{"report_id":"0046df0e-dd36-46ae-8f90-bc5303e74968","version":6,"status":"done","tags":[],"date":"2026-01-31T17:39:16Z","url":{"schema":"http","addr":"phantom-wallett.blogspot.com.ar","fqdn":"phantom-wallett.blogspot.com.ar","domain":"blogspot.com.ar","tld":"com.ar"},"ip":{"addr":"172.217.19.225","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"title":"Phantom Wallet - A friendly Crypto Wallet","dom":{"size":16456,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (909)","md5":"00267489380c1abadfff5bbdb65d3c63","sha1":"8578151a8ddd81328685dd2c5ef19cd74080dc30","sha256":"4bbf09590bd6bafa6af28f605ecc253b4cbf3daecff798b4b28d412c8aad74b8","sha512":"457d715d9ce9342dc626ea018ba278ac10bddf24233e187fc523341e6d829f878d08584e8b290f515e7ca09175cae3d4e16582dff0d78873cba039996c21cd46","ssdeep":"384:wdriVd6trasVWWdAyEr29L2J8g8yF0h2OVKfWeRu1k:wdrIYrvkWdFEr29Lq87h2OAfWeRu1k","tlshash":"c3729527e3865a23053240dee57f93e54646c168d3528f94637ec2bebdcd8b03a652ce","dom_hash":"domhasha80991e4218613f48af6be7e23ae1161","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"phantom-wallett.blogspot.com.ar","fqdn":"phantom-wallett.blogspot.com.ar","domain":"blogspot.com.ar","tld":"com.ar"},"ip":{"addr":"172.217.19.225","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-07T17:39:16Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com.ar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"phantom-wallett.blogspot.com","ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2000-07-31","domain_rank":0,"first_seen":"2026-01-31T14:36:02.708575Z","last_seen":"2026-01-31T14:36:02.708575Z","alert_count":4,"request_count":2,"received_data":22490,"sent_data":946,"comment":"","tags":null,"fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-01-25T22:20:32.726712Z","alert_count":0,"request_count":1,"received_data":292730,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.linkpicture.com","ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"domain_registered":"2018-06-25","domain_rank":4298173,"first_seen":"2019-07-19T19:10:53Z","last_seen":"2026-01-28T00:09:19.83167Z","alert_count":0,"request_count":2,"received_data":152,"sent_data":916,"comment":"","tags":null,"fingerprints":null},{"fqdn":"phantom-wallett.blogspot.com.ar","ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-06-02","domain_rank":0,"first_seen":"2026-01-31T14:38:36.665402Z","last_seen":"2026-01-31T14:38:36.665402Z","alert_count":1,"request_count":1,"received_data":15290,"sent_data":500,"comment":"","tags":null,"fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/sandbox%20eval%20code","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"fb7b02810dd3503bb4164e8559163abf","sha1":"e954bbc7c22a158eeb616b5bad5b9b6550615ce5","sha256":"17f2c07b760e06b34d4345fed029005db74b70365728bac2e433683871dfc0c9","sha512":"41bf3817e2f72e47780ed96ea7fce48517675a2ca1fda57260200060dd8f5463f554304fd5227bdc88d047da1b31fe9e1970a8a18bfb0bf35eb4b34649ca87d3","ssdeep":"","tlshash":"64c09b88215a4c7195fb3741cb7ff604b442321495e9db31495d73455d30e1bd754855","size":155,"data":"","first_seen":"2026-01-31T14:36:07.359644Z","last_seen":"2026-04-13T05:33:25.909993Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"38ee2f6ddbe8a478e5795030e72ba35d","sha1":"d332319b04b273e3b9a93ffa22ba9036d59b8e99","sha256":"97d98978d5864e77cd83bd79a0d31ced40631a6134a154e8f049bcc20f49a319","sha512":"15610a3ce0ff69817776e355c350aebc006a7744a941c1258fe16a2e73445d964fd94885bd4b50bb2e9ea773a5f95bf1aa124fd90a3252ab2769d2870e5fbb95","ssdeep":"","tlshash":"20d02ef7f4d5ac218809a3200865e9083032e6feb3