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 84\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-54\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":84,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text","md5":"39b47d91b737c4ea36792cc321fcf87d","sha1":"9ef7c05c4749651e944e023859c108b98297ee93","sha256":"f2fa8a1205df8dd9e48b1269e689d709ef3f5e59f785743a1660db20230dfb49","sha512":"0e80cbc1d107e792e21534bb94c0e3460a2096d67873e11312e4735f2ff2af90290e45b15a62e135b719caf36ff2d89438c99a1c4fe9cb299bdbc0c1a9a7fbd2","ssdeep":"","tlshash":"77a01207604130125802284000a6640b51f611f145888e3081d913245ff44ec812c90b","first_seen":"2026-03-26T07:51:16.007695Z","last_seen":"2026-06-05T02:19:33.591999Z","times_seen":6,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/one_proof_dark-CDimu7_7.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/one_proof_dark-CDimu7_7.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-9ae7\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39655,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced","md5":"c78191d308dba11b78fba359ae8c5393","sha1":"af032d8f9df1ee5ccca5644f0f89a1498eb9e958","sha256":"62d49cf892b5cd542efd43d29ba463e47ab79556f1944c9547bfeba69c2c46bc","sha512":"55c23ac4c1fbaa5120369c1cb76615cb2b5d2c5535d31a72f1faa29009f7df581289e1c0f86c8865fe07529049d7bf76859527b6f4b7d87bca3558b8b93a2763","ssdeep":"768:MPyu5jWElS+zLlIuwikOqR4huZtQLUiPBWV+viaH4buA:MP+EIKLyuwpqU8giPBKyjYp","tlshash":"350301972d40778fe7a3e1312d0772bb94b4c611ad2b804d921635f166820dedb1a9cb","first_seen":"2025-03-06T21:41:52.710129Z","last_seen":"2026-06-05T02:19:33.621352Z","times_seen":28,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":357,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/ecology3.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/ecology3.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-2d22\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11554,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"3edff7abcc68ff5361b22092bdfad1d6","sha1":"5b445383b1fdab3e6ea09fa445913ab42e67a53b","sha256":"431d3f81f5856bc874f290e00119368d7073fe1dbc3f2e2a113291020afc9947","sha512":"10f9741e3420c7de3c64a7dce32342ff028e2d4bd1e6052bb5b03c9f3a390cebda502d334174083c6c7a270ff59497253b31bea6ef63df680f08df2e6ba03928","ssdeep":"192:eiUezmxd0NoKUtc4vwZzum8EaQC+JqmcX03GnxyrryZwNdvEmjqHGjH+epEB6B:QMmxd0NoD+4vwZzlgQCDEWxy3yGdpjqW","tlshash":"7532bf4ff68ed5ddd2005228265a1212a2480ec5cf0323897556efa7ef30b4b0b49fb6","first_seen":"2025-03-06T21:41:52.701129Z","last_seen":"2026-06-05T02:19:33.632742Z","times_seen":24,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/ecology4.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/ecology4.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-2a8d\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10893,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"cf690c51e91c9436da900c93dfbe4af0","sha1":"a88dca10f1c50a06ee2baf747ab2ba919ba76596","sha256":"6cc9944ac9c201a242d2ef17d17951b4aa3b444a203868b53b7420ee69843d40","sha512":"e62c4ae762d202723d5a942eed6c83a87cc1d5ff65ede6952d9aa514e90b909d4bc7e62472e4bfd91efd8ea97f8dae3e8953c326f9d3b70adb4799e2bf78fd41","ssdeep":"192:UCcKfbxtEp2fIV+16ZcEm8LApA63egxLJsgX1mF8tqvwOWH/:UCbXGcI1clA6vqglmStawOg/","tlshash":"db22bfce7b68fbb021fdba06894e5b403a2235f3b3184f8f189414bca09d357d25da11","first_seen":"2025-03-06T21:41:52.738759Z","last_seen":"2026-06-05T02:19:33.613719Z","times_seen":24,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/googleplay-light.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/googleplay-light.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-2074\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8308,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"0d5d4a8566f54ed1710720226120d6fb","sha1":"0756935382ec65d1ca23b328711ac07e40128c55","sha256":"6d74afeb43ec3852c299d891fdf8dcf330ae1a36309dab99419e5ff567c048c8","sha512":"36000d22788db7f112478b81655de32e073988ae449292ac0b4e00c22bffb7ae5cf2f555ba629c9667e9d1dbac409b5f62885f9d9db31c78426e63a25568d840","ssdeep":"192:GKpBByDSAJxuONXalbnF06Lkbuf/shhOMWYDR9bCIBbK:GKpSDRFNXa59Lka/ahzDLCIc","tlshash":"6602bf643b96cc2887c354fff8a0c2bdb961932ec730e6bc125ef5ae1955503a923122","first_seen":"2025-07-16T11:12:21.710436Z","last_seen":"2026-04-10T13:30:45.619309Z","times_seen":5,"resource_available":false,"data":null}},"time_used":371,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":371,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/index-Bvkv05nm.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/index-Bvkv05nm.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-opening-opening.D7QEmFY1.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 15 Sep 2025 00:05:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c7584e-202db1\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2108849,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (26503)","md5":"8f0f082cbeb620e7ada5b15ff037a46a","sha1":"9ac72f3d3513b5b32e3c89db31a9aa03daeac9a7","sha256":"a3ba27f1195ae9ffefe7f56ec69ac97d08c872476391f806d78fae2774f1900a","sha512":"71d278253158bcf320ed1c93e2be15bfe3025396f341cac7f802d2d3aad473bafff5c63d633dd469a507f719d9127b77467417cfa446f736fe55a007b101f5d7","ssdeep":"24576:JjTjU3e7gTZ4v1Qdl5/kWm+jOvMRhybCakYCvjTuBIYYeYHZi3fLPuLNjIMr5Ulk:JjTjU3e7gTZ4v1QdgWm+jOkKbCakYCvD","tlshash":"86456d4db68ba73397f242f0a05b4644707c5a83f1168098dfecdca825ec649a1d7f7a","first_seen":"2026-03-26T07:51:15.982311Z","last_seen":"2026-05-03T02:06:24.14167Z","times_seen":2,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-drawer-CsPd1XUM.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/fui-drawer-CsPd1XUM.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: text/css\r\ncontent-length: 627\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-273\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":627,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (626)","md5":"6b045bb9b3f14aec0dcade8d7ad50130","sha1":"f18660e8dd3117bacae4ad4e18dec6d3f844f92f","sha256":"f8085a7cc1371358cccb6809fa8bee76f876408c1fc9630f67e1bc2c7b626951","sha512":"5d93d8171f264d318b451459fc74334be1a52527c279e84e8a6ab9f26213ee883b65a3a762a2bf85d100a18f646cf67a1b61c231df8fbef8402a5c55c07658c4","ssdeep":"","tlshash":"82f0fe351e983908107ff39ee4d09f594d39d651dd733cce320a160a0e87e5939155ad","first_seen":"2025-06-19T20:06:53.494134Z","last_seen":"2026-06-05T02:19:33.60375Z","times_seen":12,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/config","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"POST /api/common/config HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511444\r\nContent-Type: application/json\r\nContent-Length: 23\r\nOrigin: https://h5.metamask.eu.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":23,"data":"{\"group_id\":5,\"key\":\"\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: text/plain\r\ncontent-length: 225\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":279,"size_decoded":0,"mime_type":"text/plain","magic":"JSON text data","md5":"6f04acc38a9930e9b9eb46f6345853c0","sha1":"9bf17966d1ec64d2ff3ac1e513f2638858ab5b1b","sha256":"373dfbe88a8328a31122f3441a87548dd1db4ccdae7638807b83ac5f7033fcae","sha512":"0841e9bf4df937225b4af4cef9bb48c54b7fdb7f800c0d87d1b7ec515f91c7025d7e23a555bc1417ac474949b0dba4cf95cf71e59acea0dfa254e94b90f6f758","ssdeep":"","tlshash":"fbd0eb22ec00a4bb0331698a18a128bc83c56883188ce802d5aa4e00cb2f82d22c347f","first_seen":"2026-03-26T07:51:16.017794Z","last_seen":"2026-06-05T02:19:33.620135Z","times_seen":6,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"ws.metamask.eu.cc/?token=17745114428266717316$contract\u0026sub=contract","fqdn":"ws.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:47.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.metamask.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:15 GMT","end":"Tue, 23 Jun 2026 09:00:14 GMT"},"fingerprint":{"sha1":"5B:37:D7:39:0A:ED:4A:75:AB:92:65:36:B9:89:D4:5B:52:48:76:28","sha256":"29:CE:57:C1:0A:5A:B6:DD:28:88:D8:A4:C1:D1:29:26:71:A3:39:54:E3:C9:46:25:87:C6:56:B5:CA:5E:50:85"}}},"request":{"raw":"GET /?token=17745114428266717316$contract\u0026sub=contract HTTP/1.1\r\nHost: ws.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://h5.metamask.eu.cc\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: pkTOnv12vbIfP2EcQpekCQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Thu, 26 Mar 2026 07:50:48 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-Websocket-Accept: pZmlFtWDbCy87g1Wxm2Ifb3EPfQ=\r\nSec-Websocket-Version: 13\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":484,"timings":{"blocked":0,"dns":1,"connect":157,"send":0,"wait":158,"receive":0,"ssl":167},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/product2.