www.xn--mtamask-w7a.net Open in urlscan Pro Puny
www.mētamask.net IDN
81.19.136.232 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.xn--mtamask-w7a.net/
Effective URL:
https://www.xn--mtamask-w7a.net/
Submission: On January 22 via api (January 22nd 2023, 4:12:13 pm UTC) from JP — Scanned from JP

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 22 HTTP transactions. The main IP is 81.19.136.232, located in Nizhniy Novgorod, Russian Federation and belongs to AS-ALVIVA, SC. The main domain is www.xn--mtamask-w7a.net.
TLS certificate: Issued by R3 on January 22nd 2023. Valid for: 3 months.

This is the only time www.xn--mtamask-w7a.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ledger (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 18	81.19.136.232 81.19.136.232	209272 (AS-ALVIVA) (AS-ALVIVA)
1 2	2606:4700:20:... 2606:4700:20::681a:85b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4004:826::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4004:825::2003	15169 (GOOGLE) (GOOGLE)
22	5

18 81.19.136.232 (Nizhniy Novgorod, Russian Federation) 1 redirects

ASN209272 (AS-ALVIVA, SC)

www.xn--mtamask-w7a.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:85b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tailwindcss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:826::200a (Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:825::2003 (Australia)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	xn--mtamask-w7a.net 1 redirects www.xn--mtamask-w7a.net	3 MB
2	unpkg.com unpkg.com — Cisco Umbrella Rank: 767	6 KB
2	tailwindcss.com 1 redirects cdn.tailwindcss.com — Cisco Umbrella Rank: 77111	103 KB
1	gstatic.com fonts.gstatic.com	38 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
22	5

	Domain	Requested by
18	www.xn--mtamask-w7a.net	1 redirects www.xn--mtamask-w7a.net
2	unpkg.com	www.xn--mtamask-w7a.net
2	cdn.tailwindcss.com	1 redirects www.xn--mtamask-w7a.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.xn--mtamask-w7a.net
22	5

This site contains no links.

Subject Issuer	Validity	Valid
www.xn--metamsk-dwa.site R3	`2023-01-22` - `2023-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-01` - `2023-06-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.xn--mtamask-w7a.net/
Frame ID: A732B83CF107436B74DD29A161CAA1A6
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hardware Wallet - State-of-the-art security for crypto assets | Ledger

Page URL History Show full URLs

http://www.xn--mtamask-w7a.net/ HTTP 301
https://www.xn--mtamask-w7a.net/ Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

18 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

2869 kB
Transfer

3242 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.xn--mtamask-w7a.net/ HTTP 301
https://www.xn--mtamask-w7a.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cdn.tailwindcss.com/ HTTP 302
https://cdn.tailwindcss.com/3.2.4

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.xn--mtamask-w7a.net/
Redirect Chain

http://www.xn--mtamask-w7a.net/
https://www.xn--mtamask-w7a.net/

40 KB
5 KB

504ms
296ms

Document
text/html

81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 / PHP/7.4.29
Resource Hash: 4b787a724fdd9ed87c90e97a961e85d836682250d9574749008acaa659c738bf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 22 Jan 2023 16:11:56 GMT
Server: nginx/1.20.2
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.29

Redirect headers

Connection: keep-alive
Content-Type: text/html
Date: Sun, 22 Jan 2023 16:11:56 GMT
Location: https://www.xn--mtamask-w7a.net:443/
Server: nginx/1.20.2
Transfer-Encoding: chunked

GET
H2

200

3.2.4 Show response
cdn.tailwindcss.com/
Redirect Chain

https://cdn.tailwindcss.com/
https://cdn.tailwindcss.com/3.2.4

335 KB
102 KB

19ms
19ms

Script
text/javascript

2606:4700:20::681a:85b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tailwindcss.com/3.2.4

Requested by

Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/

Protocol

Server

2606:4700:20::681a:85b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a01735039e4a6522fc7dcf18ca47dcea2c2e4b50c07d8e898190eee8f3111056

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 22 Jan 2023 16:11:56 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 11 Nov 2022 17:46:48 GMT
x-vercel-id: syd1::iad1::k976q-1668188807415-4e95c057a5a8
server: cloudflare
age: 6214947
x-vercel-cache: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzjfikLYgT6d9%2B5HpcRnAAXvCh9Jl6uHi1on%2FLTh3byOoOWruDkomoqMtWz%2FcVWTuf1oRTXdJ%2FpEvJGn7eQr6EzxvnPEd%2BJurdlKIhMTO7%2BTLvi3WgG7uMzVPgCXGFzcASxyHd3O6tK0INhGobyR138%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=31536000
cf-ray: 78d9917f2fac14cc-NRT

