{"report_id":"9ee31cfa-f057-4cac-aa3a-700c508cb6fc","version":6,"status":"done","tags":[],"date":"2026-01-28T00:09:18Z","url":{"schema":"http","addr":"phantom-wallets.blogspot.li","fqdn":"phantom-wallets.blogspot.li","domain":"phantom-wallets.blogspot.li","tld":"blogspot.li"},"ip":{"addr":"216.58.207.225","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"title":"Phantom Wallet - A friendly Crypto Wallet","dom":{"size":16482,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (909)","md5":"7279c1f740916809994fd1e15a3b5251","sha1":"fbbb1aebf0605ece1db511558eee389627d99122","sha256":"9967c5539eb080c739ea3935620d37835ca06f7cc9201ee1386ae2417b3fba66","sha512":"da89bd7aef78a9f244c13544e8e3a90ce91994699989ebb33d1b8a33ec947e94b138e4590dfe42c095307b4abee9992875c7245acecaf9f4e452179631e9cbd1","ssdeep":"384:CRWiVd6trasVPWdAyEr29L2J8g8yF0h2OVbfWeRu1k:CRWIYrv5WdFEr29Lq87h2O9fWeRu1k","tlshash":"59729527e3865a23053340dee57f93e54652c168d3528f94637ec2bebdc98b03a652ce","dom_hash":"domhasha80991e4218613f48af6be7e23ae1161","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"phantom-wallets.blogspot.li","fqdn":"phantom-wallets.blogspot.li","domain":"phantom-wallets.blogspot.li","tld":"blogspot.li"},"ip":{"addr":"216.58.207.225","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-04T00:09:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.linkpicture.com","ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"domain_registered":"2018-06-25","domain_rank":4298173,"first_seen":"2019-07-19T19:10:53Z","last_seen":"2026-01-20T10:36:52.214894Z","alert_count":0,"request_count":2,"received_data":152,"sent_data":918,"comment":"","tags":null,"fingerprints":null},{"fqdn":"phantom-wallets.blogspot.com","ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2000-07-31","domain_rank":0,"first_seen":"2026-01-27T23:37:38.774868Z","last_seen":"2026-01-27T23:37:39.826822Z","alert_count":6,"request_count":2,"received_data":22504,"sent_data":946,"comment":"","tags":null,"fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"phantom-wallets.blogspot.li","ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":15316,"sent_data":496,"comment":"","tags":null,"fingerprints":[{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-01-25T22:20:32.726712Z","alert_count":0,"request_count":1,"received_data":290563,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2258ff58280c76a89878ce2f76ba9ad3","sha1":"371066343d463babe2a60cffde9749a6bc8b5ec4","sha256":"262695390d531a808a0d874e53d4b1347645087c105a0348dbace1897051976e","sha512":"19857e901d0a82166d15f0f72f3d5a367a5e738fad79182fbc78ec71db750acc0a6eca2d6c198ca8fcb4faa87e875b068669820f2de8dd44754bfd80463bf2f3","ssdeep":"","tlshash":"2fc02b88211a4c7191fb37408b3ffa00b402321494d8ef32480d63054d30e1bd754812","size":155,"data":"","first_seen":"2026-01-27T23:37:44.510834Z","last_seen":"2026-02-16T13:33:39.378205Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/js/cookienotice.js","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a705132a2174f88e196ec3610d68faa8","sha1":"3bad57a48d973a678fec600d45933010f6edc659","sha256":"068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568","sha512":"e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5","ssdeep":"96:q54UPzHFcJZ7haKemb/m2GzrzCXAl/MStzo41Pm+YsttcVcbYhyjcso13EZDjiat:q5rPzHgxm2GzaXeMnuzYstyryPhZD9","tlshash":"4fd1630938a7127d125fa03fb6bf515ab66410238101db08786dfa785fd5f42a8e4ffa","size":6513,"data":"","first_seen":"2023-03-07T01:02:24Z","last_seen":"2026-06-08T22:11:14.583468Z","times_seen":121524,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-222882761-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"de5a1e3dfc83020ea49f90cdd36d4251","sha1":"a3d04a4286afd555113e8ab912aecf1cc8ad1a0d","sha256":"8815a71733316c7d2a63b55e56b4a608bc831fd48a82bc1de0088d898c4de9a5","sha512":"ca2772044c7e0458dd33fb63f471f1d2230b375ecff494e7aa47bf7179c499539924c6e02c9e6825ff520da5f169794b1f52053dd8033348a3a6ca368b0bb6f0","ssdeep":"6144:rJewvdEUAxJ509MFTe5LGl9FlbzyB8O1SUxBlF:dewVEUAxJ509MF8Yg1Ss/F","tlshash":"f85419cdb7d6b06683a36478403f114bb13b7992f84cc894e186d8d42e74aaa4277f7d","size":289959,"data":"","first_seen":"2026-01-27T23:37:44.508