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/product2.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-10c5\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4293,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"6bfadd8452da4bfc1dd858629fed0bb4","sha1":"7608934dff2fc1fdb39f36ad3d084830a927f81d","sha256":"30367461da0187d98cf012a5396fde57aa1e179a72d3b0c34aa4b7943815a805","sha512":"0b747a2131f090ee5455d9a5bc50e32bb3c81c8df3fddd1d37d716c9f1629cfd9921ac36c572004c7372d7f2f3a41790cd8ca6887cfa54ff5257273a4d8b42c9","ssdeep":"96:Ib3bZTL0wX5yPUuGN3r1UK7Jt/rj1kLMXnfLtLSzS:Ib3bZTL0wX5yUug3xd71bfLtLSzS","tlshash":"89914c87b905529cd45505fbe2046bdde2e8f6553f3022d7f2af81026aa30c9a978363","first_seen":"2024-08-19T21:19:37.592834Z","last_seen":"2026-06-05T02:19:33.645688Z","times_seen":27,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/ecology-float-3lRzjK28.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/ecology-float-3lRzjK28.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-26b91\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":158609,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 720 x 720, 8-bit/color RGBA, non-interlaced","md5":"8ffc1f1ac55c93eb5330618f801d32e5","sha1":"f6fae97a47e0d2c8c36a6401ba9c56713905e7e9","sha256":"d153f08fa6db8970e265661d45d885b9b9034a7eb2ea9a2dfd06f107dbd0d46b","sha512":"be0613b1ed42e49ad6046606ecb0280de6b2f64a0d0ecb794bb053e0c06fd71aedd2a9af9cd17cadb06158cba10bb4ceea9972715e6ba4cbf4544ea7175d9e90","ssdeep":"3072:a9C9TTeLuOWpplmZVNw1oi+bcqJc/atFHvikQ6+TN4:a92TTauhlmZVNw6icvyuQ6+TN4","tlshash":"23f3127daceec02ddf562ab0d7687f94de0ba094cbdcc116e245e6eccd9ce141860982","first_seen":"2025-06-19T20:06:53.541886Z","last_seen":"2026-06-05T02:19:33.609451Z","times_seen":11,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/pages-opening-opening.D7QEmFY1.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/pages-opening-opening.D7QEmFY1.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/index-Bvkv05nm.js?v=1757894889\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 557\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-22d\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":557,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (556)","md5":"501cca50df966e93d3e728cb832d292a","sha1":"712a0d0a8195abf91b23b15358549793647148da","sha256":"191fc365110c82b3580cb27a1c0536a49c8b091d80b6e13240cbf065b706f8c3","sha512":"6b04e80eae7e9c73bd4b8f7b9ca26cdb5224829675080fe83208be4127f8db920b7be31ccf6a97de866eac9a5e7a671722534f5c63429e3413754c572359be3c","ssdeep":"","tlshash":"d2f0202c0719a0b1c62400d49113b7981c242270032a8889e7b4e81ffe10dcff32dcb9","first_seen":"2026-03-26T07:51:16.020229Z","last_seen":"2026-06-05T02:19:33.602003Z","times_seen":6,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/two_storage_dark-BCltGeYc.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/two_storage_dark-BCltGeYc.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-5958\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22872,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced","md5":"72e7a96e6d3e7070e77f99c63c4c5ece","sha1":"6a3adc33d07e989fdbdc19eb5eefa825d9c1b620","sha256":"ff0831be0eb2dc412fa21266b2e53ffd992e8ea4114045a95ecf3e4948a6f355","sha512":"98b2c30884df5221da4b4366838d2fe38f5756d2c242526fa9077bb1d40ce28ac1828db51613c7aa9393f58565074281e2ddbccbfecf55b89ca62b36872f825c","ssdeep":"384:mQuqX2WK5W/UZdhK1KBUQ+2guAsLCj4JbdbUWHoDJtXjan0Ei3R8y0TJR:Pcddh4QhhLHbBUWyLMTJR","tlshash":"d4a2e0c4fb32be48d9aef439a3c5c2470c7e8f5761b12aa1be7a43b50e147117961a60","first_seen":"2025-03-06T21:41:52.716854Z","last_seen":"2026-06-05T02:19:33.605848Z","times_seen":28,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/three_protection_dark-ygan8kmI.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/three_protection_dark-ygan8kmI.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-5f3e\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24382,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced","md5":"f875d8e78c503cb805d00b1eb4107a10","sha1":"37a46c3532904e73f3fe565b5f73c4a58701f5c0","sha256":"7d6a2e9298ad7f14092421a69fd7cb46d201009511d745cbc7459cb1e7616884","sha512":"a26ffd7802b5811f51386625fd73fb5fcfa0906c3befa0b1a75938dadd44cb7e9512be09748e1806e2c0edc18ef564d8749e80ed88b7cd21082f7dd5773a492a","ssdeep":"384:LCA67wi2FTMDvcxuYWUBYzhfjV5b71C9xhZsA1bhfwXGRwgkxbw/NUb4fQINQwtu:LCASH2FYvD8Yz5P1C9xhNGAkx8/UIHk","tlshash":"4fb2e1aab64366b84fddec577c2133f52fa61e40a601d4f088a7b54a2b94f174d173c4","first_seen":"2025-03-06T21:41:52.771604Z","last_seen":"2026-06-05T02:19:33.622038Z","times_seen":26,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/mobile-download-Cm2GnD8V.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/mobile-download-Cm2GnD8V.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-2ea08\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":190984,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 686 x 620, 8-bit/color RGBA, non-interlaced","md5":"1fa7539ac849c81908ed9e857dafc5b7","sha1":"9533314be892f526224aa1056c45a1549a96ce9e","sha256":"6bd6b69bc6a9b74d83685c84103a89c9ae64b901beaa1760e86706212212dd8e","sha512":"b9c71bd5970131ffae8676ff304e3b62a76be3462f42974ecbe49fe7c0aa4fd9c4bcc2de1cc7635ff89fd284fd3a9b3e0576df5bc3fe82ac1f57bc872017c362","ssdeep":"3072:fifNBliOY1eJffWi4RcQAfk51dTrX0nTXs3HVoY8eTqwAtUhw6Kb7M1mtQSYLB0c:wvlnRJf7tlkrGaUeTZhtBS4eiKgb2k","tlshash":"8b1423bbe1de88cde7b4095cfc6bc4cc5b09d8a653768b0075bac01212ad282d749e79","first_seen":"2025-06-19T20:06:53.523411Z","last_seen":"2026-06-05T02:19:33.619245Z","times_seen":8,"resource_available":false,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/currency.B1sKu_8h.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/currency.B1sKu_8h.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 561\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-231\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":561,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (560)","md5":"6cd405b81f50797fb0e3c214367c76e4","sha1":"d3f1dc6e547f27291952f307325debee87bd59c3","sha256":"a6fe24fee996bb92cec473d01a5f1965c5351835291ba52bd56c34b114829619","sha512":"1d60aa9ef0ef6eb461d054f51a772ccea649493ddcaa5e13149155481621cd4e3de29f8079d7e5c3904588895ef30e0d7ecefc45e9c25e159bd5ea9f709e473a","ssdeep":"","tlshash":"ddf096dbd4a2d4e2c1795b44752962140037bbb1341b9ae03b8d32c6f3d8187c036d7b","first_seen":"2026-03-26T07:51:15.991452Z","last_seen":"2026-06-05T02:19:33.614607Z","times_seen":6,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-dev.bbbtrade.net/uploadfile/20231219/595715182152417281.png","fqdn":"static-dev.bbbtrade.net","domain":"bbbtrade.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:45.294Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfile/20231219/595715182152417281.png HTTP/1.1\r\nHost: static-dev.bbbtrade.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/product3.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/product3.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-159e\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5534,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"11d1826403771fd3d738830276edee5c","sha1":"04aa6042ecd61df5101d284dbcf53afb46e055b3","sha256":"03dc76b84ab2ca5ed142e01fe645688cd235eef9eb15bbc9680b66f69d17c5e0","sha512":"6c789697b9bb0d556d7eb93dc8cef50ed9cf80530b0a0b962cf3896d1390d95e7bfe224e9790dfa597cc8cf57c5b1cdf97f0f0223f5b564ef8ac58e6fe4bf059","ssdeep":"96:HJI7Peu4sZpzQyr8EOYI6bZLhSP20YpC9h2Byyp2wqFCErqJgue6DJncf:puPeu4sZpzQygApbZE20YKfyp2wIrqJk","tlshash":"7eb17fe8b90cfaf4fc3278f7d43cc11a663c412aeff94d454a9767e65450059a3809b9","first_seen":"2024-08-19T21:19:37.63372Z","last_seen":"2026-06-05T02:19:33.625581Z","times_seen":27,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-icon.CkGhA6dg.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/fui-icon.CkGhA6dg.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-f84\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3972,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3645)","md5":"271fdd3f4ae2aa8f0288125ee5dc5908","sha1":"709b090535d17ae6c40c0813bece5f0ed0ab7b71","sha256":"d94c8e6535d3c8f080463255cbcef024bb3bd6d63e13ab67f756e704914a35f6","sha512":"5b10cb0ecff56343dfc59d55537f25092b54bbdc33dc03e03eba9d9733b33cce8e87aa16df7b7b3dd697ab763ac397e1414c4e21691007977e74690592591ce4","ssdeep":"","tlshash":"7981834e64f9ac2b6e8e7dca544c1203d0d19f58e9e0fc52ac9e08e5e57e954b20df2c","first_seen":"2026-03-26T07:51:16.025863Z","last_seen":"2026-06-05T02:19:33.598171Z","times_seen":6,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/android-light.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/android-light.