{"report_id":"61737ceb-b5ac-4e9e-85f6-6896173d2e0d","version":6,"status":"done","tags":[],"date":"2026-02-03T20:17:24Z","url":{"schema":"https","addr":"phantom.mehdihamid.sbs/","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":0,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"title":"فودلانژ | Foodlounge","dom":{"size":10337,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"94b0b570d81cf27f77f32e03ac152af5","sha1":"0df074dcdd1a44a12dcac47c4daefde9d84beebc","sha256":"002723eeb015e4f8b7930c7c090a5952808fe0b319b511214149840a87beedf7","sha512":"bd889a4b6c487812a1c746c55c45c692bd8ff1ceb22c4c675173ef551ac6766de8d38fac3b7dde19eaf443867b350009fc6d83573d06357e7a510243e199b048","ssdeep":"96:n+/d9i7+HNp2RziRziRziRziRziRziRzc5WuDoHXYkr+uDoHXYkr+uDoHXYkr+ud:+/U08uDqjr+uDqjr+uDqjr+uDqjrk","tlshash":"b822e07411f241bb4097c1e379a2ae2badd0de83c15bd148b1ee07a05fdbc43ae53668","dom_hash":"domhash6e1acbcfe0d843b34d43fc39e3096ec5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":0,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-10T20:17:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"phantom.mehdihamid.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"phantom.mehdihamid.sbs","ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":6,"received_data":389117,"sent_data":2774,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-02-01T22:32:08.727296Z","alert_count":0,"request_count":1,"received_data":15182,"sent_data":461,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-01T22:14:44.580478Z","alert_count":0,"request_count":3,"received_data":91220,"sent_data":1637,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-01T22:17:46.954894Z","alert_count":0,"request_count":1,"received_data":24083,"sent_data":611,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/assets/js/app.js","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"2beacb51e4721fa9ed35341886172ece","sha1":"d277f3f3e5d38f6ded55d3c492d1461a259db710","sha256":"6ddec222404af39b43987c9ff33606bc092b9d15269cb02cc974c42119642cec","sha512":"fbeda1eb2ebf056fadeb31efca138c628b59311f17f1e2693e19c1ebbd1675e4488d1c159c5534840a61acda7cfed4f87fc4b62bd0f40c7efb8f143d37948eed","ssdeep":"","tlshash":"58e0c2543342802d88b35aa120be9a88f63d1d8384804588372cca41df274ca29a3add","size":298,"data":"","first_seen":"2026-02-03T20:17:29.062158Z","last_seen":"2026-02-03T20:17:29.062158Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-03T20:17:03.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom.mehdihamid.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 10:14:36 GMT","end":"Fri, 20 Mar 2026 10:14:35 GMT"},"fingerprint":{"sha1":"87:DB:16:A6:33:E7:BF:D2:85:6C:A5:74:48:F6:5F:29:CF:7A:84:72","sha256":"A3:E1:D9:8E:80:57:F1:C2:BB:04:00:2B:01:77:37:55:8E:BB:E6:EA:24:6C:A5:79:82:14:91:CC:2A:18:22:00"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phantom.mehdihamid.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Feb 2026 20:17:03 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 23 Dec 2025 13:09:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694a9498-2adf\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10975,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"b7c58fdf20ed93efef561aea75a8ffb3","sha1":"a5a23f007d25f7844ff28e906d567e602824ede6","sha256":"1622a328268cae376000d7ab361e3b6b0626ee099508b7a6a420caef35e4fe83","sha512":"470f0754d1f796f9813d00414224dde735fa882c2798adbc6bacb99f0f67d0c34f8a46b28f569af5ebc1769c122b8ac169ec766561fb36e1444cc9069a938963","ssdeep":"96:QDdz0+rSEZ3zi3zi3zi3zi3zi3zi3zrcCuDdH320uDdH320uDdH320uDdH32J:QDKKRuD40uD40uD40uD4J","tlshash":"4632dd7511d2457b40b3c1a3a8a16f6afed4ca83c24bd148b1ed13a36ff7c02ad57668","first_seen":"2026-02-03T20:17:29.04501Z","last_seen":"2026-02-03T20:17:29.04501Z","times_seen":1,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":109,"dns":70,"connect":18,"send":0,"wait":29,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"phantom.mehdihamid.