015Z","last_seen":"2026-01-28T00:09:22.988841Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/sandbox%20eval%20code","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"38ee2f6ddbe8a478e5795030e72ba35d","sha1":"d332319b04b273e3b9a93ffa22ba9036d59b8e99","sha256":"97d98978d5864e77cd83bd79a0d31ced40631a6134a154e8f049bcc20f49a319","sha512":"15610a3ce0ff69817776e355c350aebc006a7744a941c1258fe16a2e73445d964fd94885bd4b50bb2e9ea773a5f95bf1aa124fd90a3252ab2769d2870e5fbb95","ssdeep":"","tlshash":"20d02ef7f4d5ac218809a3200865e9083032e6feb3a08de094c0063a488a8ba9306fa0","size":275,"data":"","first_seen":"2023-03-07T01:02:24Z","last_seen":"2026-06-07T08:09:46.269043Z","times_seen":108164,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7422fcfc6a91ec3c8bcf0fdc5f3215ad","sha1":"dd1a7f71b5367fb9d13a3ae6798c7fd0a4c37ef2","sha256":"620719ac57a503dc90e978186aaa9c5540094089b2dca79327b6833d58e011c7","sha512":"155620083064aaa723034d0433f8404d1169bdba5d602f8c820e8f9f4f018ae3ae3f0c08bacc5d0a7809cc583c290386efa94f114f88fdf38e8a2024383e9a7f","ssdeep":"","tlshash":"4f016d137508e31431a714347b8baa18fd2ac2561c95453f391cf9324f57a63ced6ae3","size":776,"data":"","first_seen":"2023-04-06T23:48:51Z","last_seen":"2026-06-06T23:36:19.547992Z","times_seen":4730,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.linkpicture.com/q/phantom1_1.png","fqdn":"www.linkpicture.com","domain":"linkpicture.com","tld":"com"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom-wallets.blogspot.com/","date":"2026-01-28T00:08:59.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"it-5858.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 03 Jan 2026 21:16:18 GMT","end":"Fri, 03 Apr 2026 21:16:17 GMT"},"fingerprint":{"sha1":"71:3D:2F:E5:1B:05:7D:69:2B:0B:A1:6B:B1:A5:73:C1:6D:72:BF:E0","sha256":"2F:B9:D4:C3:1D:9D:3C:FB:C1:46:68:FE:F8:45:37:61:CE:4D:60:83:A1:27:64:C4:45:CF:63:7B:87:92:7F:6C"}}},"request":{"raw":"GET /q/phantom1_1.png HTTP/1.1\r\nHost: www.linkpicture.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallets.blogspot.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 403 Forbidden\r\ncache-control: no-cache\r\ncontent-type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T22:17:26.933573Z","times_seen":16251514,"resource_available":true,"data":null}},"time_used":1029,"timings":{"blocked":701,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":172},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/js/cookienotice.js","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantom-wallets.blogspot.com/","date":"2026-01-28T00:08:59.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.blogspot.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:15 GMT","end":"Mon, 23 Mar 2026 19:52:14 GMT"},"fingerprint":{"sha1":"9D:73:4C:81:3F:21:8F:57:95:3D:81:D0:20:8A:4B:CD:5F:09:AC:AF","sha256":"01:58:90:20:A2:8D:22:B9:88:94:9F:3C:07:98:0C:14:41:26:47:0B:FA:7F:50:AE:0D:B8:6B:8B:31:FB:46:EB"}}},"request":{"raw":"GET /js/cookienotice.js HTTP/1.1\r\nHost: phantom-wallets.blogspot.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallets.blogspot.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"blogger-tech\"\r\nreport-to: {\"group\":\"blogger-tech\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/blogger-tech\"}]}\r\ncontent-length: 2026\r\ndate: Wed, 28 Jan 2026 00:08:59 GMT\r\nexpires: Wed, 04 Feb 2026 00:08:59 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Tue, 27 Jan 2026 18:51:34 GMT\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6513,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"a705132a2174f88e196ec3610d68faa8","sha1":"3bad57a48d973a678fec600d45933010f6edc659","sha256":"068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568","sha512":"e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5","ssdeep":"96:q54UPzHFcJZ7haKemb/m2GzrzCXAl/MStzo41Pm+YsttcVcbYhyjcso13EZDjiat:q5rPzHgxm2GzaXeMnuzYstyryPhZD9","tlshash":"4fd1630938a7127d125fa03fb6bf515ab66410238101db08786dfa785fd5f42a8e4ffa","first_seen":"2023-03-07T01:02:24Z","last_seen":"2026-06-08T22:11:14.583468Z","times_seen":121524,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.linkpicture.com/q/phantom-logo.png","fqdn":"www.linkpicture.com","domain":"linkpicture.com","tld":"com"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom-wallets.blogspot.com/","date":"2026-01-28T00:08:59.