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-130c\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4876,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"721a898e7d013d90c41fcb8358f0f091","sha1":"c1551c41a3baa9f66a399f83d29a137e67f74f5b","sha256":"1adeba4d234a819243d1d189722492ce172505a80e27abd00136cc4cf3951b5a","sha512":"4c749e0715e12ec773ef581ab5b0c837fcf1fab8bc7adf49303b7f023ac626b2d9919c25980af70b1df8cb0e1e733c5160cdca449ec23259bc3408cbcfe0f530","ssdeep":"96:yDvXmHomtNzvZBJO3h5QxuXoEgZnypppX:yDvXmHoovtYE/EXX","tlshash":"fba17de8a6251bb72fce96c2c000f0753f7a04e3b5e11766edcf94404b06b1f5d26168","first_seen":"2025-07-16T11:12:21.688929Z","last_seen":"2026-04-10T13:30:45.642594Z","times_seen":5,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":373,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/getServerTime","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /api/common/getServerTime HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511442\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 93\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"23c876fb32a27d71d3c93f829322db39","sha1":"2bf366871d7974796f1c1ece4d15a4af5af26db5","sha256":"ec706b85c5318913accc9b51bfc82d347e84b1c69420224f1b15e864d990f595","sha512":"4ec3fabd5fbbdf75320271a05e94aa1fa1034f81366dec48bd8d2b53634e2e5b5a3f59613ec8021043f9fadd2d7815adc3ee679cea5110d4d97337818381478f","ssdeep":"","tlshash":"35b012432e005c69d702b14124155a0024f860e189814003c48c1198ca042213143619","first_seen":"2025-06-19T20:06:53.46499Z","last_seen":"2026-06-05T02:19:33.623053Z","times_seen":12,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/index-USC-PQWk.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:41.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/index-USC-PQWk.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-3678a\"\r\nexpires: Thu, 26 Mar 2026 19:50:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":223114,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65018), with no line terminators","md5":"4805d77a162618e91738a4e483b7fb1a","sha1":"a1f2d5e8ab7bae5a9903b9a3f44ed53fac4dd23a","sha256":"36ee945949f85ab43cbe2ebca5b008c13559f9ca8a92a8cc4a6d872e6a28eef8","sha512":"a07fb9ec56d45c480f36e456d95b9c413bb0ba77a7bbdd115bea6808c40e3d49d6eda410dd3cc3f56e45de9e3c338781a573accf9630f5b6663d4079c15284d4","ssdeep":"1536:u0K7HlA41IyNBi3MFYaQj7FCwsBlDOFIxuVoxJPIKkca1Al5aIzKMVTVlIe:g7H5vNIClDsIxuVS9VYTe","tlshash":"ab24b5a5e69091bcbf2bf275ab8b96dcf23cf560dd01caa4f10151580ec7bf5062361a","first_seen":"2025-07-16T11:12:21.718735Z","last_seen":"2026-06-05T02:19:33.624056Z","times_seen":8,"resource_available":false,"data":null}},"time_used":648,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":648,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/statbar/new/home_b.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/statbar/new/home_b.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Jan 2024 19:07:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65aac880-1c2b\"\r\nexpires: Sat, 25 Apr 2026 07:50:42 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7211,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 801 x 801, 8-bit colormap, non-interlaced","md5":"a66613bf20a9c499c1df6651d7ebd57f","sha1":"297ea18081fb8ff11ecbcb6e627608f68d6f536d","sha256":"b0dcee1ceab8c3b03611ed8e2fe3b1a974abde3f1396e6bcb5e775e92fe908c0","sha512":"71ee25249955fb3826cff4b80813a6a6728f987919759894481457d3443b5788d7f77b7ae9522be4e56c448ba6a52a303027df1fee42f6e418e9c8a7d61da214","ssdeep":"96:ELfDTNwbw2bd0kvO4GekhDQfzKdGUr+6Qhc5rAVr41Q+wDKwRgfd:ubJOR6sKtQLKAUr+5hc5rAVreZwDNgV","tlshash":"57e12bedea358d25c305683b9addbdc1755bab437d5f50826e8f032a80607e332b3249","first_seen":"2025-06-19T20:06:53.471184Z","last_seen":"2026-06-05T02:19:33.617524Z","times_seen":22,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/home-1-CxeO4E-0.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/home-1-CxeO4E-0.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-b10cc\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":725196,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"d899e73fa12edc7b67ea049e710b7074","sha1":"35f12fcd3964aa3438494937456e5b445c0a0558","sha256":"f2993adb9e9a5b4cca65c02d9343bf29bf979a75de7b8dd1ac7fc553427e4efe","sha512":"1c87aaa6dc2b3592764b57bcd9cf616e8cff9577e0974c82a5eb35f468b293da2deb6d1b43d651f147a32f74dd81d66087d948bff9ddbf000b69e2d76fb4bfba","ssdeep":"12288:TMk/t0WvFDpopFgFV88cRX8SC6zbL/G/q1yEG61dmZegpBtyB5z7rQHKTpSHcGzb:TRrzGgFVncJC6PLvUaMZXTtsRiQS8kb","tlshash":"28f423fe648a6d2e9b170f31b1f27c142169860ccffa90184039f917add7588d53fa5a","first_seen":"2026-02-13T02:55:07.133002Z","last_seen":"2026-06-05T02:19:33.612778Z","times_seen":7,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/pages-home-home.Bt3x3ywD.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/index-Bvkv05nm.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-5f44\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24388,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (24354)","md5":"ff6b22aebeb465761b33cafb299a861a","sha1":"5e901f28e4fb78a33e75dab990a68a2fe371636f","sha256":"e2b9b500d781c2e8a301050dc6b8dfc51e474510d41ad5f86061244f37cfe88b","sha512":"4803d333aa1e4eed39ce4c6a7492e4798b7d66d967c8a8e6fac9145e0a08cab2b3a8c4db6e7230f16b1c0bd26aead4fd4751866bf928ba5001e5037bab7ba0da","ssdeep":"192:yQoxZHzC5k9F/UogsLUWaT6FtAgzz0I6DnvvGf4pVCjW02adjgfKhZSRihh4M9LD:y/ZHzC5k9PRUjTGtAIJaV4W0VB93fcK","tlshash":"5fb24209ff1cc6786ca22118c09a8060757a99afd505385fa2f4bf3f4266d2859ddb3f","first_seen":"2026-03-26T07:51:16.035782Z","last_seen":"2026-05-03T02:06:23.94489Z","times_seen":5,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-icon.CkGhA6dg.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/fui-icon.CkGhA6dg.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-f84\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3972,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3645)","md5":"271fdd3f4ae2aa8f0288125ee5dc5908","sha1":"709b090535d17ae6c40c0813bece5f0ed0ab7b71","sha256":"d94c8e6535d3c8f080463255cbcef024bb3bd6d63e13ab67f756e704914a35f6","sha512":"5b10cb0ecff56343dfc59d55537f25092b54bbdc33dc03e03eba9d9733b33cce8e87aa16df7b7b3dd697ab763ac397e1414c4e21691007977e74690592591ce4","ssdeep":"","tlshash":"7981834e64f9ac2b6e8e7dca544c1203d0d19f58e9e0fc52ac9e08e5e57e954b20df2c","first_seen":"2026-03-26T07:51:16.025863Z","last_seen":"2026-06-05T02:19:33.598171Z","times_seen":6,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/iOS-light.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/iOS-light.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-17ae\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6062,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"2280ae8968e73da038502db1a8027c7f","sha1":"9375ced1739eefc85da75f324926c566029d3d17","sha256":"9bdce4b2eb7ef3c8d4540b74bcfc1cdb641d752688947e91bfd496e36df7a7a4","sha512":"8060853d6dcdb5619a37751b7a2825abf77f254f699ce5a8f0b43daad792fad49264bf11835f87b1456589391192d582c44d85626532ae054a4f8a49fc0f2746","ssdeep":"96:WJnOo+HngvIzq8m+oOL3RJZe/GfBjMGT1rtJ1K8DktpA9Km8K3G7sg7Kp52XHMVT:CnORqh+ZL3fuGfBIItzK8DupA/3G7sgS","tlshash":"59c19eca7ea3d973743362b7040800b58996b9cd0bec81862b5df485a7700bece7d85b","first_seen":"2025-07-16T11:12:21.733329Z","last_seen":"2026-04-10T13:30:45.587215Z","times_seen":5,"resource_available":false,"data":null}},"time_used":374,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":374,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T07:50:40.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:41 GMT\r\ncontent-type: text/html\r\ncontent-length: 857\r\nlast-modified: Mon, 15 Sep 2025 00:08:09 GMT\r\netag: \"68c758e9-359\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":857,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a690564256b08174275e336a8f243d0a","sha1":"1a37a8af2e85301b3a76824a66d64597b4735289","sha256":"c7c9355cccbd00c05616d6ab3e7c5352502eab1af61b03746ec918c006b659be","sha512":"e758c03301c2b711927aa3bbe609ffb7ca7ae6b241fa4493c67e61f5b2a8a77e5bb87aaafe917cda4f7bcf6a87552dc518d896e222832d86bae6fba0c4f138dd","ssdeep":"","tlshash":"f111128154f1594c1320424538d5e82b9ff69a378a09dd6034edb2b98fe578bc85fc64","first_seen":"2026-03-26T07:51:16.038847Z","last_seen":"2026-05-03T02:06:23.94998Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1424,"timings":{"blocked":634,"dns":313,"connect":159,"send":0,"wait":156,"receive":0,"ssl":160},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/statbar/new/market_p.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/statbar/new/market_p.