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/assets/css/app.css","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom.mehdihamid.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 10:14:36 GMT","end":"Fri, 20 Mar 2026 10:14:35 GMT"},"fingerprint":{"sha1":"87:DB:16:A6:33:E7:BF:D2:85:6C:A5:74:48:F6:5F:29:CF:7A:84:72","sha256":"A3:E1:D9:8E:80:57:F1:C2:BB:04:00:2B:01:77:37:55:8E:BB:E6:EA:24:6C:A5:79:82:14:91:CC:2A:18:22:00"}}},"request":{"raw":"GET /assets/css/app.css HTTP/1.1\r\nHost: phantom.mehdihamid.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom.mehdihamid.sbs/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Feb 2026 20:17:03 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 23 Dec 2025 13:09:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694a9493-2b09\"\r\nexpires: Wed, 04 Feb 2026 08:17:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11017,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (330)","md5":"6c02db3caeac6431c39466b5aeaef5d2","sha1":"2902dba3c5164e25a85d78581d701ca58d9441ea","sha256":"821820be2a4e6db3104f1d0fd28f01d1ca26be63bf644800f5d06407536d58a3","sha512":"9ee2c719d81d5d4fb7324887d9deb97cecad41761a9164e667e4df2589d899659e0118b70bf09d28879963aca793ada997ac4cf0892d211f64a2acfc875e0659","ssdeep":"192:iIZNFTgRZdhtE7mEtLTeyL3sSOpFpBMOtXibaDZMoAe1eGt1MFssc8gXVV:iIZNlgRZtg9tLnsSOfpBVFt3j","tlshash":"cf32442eb17291a47c336b3a33cea5487328d047da1add99fac15220cfc53b56ec1719","first_seen":"2026-02-03T20:17:29.048227Z","last_seen":"2026-02-03T20:17:29.048227Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"phantom.mehdihamid.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/swiper@12/swiper-bundle.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/swiper@12/swiper-bundle.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom.mehdihamid.sbs/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 12.1.0\r\nx-jsd-version-type: version\r\netag: W/\"3857-tmRR9Y+8uI7fxwMjLIlpGywv8cg\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Tue, 03 Feb 2026 20:17:03 GMT\r\nage: 13986\r\nx-served-by: cache-fra-eddf8230120-FRA, cache-hel1410032-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 3018\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14423,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (14166)","md5":"9194874c0474b7f8f4606cc22968332a","sha1":"b66451f58fbcb88edfc703232c89691b2c2ff1c8","sha256":"f7f5e7fe48f38e4e61a34cba704d54c5eec80bdc3458e3e4af50989d0fe764be","sha512":"951e687d66afc3828174078e9036dcec4fff3cbf9107a4179913617d8251dd4172fc29fdfbef4ddb4cbfbfde9e681782b472fdf7304c4f336c57b16df7bc421b","ssdeep":"192:V7nJI8pXuCzSOepi5TJDdG2YaHXGT+2JOzEf77LODKtVTYDSeSBeZJMPPIx:VzJFpXr4pETJDk2YsXc8YT7uRvTx","tlshash":"bd5253945310282b96335f3a67a0cbbce17858814f939ae990c0ed58d3fadf9076f395","first_seen":"2026-01-28T21:43:52.637403Z","last_seen":"2026-06-08T00:04:53.300472Z","times_seen":248,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":30,"dns":0,"connect":13,"send":0,"wait":14,"receive":1,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/assets/icons/logo.svg","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom.mehdihamid.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 10:14:36 GMT","end":"Fri, 20 Mar 2026 10:14:35 GMT"},"fingerprint":{"sha1":"87:DB:16:A6:33:E7:BF:D2:85:6C:A5:74:48:F6:5F:29:CF:7A:84:72","sha256":"A3:E1:D9:8E:80:57:F1:C2:BB:04:00:2B:01:77:37:55:8E:BB:E6:EA:24:6C:A5:79:82:14:91:CC:2A:18:22:00"}}},"request":{"raw":"GET /assets/icons/logo.svg HTTP/1.1\r\nHost: phantom.mehdihamid.