{"report_id":"f5067cc9-bd89-4b3f-bbd1-99882077b772","version":6,"status":"done","tags":[],"date":"2026-04-07T14:44:46Z","url":{"schema":"http","addr":"web-3.to","fqdn":"web-3.to","domain":"web-3.to","tld":"to"},"ip":{"addr":"178.16.53.184","port":0,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"web-3.to/","fqdn":"web-3.to","domain":"web-3.to","tld":"to"},"title":"Application placeholder","dom":{"size":9918,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"951c903a527aef96e99830c9d1bac177","sha1":"3ad14057be09b7c3ed7d3c40437f025d133e073c","sha256":"9bcd2a457260c5dabd5d863df952e439f018af80cbc59513868224f349794257","sha512":"2507e092ad639ba039b5a36af532bd873d6c90c6269f18c738a8e64df2a01ba839c7ba9c2419a1f9f4db35cfad1ef11d748e12fb55ded855c49af69741c1e1f1","ssdeep":"192:evgC8HJp/KqYQ2xSDhNF9adOwjVXhKRVHnoBl7yKJBGThHaEOlT2OWWLNyq:evg7TfVovXSQVlT318q","tlshash":"682297776aa70025791390fa3bdb47063679b103c50add2c7ecc62484f46ae995e37ac","dom_hash":"domhash5a0d146c1c0e70a2e8aff91766894502","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"web-3.to","fqdn":"web-3.to","domain":"web-3.to","tld":"to"},"ip":{"addr":"178.16.53.184","port":0,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-12T14:44:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"web-3.to","ip":{"addr":"178.16.53.184","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-07T14:41:06.954763Z","last_seen":"2026-04-07T14:41:06.954763Z","alert_count":6,"request_count":2,"received_data":10557,"sent_data":900,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"web-3.to/","fqdn":"web-3.to","domain":"web-3.to","tld":"to"},"ip":{"addr":"178.16.53.184","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"7a285c0de045a474d27a7b55a7f272dd","sha1":"1c3b72c7f2f00f65d837bc49c4f8c2e540496aea","sha256":"3a22eacdd196d3525a710b2c8aa2b1ea10d87f3eee7a9eb0644854af689ddd65","sha512":"171feb7b382d14a70119a0750e6a1914c3f30587a16bd57f5d22dd5d40f422fe7ffbc6b94e01ec1345949f716ab83bccdf9730c144ac2a1908cdabeea7802fb2","ssdeep":"","tlshash":"f341236f9d620920999754ea5b4f1110792593633b01be617e0dd3090f2ae2f9372bec","size":2154,"data":"","first_seen":"2025-12-19T02:31:27.187242Z","last_seen":"2026-04-07T14:44:46.565606Z","times_seen":82,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"web-3.to/","fqdn":"web-3.to","domain":"web-3.to","tld":"to"},"ip":{"addr":"178.16.53.184","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-07T14:44:21.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web-3.to","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 12:00:32 GMT","end":"Tue, 26 May 2026 12:00:31 GMT"},"fingerprint":{"sha1":"AB:A4:A8:78:E5:19:32:DC:EF:35:6D:D8:98:EF:0C:BD:46:F2:73:8F","sha256":"3A:4D:6A:14:BA:C7:7A:92:0B:BE:CC:F3:63:15:F1:50:DF:07:7E:CC:32:EB:53:3E:0E:1C:68:D1:B6:73:AD:42"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: web-3.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.26.3\r\nDate: Tue, 07 Apr 2026 14:44:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 3150\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9900,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"391348f3230fc87e55d2bbfe97b996b1","sha1":"c6ddb22e9a5fe3c5cc4d33f2f3fd1fea38f21e5c","sha256":"7f6e6f6ca5ede983b336b3b0e9e7b4f58aa1d967135b1fd76d9abb223c8395fd","sha512":"afc1fe5c0ac431488e96fe75394f8a23751c5161ef76da79071f2c0c5ccc6c6a0b7074e35013675e3d7e4545e3db0e8ebd93fe89758b2e4af479305cd3d04db5","ssdeep":"192:noJgC8HJp/KqYQ2xSDhNF9adOwjVXhKRVHnoBl7yKJBGThHlET2OWWLNyy:n+g7TfVovXSQTT318y","tlshash":"b21298776aa70025b513a0fa3bdb47063679b103c509dd2c7dcc62484f46ae995e37ac","first_seen":"2025-12-19T02:31:27.180574Z","last_seen":"2026-04-07T14:44:46.564476Z","times_seen":81,"resource_available":true,"data":null}},"time_used":343,"timings":{"blocked":136,"dns":1,"connect":63,"send":0,"wait":70,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web-3.to/favicon.ico","fqdn":"web-3.to","domain":"web-3.to","tld":"to"},"ip":{"addr":"178.16.53.184","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://web-3.to/","date":"2026-04-07T14:44:22.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web-3.to","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 12:00:32 GMT","end":"Tue, 26 May 2026 12:00:31 GMT"},"fingerprint":{"sha1":"AB:A4:A8:78:E5:19:32:DC:EF:35:6D:D8:98:EF:0C:BD:46:F2:73:8F","sha256":"3A:4D:6A:14:BA:C7:7A:92:0B:BE:CC:F3:63:15:F1:50:DF:07:7E:CC:32:EB:53:3E:0E:1C:68:D1:B6:73:AD:42"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: web-3.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web-3.to/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.26.3\r\nDate: Tue, 07 Apr 2026 14:44:22 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 271\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":271,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"721e99a66ce7de1469c4fe90d7df6acc","sha1":"9b168712b4bbb351d5413dee0e27300c03959714","sha256":"1760cd323baa833dc59cee6efe474f8f38ffd1b9c984577e9ba7f0a07dfa702b","sha512":"2c22b135ef1f3dca95f50b038f99e40d059e61ef38c2ed4e8fca5362b30d979321b35d9ccbb650a10adaf3b613df986901dd5837199fee177fd6b6026e7ffafa","ssdeep":"","tlshash":"10d02b9e504373864911145079c115c6278d12e6a43a81e82dc6e487529857ecd9aec9","first_seen":"2026-04-07T14:41:10.765584Z","last_seen":"2026-04-07T14:44:46.565014Z","times_seen":2,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"web-3.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}