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Jan 2024 19:07:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65aac880-19aa\"\r\nexpires: Sat, 25 Apr 2026 07:50:42 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6570,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 801 x 801, 8-bit colormap, non-interlaced","md5":"0a68aec62b8d36459ec3f349871489bf","sha1":"0907a8afe59bc2569867ec69097659feb15a7134","sha256":"3902a9c68e5c263206dbcddbcdbb6e7ddd4ecfc6171f93ad49729a6b231269d5","sha512":"a760f19a668d06db1b728211a64b4e3c951d46f4f4dd4bd6533b76bc08f4ec037c3122623f8df3244cad1eaf9a97bfd3d9faf18634c4a697bedcae0e2a048ce8","ssdeep":"96:dGUB7KZYTOthtljrlvaUBsh+gFKVHAOB6jaqLrbfvjITie:kUB7KZ1hjjxPBsh+v2O4Owrj7Qie","tlshash":"97d1444915fb6f42d48286f9bf733a2966083b1fd9eaf629153c63c03417782e41d98e","first_seen":"2025-06-19T20:06:53.501615Z","last_seen":"2026-06-05T02:19:33.627933Z","times_seen":21,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni-icons-CpF7sPM7.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/uni-icons-CpF7sPM7.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-247a\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9338,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (9005)","md5":"037f038a138a83b5bfaef8b5628f0b6b","sha1":"f93ae0504f69203a3696d1689cb2d4768bde3ab9","sha256":"d493e6fbb6cf08628c99d2787fe99d17369b84566f3f6c68c8b6a2d51e471834","sha512":"224bf198c20d6458a7665d6fcd531bd4a81ac1249d19047f9dc42508cafa757058bce29e0b3e0183ca938d8c7f3fb56e231324687385330905fad62f4a0fca73","ssdeep":"192:KoubjWrpg4Sj6gMmIz/uX8b+31qn6g90RL00DxxTiwdlJGaIo2VXqem8d5yo7xny:KoubjWrpg4Sj6gMmIz/uMb+31qn6g90X","tlshash":"741259e4529d4ac2bbbed44b536ceb1f0a03b36284418955ff8f408d4fdb7112b8c6a9","first_seen":"2025-06-19T20:06:53.525894Z","last_seen":"2026-06-05T02:19:33.627066Z","times_seen":29,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/ecology2.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/ecology2.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-251c\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9500,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"05e551d53821d0ebdeba63ceb303f9c7","sha1":"882a0a5ab80f8a05a2ed28448217dbcfaa27e68c","sha256":"8b2f368f7679da0ff66f3fd1319dab14bad9cebd1d81a37c379f3c1f4f6fcfab","sha512":"97159d3f2c23cd97c95c06ee227f83ad93ca0271477845b78d5e1d5c41f364a5e1a491b24baeba8a020e66f1bd402c7cd01fae296c4144a8914bd5853746b27c","ssdeep":"192:qb/IVFPMylpuA61EQu2oQFs8YfbG5GJt/bi2ugX/SQ/Qrx44/:qDVSpuA8Jc8aMGDbic5Qr64/","tlshash":"b212d0f96654e504d851c869a00f2383f31ecfbac5fe26804127be0cf48ec84d9e2431","first_seen":"2025-03-06T21:41:52.75441Z","last_seen":"2026-06-05T02:19:33.635198Z","times_seen":24,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"124.220.203.60","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:45.548Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Thu, 26 Mar 2026 15:50:46 GMT\r\ncache-control: max-age=28800\r\nset-cookie: __uni__uid=rBEQiWnE5VZzB0zFA7z3Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-06-08T13:46:46.024134Z","times_seen":16220,"resource_available":false,"data":null}},"time_used":1465,"timings":{"blocked":609,"dns":57,"connect":248,"send":0,"wait":247,"receive":0,"ssl":302},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"ws.metamask.eu.cc/?token=17745114428266717316$trade\u0026sub=trade","fqdn":"ws.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:45.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.metamask.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:15 GMT","end":"Tue, 23 Jun 2026 09:00:14 GMT"},"fingerprint":{"sha1":"5B:37:D7:39:0A:ED:4A:75:AB:92:65:36:B9:89:D4:5B:52:48:76:28","sha256":"29:CE:57:C1:0A:5A:B6:DD:28:88:D8:A4:C1:D1:29:26:71:A3:39:54:E3:C9:46:25:87:C6:56:B5:CA:5E:50:85"}}},"request":{"raw":"GET /?token=17745114428266717316$trade\u0026sub=trade HTTP/1.1\r\nHost: ws.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://h5.metamask.eu.cc\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: DL1PfmdsIelz8VxTNvotrQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Thu, 26 Mar 2026 07:50:46 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-Websocket-Accept: /2LeZmLdhg7oOvGpxE4kWFgIlxc=\r\nSec-Websocket-Version: 13\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":1444,"timings":{"blocked":0,"dns":487,"connect":638,"send":0,"wait":157,"receive":0,"ssl":642},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/getCountry","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /api/common/getCountry HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511442\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 242\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":306,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8ad5ab5822dda7ea8235ce36b7414efa","sha1":"ec9daf26786c0b2eca66281eaaf79127ed55c446","sha256":"b2a3c4d33accb194b6ec31b4a49070bfce5a0d64e715d50ae989d6752eb78fcd","sha512":"f0aa0315baa9c9715273290bd448f31499550dfa82b62dd20c7eabc8aa0248df39cf2f58808fe478723576eae2de40e3517279db2e8518addd8a5d04c69557be","ssdeep":"","tlshash":"a8e0265b3038ae28ea2f82c9541f6e1922ec301b428080978ce89b2cc1442a0304152b","first_seen":"2025-07-16T11:12:21.705691Z","last_seen":"2026-06-05T02:19:33.638493Z","times_seen":15,"resource_available":false,"data":null}},"time_used":575,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":575,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/_plugin-vue_export-helper.BCo6x5W8.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/_plugin-vue_export-helper.BCo6x5W8.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 91\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-5b\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":91,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"41bf66d156aac38dbf7a45b53cb4db18","sha1":"4aa693a2afcc34b6a577e1bfc4be3ef5a458dce0","sha256":"a7dbb0eaed9de79041d555c4563be4bb0514099b8d169a2b548ab2d07102cb55","sha512":"64e1a5c2939052c93692338bf78b66723ae6673121d2915a9fb0848449e4b2657c1a31c8940bc7c9ec77554fd4c04ffae1b787297f0fba23983a987e85caee15","ssdeep":"","tlshash":"40b012e500824138432175c796f444649e08005c394756d144480d52c143080541bc3c","first_seen":"2023-03-26T04:51:44Z","last_seen":"2026-06-08T06:01:07.230945Z","times_seen":1554,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/pages-opening-opening.D7QEmFY1.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/pages-opening-opening.D7QEmFY1.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 557\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-22d\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":557,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (556)","md5":"501cca50df966e93d3e728cb832d292a","sha1":"712a0d0a8195abf91b23b15358549793647148da","sha256":"191fc365110c82b3580cb27a1c0536a49c8b091d80b6e13240cbf065b706f8c3","sha512":"6b04e80eae7e9c73bd4b8f7b9ca26cdb5224829675080fe83208be4127f8db920b7be31ccf6a97de866eac9a5e7a671722534f5c63429e3413754c572359be3c","ssdeep":"","tlshash":"d2f0202c0719a0b1c62400d49113b7981c242270032a8889e7b4e81ffe10dcff32dcb9","first_seen":"2026-03-26T07:51:16.020229Z","last_seen":"2026-06-05T02:19:33.602003Z","times_seen":6,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/cblogo192.D7wYePgb.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/cblogo192.D7wYePgb.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-1335\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4917,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (4916)","md5":"dfcb3df7096db588aa7f11017db40944","sha1":"692c7012175a8cca70241cff5ada975bf7b55208","sha256":"b26738b1e5b07204b35ed3c41d5c845df0f9131540676edf0075a929bbd438ec","sha512":"8cc004ea871e5d23f636bd395d5e74cb398b7b6263fb116d9e8335ead9d86caa2b3ecdec00a7490189ce38529243561bc321efc8acd9939ec65ad0548b216aab","ssdeep":"96:1lprlt2zyFByj9i+OcLajkqH49wVqw8IcTwq5UE:1lh3OJ9GjkCoIKxH","tlshash":"90a17dbb2752f5860a4e9404d24c0934da48ccea337cc853d78caf086de9611bbda7c8","first_seen":"2026-03-26T07:51:16.048064Z","last_seen":"2026-06-05T02:19:33.616594Z","times_seen":6,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/position/detail?code=h5banner","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /api/position/detail?code=h5banner HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511444\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 69\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fdf0896879e4dd3b03e0c808693b03b1","sha1":"a41781fd41f43f66941e446b7e0b170a9743753a","sha256":"2c4bdd311045ace9f4870320123b08b0ac5aaa74a0f47b0644be0a40509b53ad","sha512":"e834bd409e8343e4e36d38c2df96521d082bb90da079d107d8611d18e4e556b9f32437d1f696137e6cdb46f7cf1478c2c5e924e7f0b4eae7949efd927026c3a4","ssdeep":"","tlshash":"9da002532d14ace6e7036186752a2e0064e870a295501017d99d516dcf19521318392e","first_seen":"2025-06-19T20:06:53.489188Z","last_seen":"2026-05-26T14:24:25.177812Z","times_seen":14,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/config","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"POST /api/common/config HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511443\r\nContent-Type: application/json\r\nContent-Length: 23\r\nOrigin: https://h5.metamask.eu.