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom.mehdihamid.sbs/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Feb 2026 20:17:03 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 23 Dec 2025 13:09:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694a9494-21d8\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8664,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"12608b1746c67dfd6cafa6eb2f32fdad","sha1":"86d30387fcab2240201016649c30b2af1481d8e3","sha256":"a606fe9529c3493f7a276b8fa223af394af1b35e117706f3e7bb97195907ce98","sha512":"df2aa83c99856bb581f832a8856b7d8ac19ce21b32d1de82eb852a7c96e2cf56dcf83f08526a729ffbb0c6137f30ba8e402463f2215cadd15af1d74c2510bbca","ssdeep":"192:7lYqnFlC4PZI1sA28ifWQZCyOorl76wg8VIDezK:5fC4BI1G8ifWQZCylTgnD/","tlshash":"4802c7fe63bcf8f4e080d9f9de978475b50b04e26b95d9a1c2b98f17b91188c4d218c6","first_seen":"2026-02-03T20:17:29.056611Z","last_seen":"2026-02-03T20:17:29.056611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"phantom.mehdihamid.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/assets/images/Big-cheese-burger.png","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom.mehdihamid.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 10:14:36 GMT","end":"Fri, 20 Mar 2026 10:14:35 GMT"},"fingerprint":{"sha1":"87:DB:16:A6:33:E7:BF:D2:85:6C:A5:74:48:F6:5F:29:CF:7A:84:72","sha256":"A3:E1:D9:8E:80:57:F1:C2:BB:04:00:2B:01:77:37:55:8E:BB:E6:EA:24:6C:A5:79:82:14:91:CC:2A:18:22:00"}}},"request":{"raw":"GET /assets/images/Big-cheese-burger.png HTTP/1.1\r\nHost: phantom.mehdihamid.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom.mehdihamid.sbs/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Feb 2026 20:17:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 23 Dec 2025 13:09:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694a9498-549eb\"\r\nexpires: Thu, 05 Mar 2026 20:17:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":346603,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 778 x 512, 8-bit/color RGBA, non-interlaced","md5":"5b0359d8f9c9750d5dbab500c820bb8e","sha1":"0a9c58c7c356d0f450add5c7a1809ef288b91e23","sha256":"6f94b036263adea797a1f3f2a71d113252913a2512358486b2b5d757da99a357","sha512":"b0b4afaec7ae190b11df1d60c4816b97db01f2b81fe30b9b411e541a3468bd4c97ffba5450fc56cc0fd2ba7820f07f5d55e69f5ba58847c3db53da1da4415e97","ssdeep":"6144:be+B/0dHtEWd3mCdP/55BuE0Bv5P4l+TnLK4Mtgta5mB5eq/ZzRPk:beS/YUWuv4gtHB5eq/ZzRPk","tlshash":"60742339cf0aada3f916056817ad71bda354893508b6cd41844bbe2504ef9d0f93f7e2","first_seen":"2026-02-03T20:17:29.058518Z","last_seen":"2026-02-03T20:17:29.058518Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"phantom.mehdihamid.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/vazirmatn/v16/Dxxo8j6PP2D_kU2muijlHcWW.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:55 GMT","end":"Mon, 06 Apr 2026 08:37:54 GMT"},"fingerprint":{"sha1":"C9:11:F3:8A:1F:95:BA:78:F0:71:09:AC:AA:E5:AC:D1:ED:83:E4:04","sha256":"61:45:36:53:9C:8E:E6:E3:72:93:D5:B6:2E:25:31:08:2F:70:5B:C8:FA:43:EA:70:B8:CE:11:BF:74:C7:92:98"}}},"request":{"raw":"GET /s/vazirmatn/v16/Dxxo8j6PP2D_kU2muijlHcWW.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://phantom.mehdihamid.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34524\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 30 Jan 2026 13:06:23 GMT\r\nexpires: Sat, 30 Jan 2027 13:06:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 371441\r\nlast-modified: Tue, 09 Sep 2025 19:03:22 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34524,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34524, version 1.0","md5":"e7eada615dc365ff51b1df9097b4cca7","sha1":"ee0a5328e85617615ea3ee67cd75fc418148e92b","sha256":"d29c041cd4294af893cf3c01dfab6d47202c667ab55d702f68782599918c651d","sha512":"735e252a4a187962e167fa339fd10ba88436dac938deacb05ad0f744186155883f3f43ab3f7136abcea961820ab589bcc046d6e2fcbe7b5d42044b52bb080977","ssdeep":"768:rgu26rBAmMdY3UM6LIzDMG90sRCPRQE9df8jI8h8SsJEA:rgawYYIzDIjZN8jhOSGEA","tlshash":"e4f2e16f2d16007bae2e79da54f84d2f941a4b97fc1169f3208660d09df3b89b143b46","first_seen":"2025-04-30T10:35:30.738498Z","last_seen":"2026-06-06T12:37:36.103167Z","times_seen":251,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":62,"dns":0,"connect":7,"send":0,"wait":11,"receive":10,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:55 GMT","end":"Mon, 06 Apr 2026 08:37:54 GMT"},"fingerprint":{"sha1":"C9:11:F3:8A:1F:95:BA:78:F0:71:09:AC:AA:E5:AC:D1:ED:83:E4:04","sha256":"61:45:36:53:9C:8E:E6:E3:72:93:D5:B6:2E:25:31:08:2F:70:5B:C8:FA:43:EA:70:B8:CE:11:BF:74:C7:92:98"}}},"request":{"raw":"GET /s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://phantom.mehdihamid.