{"report_id":"89a41251-f468-4ce3-9cc4-1a4ef4972ec4","version":6,"status":"done","tags":[],"date":"2026-04-27T07:37:32Z","url":{"schema":"https","addr":"xn--phntom-qta.app/","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"xn--phntom-qta.app/","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"title":"Phantom — Crypto \u0026 NFT Wallet — Solana | Download Extension | Login","dom":{"size":41386,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7271)","md5":"596333bf3bb4b821eeded73d92ee6c31","sha1":"fac6c04727fb2d681b63b95ad90ca4433ce70f35","sha256":"941fc3920f0814087b9e26673cf2578cf73d527e73c6a8174711732153fdc33a","sha512":"56ee08f869d792416e236cd6fbc0dc83e348cb845880e8b9f9f3831ba16cf39868d6deb991905d99a3a411b512efbc4fd3316db75c2f7ef3413da12f55e870ba","ssdeep":"384:ku11be1ZO01yj1u1ic18+/bZ9YrJwZUq1M18N1vMrV1R1WUPEbctMv23GhbLz1yy:kwbFvhiieErLPoLEIsPmYrsI7ZM","tlshash":"e4030a953780a13dc0032fdea1a2da5f245bb0cfcb45069cfdad5691afc4de588366e8","dom_hash":"domhash705bafb1ffb0b78fd1824c33877c81d2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"xn--phntom-qta.app/","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-01T07:37:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":5,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T07:37:11Z","timestamp":1777275431,"ip_dst":{"addr":"Client IP","port":48036,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"severity":"high","alert":"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing","source":"{\"timestamp\":\"2026-04-27T07:37:11.399485+0000\",\"flow_id\":706668453662762,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"147.45.110.175\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":48036,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024227,\"rev\":4,\"signature\":\"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_08_20\"]}},\"tls\":{\"subject\":\"CN=xn--phntom-qta.app\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"05:A0:8C:90:38:8F:EA:A6:F2:9C:20:79:A8:29:74:15:4D:98\",\"fingerprint\":\"6c:a2:43:c7:90:b0:88:e6:d0:d3:17:dc:23:24:16:46:21:df:8e:3f\",\"sni\":\"xn--phntom-qta.app\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-24T13:04:45\",\"notafter\":\"2026-07-23T13:04:44\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f9fcb52580329fb6a9b61d7542087b90\",\"string\":\"771,52392,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1203,\"bytes_toclient\":3423,\"start\":\"2026-04-27T07:37:11.167978+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T07:37:12Z","timestamp":1777275432,"ip_dst":{"addr":"Client IP","port":48072,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"severity":"high","alert":"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing","source":"{\"timestamp\":\"2026-04-27T07:37:12.031657+0000\",\"flow_id\":846759549425148,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"147.45.110.175\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":48072,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024227,\"rev\":4,\"signature\":\"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_08_20\"]}},\"tls\":{\"subject\":\"CN=xn--phntom-qta.app\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"05:A0:8C:90:38:8F:EA:A6:F2:9C:20:79:A8:29:74:15:4D:98\",\"fingerprint\":\"6c:a2:43:c7:90:b0:88:e6:d0:d3:17:dc:23:24:16:46:21:df:8e:3f\",\"sni\":\"xn--phntom-qta.app\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-24T13:04:45\",\"notafter\":\"2026-07-23T13:04:44\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f9fcb52580329fb6a9b61d7542087b90\",\"string\":\"771,52392,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1203,\"bytes_toclient\":3423,\"start\":\"2026-04-27T07:37:11.808444+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T07:37:12Z","timestamp":1777275432,"ip_dst":{"addr":"Client IP","port":48054,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"severity":"high","alert":"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing","source":"{\"timestamp\":\"2026-04-27T07:37:12.042497+0000\",\"flow_id\":972288558584080,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"147.45.110.175\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":48054,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024227,\"rev\":4,\"signature\":\"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_08_20\"]}},\"tls\":{\"subject\":\"CN=xn--phntom-qta.app\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"05:A0:8C:90:38:8F:EA:A6:F2:9C:20:79:A8:29:74:15:4D:98\",\"fingerprint\":\"6c:a2:43:c7:90:b0:88:e6:d0:d3:17:dc:23:24:16:46:21:df:8e:3f\",\"sni\":\"xn--phntom-qta.app\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-24T13:04:45\",\"notafter\":\"2026-07-23T13:04:44\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f9fcb52580329fb6a9b61d7542087b90\",\"string\":\"771,52392,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1203,\"bytes_toclient\":3423,\"start\":\"2026-04-27T07:37:11.807184+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T07:37:12Z","timestamp":1777275432,"ip_dst":{"addr":"Client