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":23,"data":"{\"group_id\":1,\"key\":\"\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: text/plain\r\ncontent-length: 567\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":853,"size_decoded":0,"mime_type":"text/plain","magic":"JSON text data","md5":"ebe26f7814c57f4fea9629cc86579236","sha1":"ec485319137204ff707744f962bd2382070f1c07","sha256":"58422a2e16ad2cbb7c66d48b53de0516d8425d083af4bcb584828872371b7236","sha512":"261b60ba6ba67d41ba6b9f23716ba34e1c9a424377e4799353d9785a5d87186ec77236cca4ecde80761c32e6c2dce185964925fdfd47e1a337fc951a4b1552ce","ssdeep":"","tlshash":"c701afab6ac85d2b47521bc9f10c702e9a1a27038c989183dacb9db496bd0d96149037","first_seen":"2026-03-26T07:51:16.000106Z","last_seen":"2026-06-05T02:19:33.607249Z","times_seen":6,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/getServerTime","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /api/common/getServerTime HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511443\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 93\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"23c876fb32a27d71d3c93f829322db39","sha1":"2bf366871d7974796f1c1ece4d15a4af5af26db5","sha256":"ec706b85c5318913accc9b51bfc82d347e84b1c69420224f1b15e864d990f595","sha512":"4ec3fabd5fbbdf75320271a05e94aa1fa1034f81366dec48bd8d2b53634e2e5b5a3f59613ec8021043f9fadd2d7815adc3ee679cea5110d4d97337818381478f","ssdeep":"","tlshash":"35b012432e005c69d702b14124155a0024f860e189814003c48c1198ca042213143619","first_seen":"2025-06-19T20:06:53.46499Z","last_seen":"2026-06-05T02:19:33.623053Z","times_seen":12,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-dev.bbbtrade.net/static/video.mp4","fqdn":"static-dev.bbbtrade.net","domain":"bbbtrade.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.864Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/video.mp4 HTTP/1.1\r\nHost: static-dev.bbbtrade.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/HarmonyOS_Sans_Regular-BHHgWLDZ.ttf","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/HarmonyOS_Sans_Regular-BHHgWLDZ.ttf HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/index-USC-PQWk.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 146616\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-23cb8\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146616,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, digitally signed, 14 tables, 1st \"DSIG\", 21 names, Macintosh, Copyright 2021 Huawei Device Co., Ltd. All Rights Reserved.HarmonyOS SansRegularHarmonyOS Sans V","md5":"48d656ed53e13d664de5cfdc7d3c438a","sha1":"8bea06ce4d7b4196f5e5f60b5580bdb1519ff560","sha256":"4f00c7e80329238d0b6fc58e5c829c4086432ba9fa1a8c5ca3da9a0442ce0452","sha512":"4d3189ddd412c1018a1c102c7067b5983ed2ea46d26a0e7f5f8a0829b77557c35a6cdd41c3573c3fd0592e240f1dbf51133a73ad246f0f44dfbe37f5b1c1feff","ssdeep":"3072:2waXVb3/LizgXbAsJzu82vIm3r6yoj8Gf9g4I3ZgDl6iquMX3js2O0:GVb/Liz2Jzu8IIm3rE9g4I3ZgDlnJO3T","tlshash":"7ce34a07f3a3db5fea16adb9a632e22283cef434793e874ef5041567d49b8e1c884541","first_seen":"2023-04-07T05:22:56Z","last_seen":"2026-06-06T22:16:44.858306Z","times_seen":628,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":270,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/cvlogo-UqATCrg4.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/cvlogo-UqATCrg4.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-22cc\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8908,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 230 x 60, 8-bit/color RGBA, non-interlaced","md5":"7172a6b1a420fcce07b1d50e217dc43b","sha1":"e3e5a3e494e1849d8d5fb111d88392cb693642f7","sha256":"934b4289ee060a0ab8beaad4476183b2440f756f0a88af65db6b4a5e88793160","sha512":"cd4ccddf9033e9a52ebfd7016f50095b40f2ce928ba6de9b1b11af410bc2751877bac11395703920214a94cbdace57013f787440903ec2e07669476373e71d85","ssdeep":"192:SPTSugI+YIkkp97qre2sKYCCAUHHyyJ6v1W6K9HezDtvzjvm:qwI+YI/tqKDzC2HHyyIv1W6yeDtLjvm","tlshash":"7a02af4dd6ab60e065360bb7aa61f81ed3c535285b8e3147125ed16c7c29ebca0a0d23","first_seen":"2026-02-13T02:55:07.185746Z","last_seen":"2026-06-05T02:19:33.64664Z","times_seen":7,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/product1.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/product1.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-172e\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5934,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"9c73b24048a20001221066c92881f5db","sha1":"4b7f4a9eb5c5e67e7e70f57e13c110a07c2da56a","sha256":"1c30b16895c9ce7d0ed4f83792082a283932b288285b8a2386cccbdf8fdafaa7","sha512":"ccd509034add1f8d41813056744bc26d7c699c27bc1cdd2f8de36d08d5268542b456b85d723441d3791979347fb1725bc9e4e8156b9cd171f0c539449ebbc49e","ssdeep":"96:E16sj0m/4eNWZJd2E0zAaGDdB/tNpgMQUn2wiDWwOHVGJOFTDf:E8sj0mhN6mAXJ7TkUn2wiDW3HV4Ot7","tlshash":"d1c19f327dcccca0eae746379c1f8a729a85afd91817c5a3591e4010525d1e647b8c2b","first_seen":"2024-08-19T21:19:37.592055Z","last_seen":"2026-06-05T02:19:33.631863Z","times_seen":27,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api-dev.bbbtrade.net/uploadfile/20231027/576500548916768769.png","fqdn":"api-dev.bbbtrade.net","domain":"bbbtrade.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:45.313Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfile/20231027/576500548916768769.png HTTP/1.1\r\nHost: api-dev.bbbtrade.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni-app.es.DryKfclR.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/uni-app.es.DryKfclR.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 84\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-54\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text","md5":"39b47d91b737c4ea36792cc321fcf87d","sha1":"9ef7c05c4749651e944e023859c108b98297ee93","sha256":"f2fa8a1205df8dd9e48b1269e689d709ef3f5e59f785743a1660db20230dfb49","sha512":"0e80cbc1d107e792e21534bb94c0e3460a2096d67873e11312e4735f2ff2af90290e45b15a62e135b719caf36ff2d89438c99a1c4fe9cb299bdbc0c1a9a7fbd2","ssdeep":"","tlshash":"77a01207604130125802284000a6640b51f611f145888e3081d913245ff44ec812c90b","first_seen":"2026-03-26T07:51:16.007695Z","last_seen":"2026-06-05T02:19:33.591999Z","times_seen":6,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-drawer.Ble5JxOT.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/fui-drawer.Ble5JxOT.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-7d8\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2008,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (2007)","md5":"958d21a3b5b0313a533b21618299873d","sha1":"c0abf61cf63cc89a8c3acd10f899e0f78225091c","sha256":"8b247b50b8cd262a67bbf8d108d1da192bccdf4ab2988b9546e9f46608269ef4","sha512":"f27a4bb5e0f932c58e024d5b57bf517f6f47e7f276b7ed4cb63bd1ce6a1b7fcc6b327845af6f41b7dc197955d9477fa07bc6f04a9d5ffe7805de7f5b1400840c","ssdeep":"","tlshash":"6f4176357008383734aac4b5707224880c7c272cefba3bbebdf1a3799e80458614e729","first_seen":"2026-03-26T07:51:16.055628Z","last_seen":"2026-06-05T02:19:33.592761Z","times_seen":6,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/account/userinfo","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"POST /api/account/userinfo HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511442\r\nContent-Type: application/json\r\nContent-Length: 2\r\nOrigin: https://h5.metamask.eu.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 109\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":105,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"595e2fe887b748ea62ccde36a88a563a","sha1":"af2da798609e9581dc106acf5714c708d100c5b6","sha256":"ffd03cdf521d68de4f23defce0cf1411913c9f9a8278fd49d5f29e2faf93da91","sha512":"4fa055b97a1cfda53e40d97102ce2e01e3991141b41186344f5740ea7f325c9901b66946953894ccc0b7d08d6c3fd0a88ff49eb71b3fc69434d44fe507618e2b","ssdeep":"","tlshash":"ecb0129e0645362caae25373709e399937a7414047392cc1c444c578e908450331b3bb","first_seen":"2025-06-19T20:06:53.547472Z","last_seen":"2026-06-05T02:19:33.611303Z","times_seen":11,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-icon-CBHgIZkq.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/fui-icon-CBHgIZkq.