Redirect headers

date: Sun, 22 Jan 2023 16:11:56 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-id: syd1::iad1::kb9vb-1674402844376-af42a45ae9d3
server: cloudflare
age: 535
x-vercel-cache: MISS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TreLESHLduRwDd7yAyjcEvuzyv52WbUQQqMPcshmm312BLDQ8I42NHxyASmfoR1%2FqI7aXeJzFw2aGLhcv%2FvCa5N2WN77cWY%2F4QzpDKdCPr3%2Fs1M7Sy1NVKMOlHMUInkUQYXuN8u%2BJU3A59fuHPXkmo%3D"}],"group":"cf-nel","max_age":604800}
location: /3.2.4
cache-control: max-age=14400
cf-ray: 78d9917f1fa614cc-NRT
content-length: 0

GET
H/1.1 200
OK landing.css
www.xn--mtamask-w7a.net/frontend/css/ 187 B
415 B 1150ms
1149ms Stylesheet
text/css 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--mtamask-w7a.net/frontend/css/landing.css
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 00154112f298859f35738eda48553ebd5e211042d5b9936540e7eaf59316dc4b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Jan 2023 22:18:58 GMT
Server: nginx/1.20.2
ETag: W/"bb-5f2a551b69880"
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
1 KB 83ms
41ms Stylesheet
text/css 2404:6800:4004:826::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:826::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 22 Jan 2023 16:11:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 22 Jan 2023 16:11:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 22 Jan 2023 16:11:56 GMT

GET
H2 200 aos.css
unpkg.com/aos@2.3.1/dist/ 25 KB
2 KB 18ms
10ms Stylesheet
text/css 2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.css

Requested by

Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 22 Jan 2023 16:11:56 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 18982844
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01F8BHFGY4MMWCR75NWR3PM3Q4
server: cloudflare
etag: W/"65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 78d9917f1ba7f651-NRT

GET
H/1.1 200
OK logo.svg
www.xn--mtamask-w7a.net/frontend/img/ 2 KB
1 KB 1671ms
1451ms Image
image/svg+xml 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/logo.svg
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 088d1bf639f9a9e3f2ca38cf1ea4c88002c79d6f3e4706868aa3d9f27208109f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Jan 2023 20:47:08 GMT
Server: nginx/1.20.2
ETag: W/"7c9-5f2a4094aab00"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Connection: keep-alive

GET
H/1.1 200
OK Buy-1.png
www.xn--mtamask-w7a.net/frontend/img/ 296 KB
296 KB 1148ms
868ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/Buy-1.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: ee3175ebfb18ad5f7abe30173303014887e4e3aa37e61784ee759d4f87ffccba

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:57 GMT
Last-Modified: Thu, 19 Jan 2023 21:04:44 GMT
Server: nginx/1.20.2
ETag: "49f66-5f2a4483bf300"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 302950

GET
H/1.1 200
OK Image-40.png
www.xn--mtamask-w7a.net/frontend/img/ 118 KB
118 KB 1091ms
601ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/Image-40.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: a2621ca4d53267f303d0e7e3c11017984604aaa05ad6def3ae03d25a22509d1c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:57 GMT
Last-Modified: Thu, 19 Jan 2023 23:02:16 GMT
Server: nginx/1.20.2
ETag: "1d7cf-5f2a5ec90ee00"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 120783

GET
H/1.1 200
OK bsdsdbr.png
www.xn--mtamask-w7a.net/frontend/img/ 294 KB
295 KB 604ms
597ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/bsdsdbr.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 2de667954077baa9198d04a65b4e2ef619b257c5cca65075023973983039b70b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:57 GMT
Last-Modified: Thu, 19 Jan 2023 23:11:46 GMT
Server: nginx/1.20.2
ETag: "499b5-5f2a60e8a7080"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 301493

GET
H/1.1 200
OK dfnfdnfdn.png
www.xn--mtamask-w7a.net/frontend/img/ 132 KB
133 KB 1151ms
594ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/dfnfdnfdn.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 1b063774a838d37921ec7c3874281f037a0e21e8aa91d2699f9b80526d016b62