IP","port":48046,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"severity":"high","alert":"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing","source":"{\"timestamp\":\"2026-04-27T07:37:12.043929+0000\",\"flow_id\":382812887142365,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"147.45.110.175\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":48046,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024227,\"rev\":4,\"signature\":\"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_08_20\"]}},\"tls\":{\"subject\":\"CN=xn--phntom-qta.app\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"05:A0:8C:90:38:8F:EA:A6:F2:9C:20:79:A8:29:74:15:4D:98\",\"fingerprint\":\"6c:a2:43:c7:90:b0:88:e6:d0:d3:17:dc:23:24:16:46:21:df:8e:3f\",\"sni\":\"xn--phntom-qta.app\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-24T13:04:45\",\"notafter\":\"2026-07-23T13:04:44\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f9fcb52580329fb6a9b61d7542087b90\",\"string\":\"771,52392,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1203,\"bytes_toclient\":3423,\"start\":\"2026-04-27T07:37:11.806877+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T07:37:12Z","timestamp":1777275432,"ip_dst":{"addr":"Client IP","port":48064,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"severity":"high","alert":"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing","source":"{\"timestamp\":\"2026-04-27T07:37:12.045040+0000\",\"flow_id\":549857050187125,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"147.45.110.175\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":48064,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024227,\"rev\":4,\"signature\":\"ET PHISHING Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_08_20\"]}},\"tls\":{\"subject\":\"CN=xn--phntom-qta.app\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"05:A0:8C:90:38:8F:EA:A6:F2:9C:20:79:A8:29:74:15:4D:98\",\"fingerprint\":\"6c:a2:43:c7:90:b0:88:e6:d0:d3:17:dc:23:24:16:46:21:df:8e:3f\",\"sni\":\"xn--phntom-qta.app\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-24T13:04:45\",\"notafter\":\"2026-07-23T13:04:44\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f9fcb52580329fb6a9b61d7542087b90\",\"string\":\"771,52392,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1072,\"bytes_toclient\":3423,\"start\":\"2026-04-27T07:37:11.808309+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"xn--phntom-qta.app","ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":10,"request_count":10,"received_data":2302454,"sent_data":4632,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.6.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xn--phntom-qta.app/js/jquery-3.6.1.min.js","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"00727d1d5d9c90f7de826f1a4a9cc632","sha1":"ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2","sha256":"a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74","sha512":"69528a4518bf43f615fb89a3a0a06c138c771fe0647a0a0cfde9b8e8d3650aa3539946000e305b78d79f371615ee0894a74571202b6a76b6ea53b89569e64d5c","ssdeep":"1536:SjjxXUHJnxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBvUsuy8WnKdXwhLQvg:SdeIygP3fulzcsz8jlvaDioQ47GKH","tlshash":"5393f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","size":89664,"data":"","first_seen":"2023-03-07T01:28:27Z","last_seen":"2026-04-27T19:20:56.183748Z","times_seen":28821,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/js/ethers-5.2.umd.min.js","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"50ed955cf32ac8e4e1daa0fac8fcde98","sha1":"fc073f2b9715e44dc2346d7cbe0b491fb59da146","sha256":"c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff","sha512":"62b27b6739ad99525dc02c2ee81f754e15062df363b137477f521d3dfdc9ec0650229543bda85c04b5a8282d5e6d9f5137aba99bd66178814a49feecee4fd961","ssdeep":"12288:YPEmxeUs6ky8Xb863bkmCEuls/LaottWsv1TY4:YPTWbsEss/