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: text/css\r\ncontent-length: 435\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-1b3\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":435,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (434)","md5":"60500b1b39ef844e56b69cc350db8b77","sha1":"80e1754b48c7f2169d52b1fe4ffb48df4bd207e3","sha256":"3d1030bc12acba02a2d6a6be4e80db308904f20659434caa2e71d027a4034e7d","sha512":"c93d7bb4f74d079e19e081fd786cbb1c1f25eccabce59ee4573c80dbbf0327043300c41da36d87b8f8d0ef6f1153a768b5d2405a7b8b901c2c269828f7b94c28","ssdeep":"","tlshash":"dfe05c4ab18d3412249b983b25e1d93f3821e721dc22ef2820728d201fb28f36022631","first_seen":"2025-06-19T20:06:53.458865Z","last_seen":"2026-06-05T02:19:33.634369Z","times_seen":18,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/opening-DBUzduvJ.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/opening-DBUzduvJ.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: text/css\r\ncontent-length: 100\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-64\"\r\nexpires: Thu, 26 Mar 2026 19:50:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b88bdc2162ddd55422beac36682be32b","sha1":"7f904f6b93d3c73537566a6d0d78f28cefc05abd","sha256":"e35cfa072424200feb359a9f10fdc8d908c1a2c1a5a62f23a7426e8d03766654","sha512":"794d98fbb65ea669529ee6fb9f38d69d202d5472037a0188636e28f333951c362593b895c544ed36df722eeb25cce8502041b9c1d23268a8496ee174d96deddc","ssdeep":"","tlshash":"8db01258313c540604239324fd0bfe1e0b342a07633b8303287348232443d9bf234050","first_seen":"2025-06-19T20:06:53.543761Z","last_seen":"2026-06-05T02:19:33.618421Z","times_seen":11,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/drawer-icon4.DunHuFkW.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/drawer-icon4.DunHuFkW.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-4ca0\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19616,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19577)","md5":"2cda18a37ea92c29ef1e6a6363c70ab8","sha1":"8516208f971a08b9f0161c3fca4ca2d036b48b1a","sha256":"9add3ce44eb9862bc1840f3f4e152a47ed43f5526af1ed5e081a2823add47a74","sha512":"236bdea2f490fd9aeac6c3375a1ef4c6137b79e56e1279cf655f4dbf03906da56cb79debce5ab1539ff0c7dbe0ee291ff90a778ccf065683bd6ec0be95e40473","ssdeep":"384:PT9kBCayC5T/kgOnL+akiuFY6cA6rw28Sk:PRkBCay8Ig6L8bFhp28Sk","tlshash":"1d929e3a342d7db54dc5526021090202de2a2a5ec4b8317ebfbdb7ef7f49c50666a734","first_seen":"2026-03-26T07:51:15.99389Z","last_seen":"2026-06-05T02:19:33.59624Z","times_seen":6,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/fui-drawer.Ble5JxOT.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/fui-drawer.Ble5JxOT.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-7d8\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2008,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (2007)","md5":"958d21a3b5b0313a533b21618299873d","sha1":"c0abf61cf63cc89a8c3acd10f899e0f78225091c","sha256":"8b247b50b8cd262a67bbf8d108d1da192bccdf4ab2988b9546e9f46608269ef4","sha512":"f27a4bb5e0f932c58e024d5b57bf517f6f47e7f276b7ed4cb63bd1ce6a1b7fcc6b327845af6f41b7dc197955d9477fa07bc6f04a9d5ffe7805de7f5b1400840c","ssdeep":"","tlshash":"6f4176357008383734aac4b5707224880c7c272cefba3bbebdf1a3799e80458614e729","first_seen":"2026-03-26T07:51:16.055628Z","last_seen":"2026-06-05T02:19:33.592761Z","times_seen":6,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/HarmonyOS_Sans_SC_Bold-DFJwAIlE.ttf","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/HarmonyOS_Sans_SC_Bold-DFJwAIlE.ttf HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/index-USC-PQWk.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 835288\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-cbed8\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":835288,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 10 tables, 1st \"OS/2\", 14 names, Macintosh, Copyright 2021 Huawei Device Co., Ltd. All Rights Reserved.HarmonyOS Sans SCBoldHarmonyOS Sans S","md5":"62c227ccf2e7e57401426115ca7ee5d6","sha1":"df0ab55659ed881e109dd960766617e1f4e12b05","sha256":"18336ddf23933121cd620103c9cd4da44585113d3ff54d07060fed9d94f96b0f","sha512":"03cfa9f18643e57047dbbd5973c3bbbbeef9e5c466e17a26f2e120a0106235d4bc08c2d13b39bf52a5c60cf6b0166190cd4acaf175da40c298af3070db03b5c3","ssdeep":"24576:IoZSwLDJCvRmUT3VFK1Nvkb+OKM5euMmj8BR46G8wQlX00KLq7c/wk:vvJCV1s/bXKhD","tlshash":"57057c929bc96a1ddd71febd1d04719af08ac0394b16f2f2aeab2d3904339c54858df1","first_seen":"2025-03-06T21:41:52.711418Z","last_seen":"2026-06-05T02:19:33.630874Z","times_seen":27,"resource_available":false,"data":null}},"time_used":440,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":168,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/product5.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/product5.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-1601\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5633,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"136efa6947c1d1362eb5cdc9d6944f89","sha1":"0e3d3e59bebc91a58bd74333c2ded63041638a49","sha256":"db9fbb16222f8efab37d6c1f7927fb91d0ca7b89e9f62b529234361565e49248","sha512":"402a4002732e1243e4944dd48dc5321870e0a6fdd82446a2e92a172242afdafdf3552961257a8c30319858ccd82996ac3b32e01404389bbc3b310c33b672d6a8","ssdeep":"96:u9JuNLP1RsOcOc0L3L87PG9QZhR+kMwb9eLaaExkIJT5iDVNCZiR4D:u416OcOZA7PIkMOHaExkC5iDVkZuK","tlshash":"d0c17c8ba2de0d89d187c03dfa44d654a3c1b5f53d7214d3a48849f32e6448688c9bdf","first_seen":"2024-08-19T21:19:37.595237Z","last_seen":"2026-06-05T02:19:33.587859Z","times_seen":27,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/currency/getTradeCurrencyList?n=1","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /api/currency/getTradeCurrencyList?n=1 HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511444\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 1683\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7420,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"eb83650f3223d562106c70084a9ce047","sha1":"2e8c0bb21031e89eeb508e746fd8b0c4e1f7996d","sha256":"31b97cca8d780901f2683bc9ca048e28676a3a022ae1f3f8cb55c363164413e1","sha512":"4282ad6ca386b003f109e93d4264bbf638cfbea8ce8c7e277b3b0a09fc6ab5bc1dd0c549972a7c9632b61ca818c38aa893cc8c3a5321defc29fc9c4b02396eff","ssdeep":"192:ScKvYj8Dp5wcK6/g1cWBtGjcKvLcKacKS:Sujup5wnXBtEtQ0","tlshash":"49e1f0a553f89d60c6bb0ac38b86b951505eb12f8cc14f90d3ec8d6406d597f5907b33","first_seen":"2026-03-26T07:51:16.063079Z","last_seen":"2026-06-05T02:19:33.60112Z","times_seen":6,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":362,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/drawer-icon4-DiX-_fWT.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/drawer-icon4-DiX-_fWT.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-835\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2101,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2100)","md5":"c20a5f8b4b3cc9199f8f5726cff48603","sha1":"edcb0342193dc2cb1bbe7c8e66a0d12a6dc24fb5","sha256":"2d4e9a3f9634bd7b117e65377d013d2ad18a0c0695ed220e6247bba6764abc08","sha512":"cee6f9e018e38adcc2ff84e479a3547f180414bb7f519c7816a0db2ecac4bdca7db16e16bae2d209b2ade8c53bfb1eaff3a80a7d5a713c4a0dcda7da7686aa8a","ssdeep":"","tlshash":"4041803b72042b285af3f11461d18f49a13a9691d36115edf3223b0f8fe778626b5fa4","first_seen":"2025-06-19T20:06:53.514424Z","last_seen":"2026-06-05T02:19:33.608605Z","times_seen":12,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni-icons.CeORqMFo.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/uni-icons.CeORqMFo.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-4418\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17432,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (17419)","md5":"0a7db9e2d261ae77acd4bfe36ff5d028","sha1":"e87642cbf71ef0651fe30658b394e81346f25977","sha256":"273cf0487684a18a13eacc4a27854c57ec48605f2ee392b95bf49572096b8aa9","sha512":"3567545c5f6b11dcb8ec88d3b6cd8db39aee1ccaf59afaa2cd36906b275ce8a651f088b750b75973069401cbbe7714c2900ee4160b8848bca94a2e27a51ea1ed","ssdeep":"192:+mrXEy1lUnUG6qkFqA8TkJcYyqn5SxK5TgeaaBVZ0O6mNj:9rX/BqQcY15T5PVZ076","tlshash":"de721349cb8c299c2fbba74d74cc7076114e0f95c90e3cec6c65e74ea5dcda6268132a","first_seen":"2026-03-26T07:51:16.002038Z","last_seen":"2026-06-05T02:19:33.604614Z","times_seen":6,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uni.04da5e72.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:41.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/uni.04da5e72.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-95fd\"\r\nexpires: Thu, 26 Mar 2026 19:50:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38397,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (38396)","md5":"87c54b7f7505fdcca56d38aebb77ec89","sha1":"934fea9680b78b6b545bd901472e1562bc17bcb9","sha256":"04da5e7295e594018c6b88d9e4f692b36dba5485dd3ac5c09199096ef819d3f9","sha512":"69b674b38b5363b19b5f6e9935750182d1e0150363b93b1af41433268afdc6b887c7222b6ee56ede5ea2a3d9aa95442b1c81cebd7d49da8692e1dbcc1740862d","ssdeep":"384:UXpmLWLAHc8aux2iei+XHyVcy/iatZrBFckh+lOR0o1cD0OEBq290:U8Suzei+XHfatZPThSORHcD0V82m","tlshash":"0d03d735aa002929f967ca1659c1db8f2e34c573d9a31b1cfb7570288b9e5c91a3f3c4","first_seen":"2026-02-13T02:55:07.036904Z","last_seen":"2026-06-05T02:19:33.610435Z","times_seen":7,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/menu-light.