a08de094c0063a488a8ba9306fa0","size":275,"data":"","first_seen":"2023-03-07T01:02:24Z","last_seen":"2026-06-07T08:09:46.269043Z","times_seen":108164,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/js/cookienotice.js","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a705132a2174f88e196ec3610d68faa8","sha1":"3bad57a48d973a678fec600d45933010f6edc659","sha256":"068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568","sha512":"e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5","ssdeep":"96:q54UPzHFcJZ7haKemb/m2GzrzCXAl/MStzo41Pm+YsttcVcbYhyjcso13EZDjiat:q5rPzHgxm2GzaXeMnuzYstyryPhZD9","tlshash":"4fd1630938a7127d125fa03fb6bf515ab66410238101db08786dfa785fd5f42a8e4ffa","size":6513,"data":"","first_seen":"2023-03-07T01:02:24Z","last_seen":"2026-06-08T21:13:36.720847Z","times_seen":121520,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7422fcfc6a91ec3c8bcf0fdc5f3215ad","sha1":"dd1a7f71b5367fb9d13a3ae6798c7fd0a4c37ef2","sha256":"620719ac57a503dc90e978186aaa9c5540094089b2dca79327b6833d58e011c7","sha512":"155620083064aaa723034d0433f8404d1169bdba5d602f8c820e8f9f4f018ae3ae3f0c08bacc5d0a7809cc583c290386efa94f114f88fdf38e8a2024383e9a7f","ssdeep":"","tlshash":"4f016d137508e31431a714347b8baa18fd2ac2561c95453f391cf9324f57a63ced6ae3","size":776,"data":"","first_seen":"2023-04-06T23:48:51Z","last_seen":"2026-06-06T23:36:19.547992Z","times_seen":4730,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-222882761-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1362f50e4fcf38d6088897d5d5c06d37","sha1":"2c91a8c33647b16f8db2a0aa0f58a742e47d0103","sha256":"fcae48aaa9036e69a7ec37eed1a771b854df4404c0f220cc7f7a139ff80245a1","sha512":"1cd6d261aa02abad846fee510e6e841db05ba397a18d0d34e5ae478377ebfe8126ef1a5d418dec8de160216447b8b8762774b6b637cb74a8f6587cc205e7b83a","ssdeep":"6144:ua2dvz5H/aoCsxcV/Gu+rP+Q8g7lTpiRpy83wNG92:NUvF/aoCsxi/Gu+6Q8V3wNu2","tlshash":"1c5419cdb7da742683a36478503f114bb23b7992f84cc894e186d8d42e74aa94237f7d","size":292080,"data":"","first_seen":"2026-01-31T17:39:16.657404Z","last_seen":"2026-01-31T17:43:38.705105Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-31T17:38:54.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.blogspot.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:36 GMT","end":"Mon, 06 Apr 2026 08:37:35 GMT"},"fingerprint":{"sha1":"61:53:1C:4B:7E:8A:40:10:F4:FA:0B:06:90:62:CE:AA:D3:BA:10:64","sha256":"81:80:1B:51:F3:1D:B3:D9:F6:34:B1:B2:90:F0:BE:6A:20:EB:46:89:79:3C:3E:04:A9:76:73:4E:32:84:C0:26"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phantom-wallett.blogspot.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Sat, 31 Jan 2026 17:38:54 GMT\r\ndate: Sat, 31 Jan 2026 17:38:54 GMT\r\ncache-control: private, max-age=0\r\nlast-modified: Sat, 31 Aug 2024 08:20:59 GMT\r\netag: W/\"388aa32d92792d99535e92eb282787933fa5ac6cefea1437294b0667eb0e3a54\"\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 4699\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":14790,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (601)","md5":"ca6226ac12055fda7f21a0edc23ad513","sha1":"fcd1a30d85fa60fcc83b0d79a73937425bfd37d9","sha256":"a4641439033a7e222d92fb8c4e1af0ea8b2cbd36da30caadbf5a4d1e0037b92e","sha512":"a3d382624465caf1831b9baa5a2f68ee00c45fc4ebf07bda8903c968f3acc163ed575447be1e857f3ab1a8c6e9905903a8101d940770b867ea800eac836f1f99","ssdeep":"384:kEp3Vd6trasVWWdAyEr29L2Jrg8jF0h2OVKfWeuuq:kEpFYrvkWdFEr29LN8Kh2OAfWeuuq","tlshash":"41625327e7875a12053240cee63fa3e54652c198e3128fa4637ec2be7dcd5b07a651ce","first_seen":"2026-01-31T14:36:07.348283Z","last_seen":"2026-04-13T05:33:25.907493Z","times_seen":24,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":50,"dns":1,"connect":8,"send":0,"wait":122,"receive":7,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-222882761-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantom-wallett.blogspot.com/","date":"2026-01-31T17:38:55.