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:57 GMT
Last-Modified: Thu, 19 Jan 2023 23:12:58 GMT
Server: nginx/1.20.2
ETag: "211be-5f2a612d51280"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 135614

GET
H/1.1 200
OK jhbj.png
www.xn--mtamask-w7a.net/frontend/img/ 9 KB
10 KB 1037ms
183ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/jhbj.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: bf6f50aaa628590350028d7b4375cbcfd0de2d08998f94338ce1f0fc6da36f7f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:58 GMT
Last-Modified: Fri, 20 Jan 2023 01:08:18 GMT
Server: nginx/1.20.2
ETag: "2522-5f2a7af4be480"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9506

GET
H/1.1 200
OK jfghgjf.png
www.xn--mtamask-w7a.net/frontend/img/ 13 KB
13 KB 236ms
236ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/jfghgjf.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 1767e570638bdc7c37ab8df3f380ddb049f98e25ae3427f9c40b07aab1eb13f6

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:58 GMT
Last-Modified: Fri, 20 Jan 2023 01:14:00 GMT
Server: nginx/1.20.2
ETag: "32d6-5f2a7c3ae6600"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13014

GET
H/1.1 200
OK jfghkfhg.png
www.xn--mtamask-w7a.net/frontend/img/ 205 KB
206 KB 370ms
359ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/jfghkfhg.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 437ddd0794d1c55da02301d7724ac5395ac316aa745e084ace428c4ca3dd3691

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:58 GMT
Last-Modified: Fri, 20 Jan 2023 01:18:32 GMT
Server: nginx/1.20.2
ETag: "3352c-5f2a7d3e4ca00"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 210220

GET
H/1.1 200
OK Frame-23-1-1.png
www.xn--mtamask-w7a.net/frontend/img/ 907 KB
907 KB 321ms
254ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/Frame-23-1-1.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 508a9793beea00075322211a1885ad29c8da612432dec41ee21d27d6cfa62af0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:58 GMT
Last-Modified: Fri, 20 Jan 2023 01:49:44 GMT
Server: nginx/1.20.2
ETag: "e2a49-5f2a843793e00"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 928329

GET
H/1.1 200
OK 30dollars-scaled.jpg
www.xn--mtamask-w7a.net/frontend/img/ 200 KB
200 KB 395ms
285ms Image
image/jpeg 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/30dollars-scaled.jpg
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: d311040c50173c498a09f4ce2113edf5b3f1188acf239f08b0e5ba37d3c0fc1d

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:59 GMT
Last-Modified: Fri, 20 Jan 2023 01:51:48 GMT
Server: nginx/1.20.2
ETag: "32051-5f2a84add5500"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 204881

GET
H/1.1 200
OK jghfjgh.png
www.xn--mtamask-w7a.net/frontend/img/ 461 KB
461 KB 372ms
372ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/jghfjgh.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 863959deb5d91a2dfaba99e5013422e9260c0714b890e4c7112d5660adefcaff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:59 GMT
Last-Modified: Fri, 20 Jan 2023 02:00:02 GMT
Server: nginx/1.20.2
ETag: "733f3-5f2a8684f2c80"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 472051

GET
H/1.1 200
OK hdbfhnbfdn.png
www.xn--mtamask-w7a.net/frontend/img/ 4 KB
4 KB 285ms
285ms Image
image/png 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--mtamask-w7a.net/frontend/img/hdbfhnbfdn.png
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 7e0ab929bb354d8ce5d79fc6bb4bdeceb9c1852ad9651dbb409718342514245d

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:59 GMT
Last-Modified: Fri, 20 Jan 2023 02:46:04 GMT
Server: nginx/1.20.2
ETag: "f6a-5f2a90ceff300"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3946

GET
H/1.1 200
OK jquery.min.js Show response
www.xn--mtamask-w7a.net/frontend/js/ 87 KB
31 KB 429ms
242ms Script
application/javascript 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--mtamask-w7a.net/frontend/js/jquery.min.js
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Jan 2023 20:55:52 GMT
Server: nginx/1.20.2
ETag: W/"15d9d-5f2b8465da600"
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 aos.js Show response
unpkg.com/aos@2.3.1/dist/ 14 KB
4 KB 12ms
10ms Script
application/javascript 2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.js

Requested by

Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 22 Jan 2023 16:11:56 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7851722
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01GG340S0TZ9YG7CK3A5HXM1FM-nrt
server: cloudflare
etag: W/"379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 78d9917fac0af651-NRT