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/menu-light.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-641\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1601,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"00113921d3d6098daf6ea0a692ba9028","sha1":"fda2a2aff4c84d7ecfeb46a430a1ca6331f4cbdf","sha256":"3f16db30d7bb3c37987ddd9ce6aa51557e44a3816b9bf2fe531fdeeae2d2a2e6","sha512":"979eafed5616e90b890356cc237ecd0e7de85acf68bc40151c570bd90cec4c4701a1c00dfd6a6bbadb8d65f192c460c0ebfcf7671eb80f746a28f0567b0113f0","ssdeep":"","tlshash":"d431007e2698432b62f53ca68abb14f817d212810bf0654dfe9800977a799a109f9727","first_seen":"2025-07-16T11:12:21.722278Z","last_seen":"2026-04-10T13:30:45.596828Z","times_seen":8,"resource_available":false,"data":null}},"time_used":374,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":374,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/ecology5.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/ecology5.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-208a\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8330,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"3b9d21f4ae33d703779fc70db9ce63d7","sha1":"a8fc80eb488213c63cda2a97c104efc41001ebb2","sha256":"a5250e640140b9ab3fe02199e2e075c5f047c30273e0b199a7699d8dd60aef14","sha512":"6f8e48460543dcd5ca5fa4a687d0f11b02b174455ace283aac04738053dc2f590fc3052901ca4ba78025fd91e8645b04d497261a486ee6ed504d983eeeb9dfb7","ssdeep":"192:LpjULC4xu830hQvPb9ES7aQfdpYpF2+PWB1Mvv5sSvZBi6gs:LpYLCCu4+SREyfKrnD5gs","tlshash":"6e02b0efec6c41a7cf4e37f7509348b574eaa9cfac142680cba89b10b4078874e98147","first_seen":"2025-03-06T21:41:52.710726Z","last_seen":"2026-06-05T02:19:33.640371Z","times_seen":24,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/medias-icon4-DtrZS0v_.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/medias-icon4-DtrZS0v_.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-1d07\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7431,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"7a9ed45bfce4b817447206f5d8feb093","sha1":"5a7fcc537b7f1078491430a6ea2dd97c6006a548","sha256":"1508659386d593ee5cc39c8fac35e5bd1e3b24581972da52861eeb9c48fe6b36","sha512":"a1c4255cc5825e29afd1a1e3dd9e3b6112f449af6441c23450c8de9bd932724483d2095236296901527865205742e2613cb73cfb7ecc0438aa438c97be3957f7","ssdeep":"192:+p7qqt1qp3bKxtdaivdeCt5pvbPpSVXqbItG9mg2aO0:+p7qk1S3bKxaExutX0","tlshash":"f8e1afb3c37760d46f02d8cc7b8629d89b6d2e258c1e9d3b21e12a9a4517741f2c527b","first_seen":"2025-03-06T21:41:52.765826Z","last_seen":"2026-06-05T02:19:33.628523Z","times_seen":21,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/pages-home-home.Bt3x3ywD.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h5.metamask.eu.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-5f44\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24388,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (24354)","md5":"ff6b22aebeb465761b33cafb299a861a","sha1":"5e901f28e4fb78a33e75dab990a68a2fe371636f","sha256":"e2b9b500d781c2e8a301050dc6b8dfc51e474510d41ad5f86061244f37cfe88b","sha512":"4803d333aa1e4eed39ce4c6a7492e4798b7d66d967c8a8e6fac9145e0a08cab2b3a8c4db6e7230f16b1c0bd26aead4fd4751866bf928ba5001e5037bab7ba0da","ssdeep":"192:yQoxZHzC5k9F/UogsLUWaT6FtAgzz0I6DnvvGf4pVCjW02adjgfKhZSRihh4M9LD:y/ZHzC5k9PRUjTGtAIJaV4W0VB93fcK","tlshash":"5fb24209ff1cc6786ca22118c09a8060757a99afd505385fa2f4bf3f4266d2859ddb3f","first_seen":"2026-03-26T07:51:16.035782Z","last_seen":"2026-05-03T02:06:23.94489Z","times_seen":5,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"ws.metamask.eu.cc/?token=17745114428266717316$trade\u0026sub=trade","fqdn":"ws.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:47.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.metamask.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:15 GMT","end":"Tue, 23 Jun 2026 09:00:14 GMT"},"fingerprint":{"sha1":"5B:37:D7:39:0A:ED:4A:75:AB:92:65:36:B9:89:D4:5B:52:48:76:28","sha256":"29:CE:57:C1:0A:5A:B6:DD:28:88:D8:A4:C1:D1:29:26:71:A3:39:54:E3:C9:46:25:87:C6:56:B5:CA:5E:50:85"}}},"request":{"raw":"GET /?token=17745114428266717316$trade\u0026sub=trade HTTP/1.1\r\nHost: ws.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://h5.metamask.eu.cc\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: cMhOlGMlzdQf/qaNJvflvQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Thu, 26 Mar 2026 07:50:47 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-Websocket-Accept: 4AzlmMEkLOdhoATmL9+JVZ1fUmE=\r\nSec-Websocket-Version: 13\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":-1,"dns":1,"connect":156,"send":0,"wait":158,"receive":0,"ssl":163},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"ws.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/home-BrE72ISy.css","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/home-BrE72ISy.css HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-5699\"\r\nexpires: Thu, 26 Mar 2026 19:50:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22169,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (22168)","md5":"c8e9495ff37bd256df365cd8cd38e59e","sha1":"f8aa84cd6bd5d8fe99817152bfa07d842409ede5","sha256":"455c9924d6b9d0decd7679cfaf90953eb0b472a35cdfc0505ee739fdc204783e","sha512":"aefbed3407bf949dc33250a4990db0308c88302e783db1ccb240dd50bf16b4fab37b103191d398484ddfc20c8ce2bc33c719d182272b1e918bc03d870f96dcdf","ssdeep":"96:tjFQrOXmpCK6zqeYG362G0GKfGQGx1LHwZoe9JtgSpSvSgPV3gd6GWz0Ja2gk9Ao:tjnX6F4YcntdQ1LHrdK3D+bd59ozT","tlshash":"43a2367c231c7738ad73d903699816cc0925b7a8d242058fb6ab795549cf7c32a71fca","first_seen":"2026-02-13T02:55:07.059355Z","last_seen":"2026-06-05T02:19:33.643781Z","times_seen":7,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/getCurrencyFee","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"POST /api/common/getCurrencyFee HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511443\r\nContent-Type: application/json\r\nContent-Length: 18\r\nOrigin: https://h5.metamask.eu.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":18,"data":"{\"currency\":\"USD\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 234\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":234,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"46e15cf4768cfc6a5daaa99655f2fb0e","sha1":"14aa831ad82ff65c64af9b606f4683285487c297","sha256":"7abb768fcf81d4d3a2562cfa873b8cfe9c329bd85a55ddc9e9c4c2828968c05d","sha512":"0e7d82249f7f968d0ba1203d2e5af94fccf3b1e5453bc716cdd86d78f2156d7635c102462be002ec68aae1710e692539dbda0b955c9af8f1505034ab6c41f049","ssdeep":"","tlshash":"67d0973a400922cdc3a26240aa8928b18873f20adf02506d860900bfa28a42820ea884","first_seen":"2026-01-26T05:16:18.289241Z","last_seen":"2026-06-05T02:19:33.625014Z","times_seen":29,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":180,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/cblogo192.D7wYePgb.js","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/cblogo192.D7wYePgb.js HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/pages-home-home.Bt3x3ywD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a2178a-1335\"\r\nexpires: Thu, 26 Mar 2026 19:50:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4917,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (4916)","md5":"dfcb3df7096db588aa7f11017db40944","sha1":"692c7012175a8cca70241cff5ada975bf7b55208","sha256":"b26738b1e5b07204b35ed3c41d5c845df0f9131540676edf0075a929bbd438ec","sha512":"8cc004ea871e5d23f636bd395d5e74cb398b7b6263fb116d9e8335ead9d86caa2b3ecdec00a7490189ce38529243561bc321efc8acd9939ec65ad0548b216aab","ssdeep":"96:1lprlt2zyFByj9i+OcLajkqH49wVqw8IcTwq5UE:1lh3OJ9GjkCoIKxH","tlshash":"90a17dbb2752f5860a4e9404d24c0934da48ccea337cc853d78caf086de9611bbda7c8","first_seen":"2026-03-26T07:51:16.048064Z","last_seen":"2026-06-05T02:19:33.616594Z","times_seen":6,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/assets/uniicons-ClHF27D8.ttf","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /assets/uniicons-ClHF27D8.ttf HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/assets/uni-icons-CpF7sPM7.