LtttJz","tlshash":"4df44b85b3a5b0b583c628a4143f5006f63af46b502c40a4f759faf269f9d8c957bb3c","size":733070,"data":"","first_seen":"2023-03-07T12:07:13Z","last_seen":"2026-04-27T07:42:14.179074Z","times_seen":1142,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"99327c907f88d7213360729d161a1bc4","sha1":"3c94eabdae660ad55b346b096417ec263e7aac0f","sha256":"03b258cbf4afc4e92dc1235d2b7468ac5dea819ed947939467e0ea57e25b29b1","sha512":"c8a19301cc0e8c8aecf3106359389d0bbf7db80158409cebd30897e1d325909f1409c1860b867e91d68c51a8710f15667541b4e14cc7485fe062dd2ae1363140","ssdeep":"384:XPEbctMv23GhbLQ8mm84sttVFVVdg2xhgEWOn7JQ8F8mldv0yTZ8n1zxDtDRTYMM:XPmYrsI7Zd","tlshash":"09c283513680a53ec1072fde61e29a5f216b71cfc74409a8bdad66d1df80ea188376fc","size":26746,"data":"","first_seen":"2026-04-27T07:37:39.577148Z","last_seen":"2026-04-27T07:37:39.577148Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xn--phntom-qta.app/popup.5cbd182e.css","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:11.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /popup.5cbd182e.css HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: text/css\r\nContent-Length: 283145\r\nLast-Modified: Thu, 05 Mar 2026 20:18:20 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e50c-45209\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":283145,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"ba4c1af6ab5dc69a6d6433b0822403c6","sha1":"23afaf2bf14441bff15c453e7157bf77f029a561","sha256":"d48f095841d6a8bc96aa232c4d62cf12a0f3558a4e6e21e9af85e947b3d96397","sha512":"224b1c203a09912460fa311cb449f070a987eb15c954d52ec4cfa09eadf73fce2e93f2eda4bb3292b6d9a10b9c94a533f043da7502fb0b670e8c05441ace4695","ssdeep":"1536:apKSQ3YyI/obeboL0T1+3tKSYHpKSQ3YyI/obeboL0T1+3tKSY1fmEcKfmEcm:7SDgbqil3YJMSDgbqil3YJxZT","tlshash":"4254992fe300243eed27831de143fe9da1775f99ba42c777b89228d49281993db93650","first_seen":"2024-10-11T08:50:23.926884Z","last_seen":"2026-04-27T07:42:14.193367Z","times_seen":37,"resource_available":false,"data":null}},"time_used":956,"timings":{"blocked":277,"dns":0,"connect":35,"send":0,"wait":148,"receive":251,"ssl":243},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/popup.c34c79ff.css","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:11.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /popup.c34c79ff.css HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: text/css\r\nContent-Length: 971\r\nLast-Modified: Thu, 05 Mar 2026 20:18:21 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e50d-3cb\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":971,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (923)","md5":"1c0eff64531617e6cbeb6600289b221f","sha1":"1c0d16ed3fb8ba61efa0fa28ee18edde9f1a59c6","sha256":"fc4fc69adeaa80c65698af1ef46fe9992f232dc769928409f18afa8b6db9225a","sha512":"a6a7c8ed6285a4e0b4228c55421571a6d705e3dc8db4c6785151453fb7d42d8a3866717028b08a9913c75a2ca1c2b03b392f01ebfbb72d31a731a7eee78824dd","ssdeep":"","tlshash":"9611e61815afa845d4729e4231cf3922bd164468a2694522d27e0d5eccfbd7393f1f3a","first_seen":"2024-10-11T08:50:23.920468Z","last_seen":"2026-04-27T07:42:14.197263Z","times_seen":37,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":288,"dns":0,"connect":39,"send":0,"wait":99,"receive":0,"ssl":252},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/js/jquery-3.6.1.min.js","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:11.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /js/jquery-3.6.1.min.js HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 89664\r\nLast-Modified: Thu, 05 Mar 2026 20:18:28 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e514-15e40\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89664,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"00727d1d5d9c90f7de826f1a4a9cc632","sha1":"ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2","sha256":"a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74","sha512":"69528a4518bf43f615fb89a3a0a06c138c771fe0647a0a0cfde9b8e8d3650aa3539946000e305b78d79f371615ee0894a74571202b6a76b6ea53b89569e64d5c","ssdeep":"1536:SjjxXUHJnxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBvUsuy8WnKdXwhLQvg:SdeIygP3fulzcsz8jlvaDioQ47GKH","tlshash":"5393f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","first_seen":"2023-03-07T01:28:27Z","last_seen":"2026-04-27T19:20:56.183748Z","times_seen":28821,"resource_available":true,"data":null}},"time_used":872,"timings":{"blocked":288,"dns":1,"connect":39,"send":0,"wait":153,"receive":134,"ssl":251},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/js/ethers-5.2.umd.min.js","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:11.