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7884\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 30 Jan 2026 13:05:33 GMT\r\nexpires: Sat, 30 Jan 2027 13:05:33 GMT\r\ncache-control: public, max-age=31536000\r\nage: 371491\r\nlast-modified: Mon, 15 Sep 2025 16:34:42 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7884,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7884, version 1.0","md5":"9212f6f9860f9fc6c69b02fedf6db8c3","sha1":"ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b","sha256":"7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f","sha512":"67317495f4b53e20a9f31c034e456e6c37f387dffb2c092caa5159bc441cfcadd02749ffe5bbed1d580d5300a59e48a767ef2c6d9978b474f84c1a2cd095c126","ssdeep":"192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI","tlshash":"c3f1ae4eb3f2cd1be40982e53a0fc90b1c578272681fd772d067a22517893bc8db2c81","first_seen":"2023-04-05T15:35:34Z","last_seen":"2026-06-08T19:35:44.948537Z","times_seen":353415,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":63,"dns":1,"connect":20,"send":0,"wait":9,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/assets/js/app.js","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom.mehdihamid.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 10:14:36 GMT","end":"Fri, 20 Mar 2026 10:14:35 GMT"},"fingerprint":{"sha1":"87:DB:16:A6:33:E7:BF:D2:85:6C:A5:74:48:F6:5F:29:CF:7A:84:72","sha256":"A3:E1:D9:8E:80:57:F1:C2:BB:04:00:2B:01:77:37:55:8E:BB:E6:EA:24:6C:A5:79:82:14:91:CC:2A:18:22:00"}}},"request":{"raw":"GET /assets/js/app.js HTTP/1.1\r\nHost: phantom.mehdihamid.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom.mehdihamid.sbs/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Feb 2026 20:17:03 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 298\r\nlast-modified: Tue, 23 Dec 2025 13:09:44 GMT\r\netag: \"694a9498-12a\"\r\nexpires: Wed, 04 Feb 2026 08:17:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":298,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"2beacb51e4721fa9ed35341886172ece","sha1":"d277f3f3e5d38f6ded55d3c492d1461a259db710","sha256":"6ddec222404af39b43987c9ff33606bc092b9d15269cb02cc974c42119642cec","sha512":"fbeda1eb2ebf056fadeb31efca138c628b59311f17f1e2693e19c1ebbd1675e4488d1c159c5534840a61acda7cfed4f87fc4b62bd0f40c7efb8f143d37948eed","ssdeep":"","tlshash":"58e0c2543342802d88b35aa120be9a88f63d1d8384804588372cca41df274ca29a3add","first_seen":"2026-02-03T20:17:29.062158Z","last_seen":"2026-02-03T20:17:29.062158Z","times_seen":1,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"phantom.mehdihamid.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026family=Vazirmatn:wght@100..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:56 GMT","end":"Mon, 06 Apr 2026 08:37:55 GMT"},"fingerprint":{"sha1":"DE:3B:B4:94:98:33:3A:CB:2A:A9:96:A1:CB:19:8C:84:B5:8D:23:E9","sha256":"D0:A1:5A:83:80:77:19:74:AA:CB:27:69:4A:C7:2C:F0:DA:06:9C:79:1E:07:77:9A:4D:7B:5D:AA:A2:D2:D4:E9"}}},"request":{"raw":"GET /css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026family=Vazirmatn:wght@100..