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 35760\r\nlast-modified: Sun, 17 Aug 2025 17:55:22 GMT\r\netag: \"68a2178a-8bb0\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35760,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"GSUB\", 18 names, Macintosh, Created by iconfontuniiconsRegularuniiconsuniiconsVersion 1.0uniiconsGenerated by svg2ttf from F","md5":"b6d3756ee0e3dd7ecb155b751a233247","sha1":"4e61eda60483fc01548f76ca5741ee838486cc96","sha256":"89ed7d6d732e893a473c6d6b443f854f4dcdf57360a11016306335a2048895ff","sha512":"0dca69f143ce0b6428348a23a9030ae49ae1936d940e28c75b766f89ec3fff44df111e435c300ffab7dac14d3f6b39fef8d8babb490b755c2ed5ec1b3f602cd4","ssdeep":"768:66TDym6KsVBqac6riFK/d8PWenmP7p7+A9cbWL2eRaXNPs:JTDym6nqB6WsdenmP97dqb4lss","tlshash":"2ef28e65176d4e6ad97e59ba188761130f7eff30a0b1ed16ee8ebc5e84080f405e0b1e","first_seen":"2023-04-13T07:38:27Z","last_seen":"2026-06-07T07:21:28.040156Z","times_seen":518,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/banner_rewards_light.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/banner_rewards_light.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-437\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1079,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"b238eeb0abe9a51639991ec2f312c6ef","sha1":"dfce3c3faed7b2fcf9818127c9a7d5e7164c2b13","sha256":"5c0fccbbbaea2a0064e290d91d572241fc75376a805c00cfa239e7c9e82d1225","sha512":"a40a39634fa71b8205b0f172f9b0d93c065f8117d097eebe2a9fa4712acf1f3598dc529c930ebc880a7995620d16eccac45f8f777f6146b349771b428597d76d","ssdeep":"","tlshash":"06113260c99b37f8d2981b661c4a48458612dc29c683248d6967bdb4d64ce032af0b37","first_seen":"2025-06-13T12:22:20.880618Z","last_seen":"2026-04-10T13:30:45.627517Z","times_seen":24,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":373,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/position/detail?code=index_notice","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /api/position/detail?code=index_notice HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511444\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 352\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":771,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1d429e1e0e3b6881435e113cc820f53f","sha1":"53d80ae1a6eff5c26a28a257227227232cfd2279","sha256":"2bcdc31c5d5b26d6b1e0d4857f87bb57b7c2d2237f16a0602047a8cef136f914","sha512":"a39c26c6745fcd65e007d42584b51e43dd03af84b6dcce1b56b707e9c8febaeb96f10f0910a2b2ab74957a1e8f3c90a70b04f51f9a37383618bcec201e9e9829","ssdeep":"","tlshash":"200190335d6c94b5a68c32d405cfbc84c0aab397db4981139f08ccd89edd39987ab966","first_seen":"2026-03-26T07:51:16.076843Z","last_seen":"2026-06-05T02:19:33.629971Z","times_seen":6,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-dev.bbbtrade.net/swiper/dpage.png","fqdn":"static-dev.bbbtrade.net","domain":"bbbtrade.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.825Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /swiper/dpage.png HTTP/1.1\r\nHost: static-dev.bbbtrade.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/product4.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/product4.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-1384\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4996,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"eb6806f9c80be386bb96a81319e3e6fd","sha1":"566cbb95a0099b6f89edb491e6f4b3b20ac399f9","sha256":"6ce0120e81d8ea3c4ad5efa0a3746ac67cec861665626d0af2953bbe1169c9e5","sha512":"0910dcbd2164b86495c49a9233ee64b34960bda5227264cb92097c7edfae089bd6a2c677d4daaddfcba3874d98b081c66b6254072c5ce7e6196d5a5eef73b3e4","ssdeep":"96:/6nPLe8Gig4Sf4eBAVrdFfje+2C9lP6hzfyKr0741TV3AFhxSk+frWGKy:/EDeG8hK5ljGilPujyD7cTVUB8+y","tlshash":"ffa16d892ef4e46ce5ea103b149081c906a645d5f872a459fb64c2d0d99f2f1cd750b1","first_seen":"2024-08-19T21:19:37.620082Z","last_seen":"2026-06-05T02:19:33.615509Z","times_seen":27,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/api/common/getCountry","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:43.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /api/common/getCountry HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: Bearer\r\nClient-Device: 0\r\nTimetamp: 1774511443\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 242\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: accept-language,authorization,lang,uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":306,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8ad5ab5822dda7ea8235ce36b7414efa","sha1":"ec9daf26786c0b2eca66281eaaf79127ed55c446","sha256":"b2a3c4d33accb194b6ec31b4a49070bfce5a0d64e715d50ae989d6752eb78fcd","sha512":"f0aa0315baa9c9715273290bd448f31499550dfa82b62dd20c7eabc8aa0248df39cf2f58808fe478723576eae2de40e3517279db2e8518addd8a5d04c69557be","ssdeep":"","tlshash":"a8e0265b3038ae28ea2f82c9541f6e1922ec301b428080978ce89b2cc1442a0304152b","first_seen":"2025-07-16T11:12:21.705691Z","last_seen":"2026-06-05T02:19:33.638493Z","times_seen":15,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/statbar/new/trade_p.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/statbar/new/trade_p.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Jan 2024 19:07:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65aac880-1f97\"\r\nexpires: Sat, 25 Apr 2026 07:50:42 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8087,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 801 x 801, 8-bit colormap, non-interlaced","md5":"12edb8fd3f025d01c9e066ab51158c10","sha1":"c1c64dda47889834f5afd7f125d727f56a3b0515","sha256":"95bdf22bef3842df575565f039cce92296327c5c5a23a94c93a337273c14a8b8","sha512":"ebff2021c820f04e242109b27fc5fad9321ed68aa1bba74bf916eb0457f908c49aa13ec517a55f8dda4f314e3945509ed72ef1a1513679cb1395fa628407b531","ssdeep":"192:ngjFSusVgY9AUDszgaaryUyBpjU4ytCqXAFQLDs6cGvcguWsHK:QIujYfo8fQe4RYAFQrcE9u9q","tlshash":"aef16bb10288965bc76e893c973fedb602a3d83c3e5255839fe0a4c2e5614e5c036fc5","first_seen":"2025-06-19T20:06:53.430635Z","last_seen":"2026-06-05T02:19:33.637176Z","times_seen":21,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/statbar/new/contract_p.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:42.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/statbar/new/contract_p.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Jan 2024 19:07:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65aac880-2697\"\r\nexpires: Sat, 25 Apr 2026 07:50:42 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9879,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 801 x 801, 8-bit colormap, non-interlaced","md5":"178462d7a56561dbcbb571898f85b767","sha1":"90d0ee467d32862c616278c291acdf123f4ef9c3","sha256":"635031bcb0604c5f3401e4d44864392dbbb151fb16a7ffcf5104fc58bb387f52","sha512":"0219cc448410c8130e8370654b136755f34fff424d313625bda290c5c7ee3726844c83e3f9ce5c4b94756dcc97d8760275adb9e59037341ece85af6020f25b11","ssdeep":"192:GT9nPAxKd1JZaySy+xNJBgJ2awmZ2APX6WlIobPjAbw6dPLBX5giRvKniSp3DOGm:GTNPAxC12TLNaIAPXzPjAb7LR5oniSl4","tlshash":"dc12af5ac3a07c5df074e132c34b787187b0abb66693f2442f29d63b81de5e40466937","first_seen":"2025-06-19T20:06:53.527965Z","last_seen":"2026-06-05T02:19:33.61189Z","times_seen":20,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5.metamask.eu.cc/static/home/ecology1.png","fqdn":"h5.metamask.eu.cc","domain":"metamask.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.30.76.121","port":443,"asn":932,"as":"XNNET","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h5.metamask.eu.cc/","date":"2026-03-26T07:50:44.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h5.metamask.eu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 09:00:37 GMT","end":"Tue, 23 Jun 2026 09:00:36 GMT"},"fingerprint":{"sha1":"C4:06:AF:01:AE:B2:B6:27:1B:1A:F5:C0:4E:5A:41:4E:4C:D5:1C:B6","sha256":"54:15:93:46:E7:C3:4B:F9:C4:AD:44:11:9A:FE:40:A4:9C:0C:80:05:AC:B2:08:B7:C1:48:C6:B3:91:98:B7:E4"}}},"request":{"raw":"GET /static/home/ecology1.png HTTP/1.1\r\nHost: h5.metamask.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h5.metamask.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 07:50:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 12 Jan 2024 06:51:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65a0e17a-26a2\"\r\nexpires: Sat, 25 Apr 2026 07:50:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9890,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"e0e78bb5c21199c87147b181eec1242d","sha1":"1d587ead36ddae444ba32aa741b4bffe4f507457","sha256":"40375f2c1ea86f4d58944561dd3f472b720626da71d45d83e0ab6225f5f9f5cf","sha512":"c81cecf876d30f7125f957beee6b9089b70e3accfdb7bb7e9c07c8544fe86e0e2433cb3e62a29f9083fda1063b30b219d8199e9a845ff6db760d0d367d90953e","ssdeep":"192:EasaCyLCss/l5ZHJUbplYV/b9wYOFi6aqCNBu0GWbEZ2ieP3PtnIIgP8kf:EHRt/vZpUdcD9wxFiKN0GWbMePpIIg02","tlshash":"1e129da6e147883ee9eea47864a195857b4830f952d0197a69ed6c3116e33c0db1fc01","first_seen":"2025-03-06T21:41:52.698813Z","last_seen":"2026-06-05T02:19:33.594115Z","times_seen":25,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"h5.metamask.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}