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /js/ethers-5.2.umd.min.js HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 733070\r\nLast-Modified: Thu, 05 Mar 2026 20:18:29 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e515-b2f8e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":733070,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"50ed955cf32ac8e4e1daa0fac8fcde98","sha1":"fc073f2b9715e44dc2346d7cbe0b491fb59da146","sha256":"c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff","sha512":"62b27b6739ad99525dc02c2ee81f754e15062df363b137477f521d3dfdc9ec0650229543bda85c04b5a8282d5e6d9f5137aba99bd66178814a49feecee4fd961","ssdeep":"12288:YPEmxeUs6ky8Xb863bkmCEuls/LaottWsv1TY4:YPTWbsEss/LtttJz","tlshash":"4df44b85b3a5b0b583c628a4143f5006f63af46b502c40a4f759faf269f9d8c957bb3c","first_seen":"2023-03-07T12:07:13Z","last_seen":"2026-04-27T07:42:14.179074Z","times_seen":1142,"resource_available":true,"data":null}},"time_used":1150,"timings":{"blocked":286,"dns":1,"connect":38,"send":0,"wait":150,"receive":420,"ssl":247},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/icon16.png","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:12.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /icon16.png HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: image/png\r\nContent-Length: 364\r\nLast-Modified: Thu, 05 Mar 2026 20:18:16 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e508-16c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":364,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"96ab8d2301b867d7e4113af5ebc59dd1","sha1":"87064faf66f6f06de4a39d2f31f86aaddd5350de","sha256":"267954ddd65f611106bb05d30b472e929726bee357a34565c3e6b5f4dfa24ae2","sha512":"c55573477e2596d22935abf6a4a03a5446833c18d5b61075c0a0604248fe604d7b151df8b5c75a224e87ed151ba3e2a9dbbc6e9c2b77bcdc41a0aeeaf5bbf81e","ssdeep":"","tlshash":"a7e0f110729854a5da834db78283d958e66060540b1583cc09019439419025da730569","first_seen":"2024-10-11T08:50:23.933597Z","last_seen":"2026-04-27T07:42:14.210057Z","times_seen":37,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T07:37:10.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:11 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.6.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":36352,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7271), with CRLF line terminators","md5":"01a1f2e3d0d85e3a62a5b4edc63bc364","sha1":"7522cb6755cfa2d6a22a4c1488790d494c125eb5","sha256":"148382fed159df97afad8cdc9e2a9f09fb4aec77dfc61a2e7c6d50fbe88913b6","sha512":"3b04dc7b05f05d5e7837706ba63e79435a8a65bd7fb454ae55538141ef381e31633970b27a1472d9435a990dd4e2ff0002ff6ef8ff4d7457bdabe48d4e10fea6","ssdeep":"384:0u11bw1Znn1yj1u1i818+/xZ9YrJwZUP1M18N1vMrV1R1W31yOY1jENPEbctMv2B:0wbYUhiUfEriTNPtYEsq7Z5","tlshash":"77f2e8513740a03ec0232bdaa1a2db5f646bb1cfc7450658fdbd6692efc0dd58436ae8","first_seen":"2026-04-27T07:37:39.5409Z","last_seen":"2026-04-27T07:37:39.5409Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1258,"timings":{"blocked":540,"dns":254,"connect":35,"send":0,"wait":170,"receive":1,"ssl":254},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/Inter-Regular.3b5c1ea8.woff","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:12.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /Inter-Regular.3b5c1ea8.woff HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/popup.c34c79ff.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: application/font-woff\r\nContent-Length: 133856\r\nLast-Modified: Thu, 05 Mar 2026 20:18:13 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e505-20ae0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":133856,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 133856, version 0.0","md5":"14d1275c67676cc5d911232d0c890d97","sha1":"b5541b2654eeeffb8e709cfe141a75644e53e9ba","sha256":"3710e2ce073ec0eb39274decc63768b52091a27e35f5c28d6abb7a5fcef0b7fc","sha512":"f29574b0d8173a667ed53dd2bec01a0d0b126637d61a011220c82957c303053b066308681ed05ab7aae999625a750e44d8fc09f9b6665815d86d08f9944ebb7b","ssdeep":"3072:wdJVqGxK6l7L8NEcHOW3d7TA/O0PcGt6TstGUPResU1ZiZCm:wdJVa6NLjcHZ3BAWcjybm","tlshash":"35d312c4eca1ad4bb333e79fdc60b64fe938d8176c39904a41a3c39e23a6e5481d8059","first_seen":"2023-05-11T13:56:46Z","last_seen":"2026-04-27T07:42:14.184436Z","times_seen":294,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/Inter-Medium.42fabd1d.woff","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:12.