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom.mehdihamid.sbs/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 03 Feb 2026 20:17:03 GMT\r\ndate: Tue, 03 Feb 2026 20:17:03 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23397,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (649)","md5":"8a1a8062b9254aa30264a176146c7dd5","sha1":"d2336bf604013bfbc3c6cc1f5c8caedff2824d09","sha256":"fd34c2775c9e7515feb5c03586c403e396dff9943efafba119531784f756a640","sha512":"6474ea0a661926cbe4651082af9015ded0b98e8e75f85ce8d5e9a72344f49f63924b1347c9a2a50549c42dadfa8fe8aebbfb5fac9af6ee12708616fbe11b493b","ssdeep":"384:H3w3s3VR9xqWSUq+DnLami0A0BNBOi/mkdlP:XEA3mkTP","tlshash":"08b288d1087ba114ab871cc123cf6d37ee0ea254b850d978abfd0cd8adabc65536172d","first_seen":"2025-12-10T08:37:00.567019Z","last_seen":"2026-02-03T20:17:29.063591Z","times_seen":2,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":98,"dns":0,"connect":21,"send":0,"wait":37,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/vazirmatn/v16/Dxxo8j6PP2D_kU2muijlGMWWMmk.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:03.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:55 GMT","end":"Mon, 06 Apr 2026 08:37:54 GMT"},"fingerprint":{"sha1":"C9:11:F3:8A:1F:95:BA:78:F0:71:09:AC:AA:E5:AC:D1:ED:83:E4:04","sha256":"61:45:36:53:9C:8E:E6:E3:72:93:D5:B6:2E:25:31:08:2F:70:5B:C8:FA:43:EA:70:B8:CE:11:BF:74:C7:92:98"}}},"request":{"raw":"GET /s/vazirmatn/v16/Dxxo8j6PP2D_kU2muijlGMWWMmk.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://phantom.mehdihamid.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 46308\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 30 Jan 2026 13:06:23 GMT\r\nexpires: Sat, 30 Jan 2027 13:06:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 371441\r\nlast-modified: Tue, 09 Sep 2025 19:01:01 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":46308,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 46308, version 1.0","md5":"05d9ce2a23d36fa14185b5343d3b43af","sha1":"55397bc2e59d1bf652fd82609872ac3acecb7618","sha256":"84a382e46c30fb4f73d0e3800c16d0af15888e2731e57fa5f93e2c29a2c6a957","sha512":"7145beb46ee33f167d4633824028836c4c8f8a1a0b268960137debf473f7a03e0a3745a2215f7429fc850dbd2da65f4216fab4e5e91bf82529777cc43e130261","ssdeep":"768:+xP9ddhqCr5Yh7mOH/z7/F2HWFJhPVnLlyHla5eSI/lkgMOAb7nQlhg6:+x1U0cmiL7F22FdLSSzL7nQTt","tlshash":"ae23018c7e4ba490d59580fa53b38cbc4d13704facacf8845ebb99a0ed5b1c16c8ca35","first_seen":"2025-09-24T08:15:23.718949Z","last_seen":"2026-06-06T12:37:36.111136Z","times_seen":120,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":60,"dns":1,"connect":20,"send":0,"wait":18,"receive":3,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom.mehdihamid.sbs/assets/icons/logo.svg","fqdn":"phantom.mehdihamid.sbs","domain":"mehdihamid.sbs","tld":"sbs"},"ip":{"addr":"141.11.45.247","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom.mehdihamid.sbs/","date":"2026-02-03T20:17:04.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom.mehdihamid.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 10:14:36 GMT","end":"Fri, 20 Mar 2026 10:14:35 GMT"},"fingerprint":{"sha1":"87:DB:16:A6:33:E7:BF:D2:85:6C:A5:74:48:F6:5F:29:CF:7A:84:72","sha256":"A3:E1:D9:8E:80:57:F1:C2:BB:04:00:2B:01:77:37:55:8E:BB:E6:EA:24:6C:A5:79:82:14:91:CC:2A:18:22:00"}}},"request":{"raw":"GET /assets/icons/logo.svg HTTP/1.1\r\nHost: phantom.mehdihamid.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom.mehdihamid.sbs/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Feb 2026 20:17:04 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 23 Dec 2025 13:09:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694a9494-21d8\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8664,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"12608b1746c67dfd6cafa6eb2f32fdad","sha1":"86d30387fcab2240201016649c30b2af1481d8e3","sha256":"a606fe9529c3493f7a276b8fa223af394af1b35e117706f3e7bb97195907ce98","sha512":"df2aa83c99856bb581f832a8856b7d8ac19ce21b32d1de82eb852a7c96e2cf56dcf83f08526a729ffbb0c6137f30ba8e402463f2215cadd15af1d74c2510bbca","ssdeep":"192:7lYqnFlC4PZI1sA28ifWQZCyOorl76wg8VIDezK:5fC4BI1G8ifWQZCylTgnD/","tlshash":"4802c7fe63bcf8f4e080d9f9de978475b50b04e26b95d9a1c2b98f17b91188c4d218c6","first_seen":"2026-02-03T20:17:29.056611Z","last_seen":"2026-02-03T20:17:29.056611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"phantom.mehdihamid.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}