GET
H/1.1 200
OK landing.js Show response
www.xn--mtamask-w7a.net/frontend/js/ 135 B
410 B 497ms
305ms Script
application/javascript 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--mtamask-w7a.net/frontend/js/landing.js
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 73705350cd36bc9563e77809e201f91d249ebc5a6d128177cfc4aaa25a915e3e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.xn--mtamask-w7a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:57 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Jan 2023 02:16:32 GMT
Server: nginx/1.20.2
ETag: W/"87-5f2bcc128c000"
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 44ms
2ms Font
font/woff2 2404:6800:4004:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:825::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.xn--mtamask-w7a.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 22:03:53 GMT
x-content-type-options: nosniff
age: 497284
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37924
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:03:53 GMT

GET
H/1.1 200
OK HMAlphaMono-Medium.otf
www.xn--mtamask-w7a.net/frontend/fonts/ 42 KB
42 KB 838ms
659ms Font
application/vnd.oasis.opendocument.formula-template 81.19.136.232
AS-ALVIVA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--mtamask-w7a.net/frontend/fonts/HMAlphaMono-Medium.otf
Requested by: Host: www.xn--mtamask-w7a.net
URL: https://www.xn--mtamask-w7a.net/frontend/css/landing.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.136.232 Nizhniy Novgorod, Russian Federation, ASN209272 (AS-ALVIVA, SC),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 272e189d3a286d88ab5fedcf1be3b597351a1a83ca4adec3b4d1833e75b917af

Request headers

Referer: https://www.xn--mtamask-w7a.net/frontend/css/landing.css
Origin: https://www.xn--mtamask-w7a.net
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Sun, 22 Jan 2023 16:11:58 GMT
Last-Modified: Thu, 19 Jan 2023 22:18:06 GMT
Server: nginx/1.20.2
ETag: "a608-5f2a54e9d2380"
Content-Type: application/vnd.oasis.opendocument.formula-template
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42504

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ledger (Crypto Exchange)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.tailwindcss.com
fonts.googleapis.com
fonts.gstatic.com
unpkg.com
www.xn--mtamask-w7a.net
2404:6800:4004:825::2003
2404:6800:4004:826::200a
2606:4700:20::681a:85b
2606:4700::6810:7daf
81.19.136.232
00154112f298859f35738eda48553ebd5e211042d5b9936540e7eaf59316dc4b
088d1bf639f9a9e3f2ca38cf1ea4c88002c79d6f3e4706868aa3d9f27208109f
1767e570638bdc7c37ab8df3f380ddb049f98e25ae3427f9c40b07aab1eb13f6
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
1b063774a838d37921ec7c3874281f037a0e21e8aa91d2699f9b80526d016b62
272e189d3a286d88ab5fedcf1be3b597351a1a83ca4adec3b4d1833e75b917af
2de667954077baa9198d04a65b4e2ef619b257c5cca65075023973983039b70b
437ddd0794d1c55da02301d7724ac5395ac316aa745e084ace428c4ca3dd3691
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4b787a724fdd9ed87c90e97a961e85d836682250d9574749008acaa659c738bf
508a9793beea00075322211a1885ad29c8da612432dec41ee21d27d6cfa62af0
73705350cd36bc9563e77809e201f91d249ebc5a6d128177cfc4aaa25a915e3e
7e0ab929bb354d8ce5d79fc6bb4bdeceb9c1852ad9651dbb409718342514245d
863959deb5d91a2dfaba99e5013422e9260c0714b890e4c7112d5660adefcaff
a01735039e4a6522fc7dcf18ca47dcea2c2e4b50c07d8e898190eee8f3111056
a2621ca4d53267f303d0e7e3c11017984604aaa05ad6def3ae03d25a22509d1c
b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf
bf6f50aaa628590350028d7b4375cbcfd0de2d08998f94338ce1f0fc6da36f7f
d311040c50173c498a09f4ce2113edf5b3f1188acf239f08b0e5ba37d3c0fc1d
ee3175ebfb18ad5f7abe30173303014887e4e3aa37e61784ee759d4f87ffccba
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.xn--mtamask-w7a.net Open in urlscan Pro Puny www.mētamask.net IDN 81.19.136.232 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

18 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

2869 kBTransfer

3242 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

www.xn--mtamask-w7a.net Open in urlscan Pro Puny
www.mētamask.net IDN
81.19.136.232 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

18 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

2869 kB
Transfer

3242 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!