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /Inter-Medium.42fabd1d.woff HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/popup.c34c79ff.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: application/font-woff\r\nContent-Length: 142340\r\nLast-Modified: Thu, 05 Mar 2026 20:18:12 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e504-22c04\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":142340,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 142340, version 0.0","md5":"5ce3e4db9634913232403f166b2447de","sha1":"e1ed0feb06835626a35e96bb71ffa06a6802a09b","sha256":"68d52e74e8171ddb2c94ca60a2596dc8a46407320449881fd09369dbc317624c","sha512":"9f156d12c885c0662a58576b48209eac0f82abf0cd22dbeb9e9f83fd967909f5824e411211c5b3f77a869e28b3af32020ae3ed55a2fb3a218d0f2ad2e50eea0d","ssdeep":"3072:1EqGHwgRgE91xHUDe9TuA3+tN7JQQLuCaM1E51sU1ZiZCm:1hZQ1BUuyA3YfLH1Ebm","tlshash":"f4d31208fe2b2995f7576fa72a744596c51dc026140f0c8f52a71bed2cf9ba818ca4ec","first_seen":"2023-05-11T13:56:46Z","last_seen":"2026-04-27T07:42:14.205717Z","times_seen":80,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":93,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/Inter-SemiBold.02b70154.woff","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:12.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /Inter-SemiBold.02b70154.woff HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/popup.c34c79ff.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:12 GMT\r\nContent-Type: application/font-woff\r\nContent-Length: 142760\r\nLast-Modified: Thu, 05 Mar 2026 20:18:14 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e506-22da8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":142760,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 142760, version 0.0","md5":"1d5bb5c64dc15405bdb04145dab7b436","sha1":"b1998ff442a405f783f2969a30c73eae62809d9a","sha256":"807d56b95fcc04cd1c26fca043ddf19e300c8ae156747458bd025a2b21cf54b4","sha512":"1854e0ed3d16e4304abe68a6fbeeb4bc852b678f60fa12ccd48b507b0ee6ad4711c36625d9ea3a6deca84a5ca909b3f28b12e6943aae5d386982b57d2aaa77d9","ssdeep":"3072:woGCVBMa0wOu0YcxfPHArepYYjnn+95SkuHhsU1ZiZCm:oa0wR0LeepYYjnsAbm","tlshash":"8bd31248fcd1e8c37396fc5b8afc5f2a237ad7117c5ae46a807e348b1a64c84c5d4469","first_seen":"2023-05-11T13:56:46Z","last_seen":"2026-04-27T07:42:14.189435Z","times_seen":78,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--phntom-qta.app/style.css","fqdn":"xn--phntom-qta.app","domain":"xn--phntom-qta.app","tld":"app"},"ip":{"addr":"147.45.110.175","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--phntom-qta.app/","date":"2026-04-27T07:37:11.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xn--phntom-qta.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:04:45 GMT","end":"Thu, 23 Jul 2026 13:04:44 GMT"},"fingerprint":{"sha1":"6C:A2:43:C7:90:B0:88:E6:D0:D3:17:DC:23:24:16:46:21:DF:8E:3F","sha256":"DD:A6:80:6E:93:AF:D1:45:F5:45:B0:32:6D:96:A9:F9:29:C9:2E:88:2F:3B:DA:70:4A:49:C7:C4:DA:BE:D9:BC"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: xn--phntom-qta.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--phntom-qta.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 07:37:11 GMT\r\nContent-Type: text/css\r\nContent-Length: 737573\r\nLast-Modified: Thu, 05 Mar 2026 20:18:22 GMT\r\nConnection: keep-alive\r\nETag: \"69a9e50e-b4125\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":737573,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"63545a2c96e327ecf8655decf1eb906c","sha1":"8eba5b409906d6b55f2a844b15764dbf4554fa4c","sha256":"743c63a5acd1aa7d416d21b780989d5302b8a9688fa562c816ac0aa6b8492fa3","sha512":"50c16684e1e7c2ce3d6b68afd91bf5e2f1afc208b21bc47ed10430162a6e8cf425782210fe351ecab36509df02fa92c8b13328d0126de5b5aee79d5db3a1b399","ssdeep":"6144:I1jA3uIL43Ml7S+SDvdqV/TSsrHw3ae1jA3uIL43Ml7S+SDvdqV/TSsrHw3aG2kx:oz3aqz3aG2kqz3aqz3aG29B","tlshash":"73f4449bd2007c2dea67a3bdd143d4ceff790289ba05c3bb75425ae4c648547db827a0","first_seen":"2024-10-11T08:50:23.931213Z","last_seen":"2026-04-27T07:42:14.227287Z","times_seen":36,"resource_available":false,"data":null}},"time_used":653,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":498,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"xn--phntom-qta.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}