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:36:37 GMT","end":"Mon, 06 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"D1:4E:DB:C9:1C:90:74:26:D2:F3:40:74:02:DB:66:36:23:CB:45:12","sha256":"08:51:D4:42:81:8D:57:AC:83:18:86:85:25:AD:F1:2F:82:17:60:A4:FA:C6:D4:09:86:34:D3:30:65:78:09:B2"}}},"request":{"raw":"GET /gtag/js?id=UA-222882761-3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallett.blogspot.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 31 Jan 2026 17:38:55 GMT\r\nexpires: Sat, 31 Jan 2026 17:38:55 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 31 Jan 2026 15:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 103982\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":292080,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4110)","md5":"1362f50e4fcf38d6088897d5d5c06d37","sha1":"2c91a8c33647b16f8db2a0aa0f58a742e47d0103","sha256":"fcae48aaa9036e69a7ec37eed1a771b854df4404c0f220cc7f7a139ff80245a1","sha512":"1cd6d261aa02abad846fee510e6e841db05ba397a18d0d34e5ae478377ebfe8126ef1a5d418dec8de160216447b8b8762774b6b637cb74a8f6587cc205e7b83a","ssdeep":"6144:ua2dvz5H/aoCsxcV/Gu+rP+Q8g7lTpiRpy83wNG92:NUvF/aoCsxi/Gu+6Q8V3wNu2","tlshash":"1c5419cdb7da742683a36478503f114bb23b7992f84cc894e186d8d42e74aa94237f7d","first_seen":"2026-01-31T17:39:16.657404Z","last_seen":"2026-01-31T17:43:38.705105Z","times_seen":2,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":72,"dns":1,"connect":21,"send":0,"wait":42,"receive":50,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com/js/cookienotice.js","fqdn":"phantom-wallett.blogspot.com","domain":"phantom-wallett.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantom-wallett.blogspot.com/","date":"2026-01-31T17:38:55.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.blogspot.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:36 GMT","end":"Mon, 06 Apr 2026 08:37:35 GMT"},"fingerprint":{"sha1":"61:53:1C:4B:7E:8A:40:10:F4:FA:0B:06:90:62:CE:AA:D3:BA:10:64","sha256":"81:80:1B:51:F3:1D:B3:D9:F6:34:B1:B2:90:F0:BE:6A:20:EB:46:89:79:3C:3E:04:A9:76:73:4E:32:84:C0:26"}}},"request":{"raw":"GET /js/cookienotice.js HTTP/1.1\r\nHost: phantom-wallett.blogspot.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallett.blogspot.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"blogger-tech\"\r\nreport-to: {\"group\":\"blogger-tech\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/blogger-tech\"}]}\r\ncontent-length: 2026\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 30 Jan 2026 16:13:11 GMT\r\nexpires: Fri, 06 Feb 2026 16:13:11 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Fri, 30 Jan 2026 08:50:56 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nage: 91544\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6513,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"a705132a2174f88e196ec3610d68faa8","sha1":"3bad57a48d973a678fec600d45933010f6edc659","sha256":"068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568","sha512":"e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5","ssdeep":"96:q54UPzHFcJZ7haKemb/m2GzrzCXAl/MStzo41Pm+YsttcVcbYhyjcso13EZDjiat:q5rPzHgxm2GzaXeMnuzYstyryPhZD9","tlshash":"4fd1630938a7127d125fa03fb6bf515ab66410238101db08786dfa785fd5f42a8e4ffa","first_seen":"2023-03-07T01:02:24Z","last_seen":"2026-06-08T21:13:36.720847Z","times_seen":121520,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.linkpicture.com/q/phan2-bg.png","fqdn":"www.linkpicture.com","domain":"linkpicture.com","tld":"com"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom-wallett.blogspot.com/","date":"2026-01-31T17:38:55.