# How does it work?

When you enter a Web3 site, Sentinel3 will analyze it in two different stages:

## Initial Analysis

When it detects the initial Web3 interaction, aka the wallet connection, it will perform a light and quick scan. Only some scam sites will be detected at this stage.

## Deep Analysis

When it detects a transaction or signature request, it will perform a deep scan. It will be very quick for most legitimate sites, but if we detect anything unusual, it will take only a couple of seconds.

## What happens after a Sentinel3 scan?

{% hint style="success" %}
**Legit Detection:**
{% endhint %}

If it doesn't detect anything malicious, your wallet will proceed with the intended action (connecting, transacting, or signing).

{% hint style="danger" %}
**Malicious Detection:**
{% endhint %}

If it detects something malicious, it will stop the transaction or signature request and display an [**alert**](https://docs.kerberus.com/kerberus/sentinel3/alert-types).