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"it-5858.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 03 Jan 2026 21:16:18 GMT","end":"Fri, 03 Apr 2026 21:16:17 GMT"},"fingerprint":{"sha1":"71:3D:2F:E5:1B:05:7D:69:2B:0B:A1:6B:B1:A5:73:C1:6D:72:BF:E0","sha256":"2F:B9:D4:C3:1D:9D:3C:FB:C1:46:68:FE:F8:45:37:61:CE:4D:60:83:A1:27:64:C4:45:CF:63:7B:87:92:7F:6C"}}},"request":{"raw":"GET /q/phan2-bg.png HTTP/1.1\r\nHost: www.linkpicture.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallett.blogspot.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 403 Forbidden\r\ncache-control: no-cache\r\ncontent-type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":861,"timings":{"blocked":342,"dns":1,"connect":157,"send":0,"wait":175,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.linkpicture.com/q/phantom-logo.png","fqdn":"www.linkpicture.com","domain":"linkpicture.com","tld":"com"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom-wallett.blogspot.com/","date":"2026-01-31T17:38:55.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"it-5858.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 03 Jan 2026 21:16:18 GMT","end":"Fri, 03 Apr 2026 21:16:17 GMT"},"fingerprint":{"sha1":"71:3D:2F:E5:1B:05:7D:69:2B:0B:A1:6B:B1:A5:73:C1:6D:72:BF:E0","sha256":"2F:B9:D4:C3:1D:9D:3C:FB:C1:46:68:FE:F8:45:37:61:CE:4D:60:83:A1:27:64:C4:45:CF:63:7B:87:92:7F:6C"}}},"request":{"raw":"GET /q/phantom-logo.png HTTP/1.1\r\nHost: www.linkpicture.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallett.blogspot.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 403 Forbidden\r\ncache-control: no-cache\r\ncontent-type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":519,"timings":{"blocked":0,"dns":1,"connect":167,"send":0,"wait":169,"receive":0,"ssl":181},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallett.blogspot.com.ar/","fqdn":"phantom-wallett.blogspot.com.ar","domain":"blogspot.com.ar","tld":"com.ar"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-31T17:38:54.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.blogspot.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:36 GMT","end":"Mon, 06 Apr 2026 08:37:35 GMT"},"fingerprint":{"sha1":"61:53:1C:4B:7E:8A:40:10:F4:FA:0B:06:90:62:CE:AA:D3:BA:10:64","sha256":"81:80:1B:51:F3:1D:B3:D9:F6:34:B1:B2:90:F0:BE:6A:20:EB:46:89:79:3C:3E:04:A9:76:73:4E:32:84:C0:26"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phantom-wallett.blogspot.com.ar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlocation: https://phantom-wallett.blogspot.com/\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\ndate: Sat, 31 Jan 2026 17:38:54 GMT\r\nexpires: Sat, 31 Jan 2026 17:38:54 GMT\r\ncache-control: private, max-age=0\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-security-policy: frame-ancestors 'self'\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 201\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":14790,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":73,"dns":14,"connect":8,"send":0,"wait":117,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"phantom-wallett.blogspot.com.ar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}