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"it-5858.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 03 Jan 2026 21:16:18 GMT","end":"Fri, 03 Apr 2026 21:16:17 GMT"},"fingerprint":{"sha1":"71:3D:2F:E5:1B:05:7D:69:2B:0B:A1:6B:B1:A5:73:C1:6D:72:BF:E0","sha256":"2F:B9:D4:C3:1D:9D:3C:FB:C1:46:68:FE:F8:45:37:61:CE:4D:60:83:A1:27:64:C4:45:CF:63:7B:87:92:7F:6C"}}},"request":{"raw":"GET /q/phantom-logo.png HTTP/1.1\r\nHost: www.linkpicture.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallets.blogspot.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 403 Forbidden\r\ncache-control: no-cache\r\ncontent-type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T22:17:26.933573Z","times_seen":16251514,"resource_available":true,"data":null}},"time_used":352,"timings":{"blocked":0,"dns":1,"connect":156,"send":0,"wait":165,"receive":0,"ssl":173},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallets.blogspot.li/","fqdn":"phantom-wallets.blogspot.li","domain":"blogspot.li","tld":"li"},"ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-28T00:08:57.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.blogspot.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:15 GMT","end":"Mon, 23 Mar 2026 19:52:14 GMT"},"fingerprint":{"sha1":"9D:73:4C:81:3F:21:8F:57:95:3D:81:D0:20:8A:4B:CD:5F:09:AC:AF","sha256":"01:58:90:20:A2:8D:22:B9:88:94:9F:3C:07:98:0C:14:41:26:47:0B:FA:7F:50:AE:0D:B8:6B:8B:31:FB:46:EB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phantom-wallets.blogspot.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlocation: https://phantom-wallets.blogspot.com/\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\ndate: Wed, 28 Jan 2026 00:08:58 GMT\r\nexpires: Wed, 28 Jan 2026 00:08:58 GMT\r\ncache-control: private, max-age=0\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-security-policy: frame-ancestors 'self'\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 201\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":14816,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T22:17:26.933573Z","times_seen":16251514,"resource_available":true,"data":null}},"time_used":910,"timings":{"blocked":153,"dns":18,"connect":15,"send":0,"wait":603,"receive":1,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallets.blogspot.com/","fqdn":"phantom-wallets.blogspot.com","domain":"phantom-wallets.blogspot.com","tld":"blogspot.com"},"ip":{"addr":"142.250.178.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-28T00:08:58.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.blogspot.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:15 GMT","end":"Mon, 23 Mar 2026 19:52:14 GMT"},"fingerprint":{"sha1":"9D:73:4C:81:3F:21:8F:57:95:3D:81:D0:20:8A:4B:CD:5F:09:AC:AF","sha256":"01:58:90:20:A2:8D:22:B9:88:94:9F:3C:07:98:0C:14:41:26:47:0B:FA:7F:50:AE:0D:B8:6B:8B:31:FB:46:EB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phantom-wallets.blogspot.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Wed, 28 Jan 2026 00:08:59 GMT\r\ndate: Wed, 28 Jan 2026 00:08:59 GMT\r\ncache-control: private, max-age=0\r\nlast-modified: Wed, 04 Sep 2024 11:55:35 GMT\r\netag: W/\"abc3e846e419411054fbf9bea5a5184761417974ec2fafdf79273b14500eb4ee\"\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 4712\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":14816,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (601)","md5":"a76d75332e5b658a2aaeebda23858af9","sha1":"bb311b134bd69eb8863d9f6642bafa631df05ea5","sha256":"8e25e24c13ff9d7593c8e5d31ae37a589c0242cb2f1c0240432fe17b58a99439","sha512":"4e4e830017d27c4ce1ab0a33079ce86c158cae7881faca97d0dad785c3932577ce86f17314b4fa41c448727c2136e7e320e187e884c515e5e3b12d36e26eaa3e","ssdeep":"384:GMW3Vd6trasVPWdAyEr29L2Jrg8jF0h2OVbfWeuuq:GMWFYrv5WdFEr29LN8Kh2O9fWeuuq","tlshash":"19626327e7875a12053240cee53fa3e54652c198e3128fa4637ec2be7dcd5b07a661ce","first_seen":"2026-01-27T23:37:44.505167Z","last_seen":"2026-02-16T13:33:39.37631Z","times_seen":13,"resource_available":false,"data":null}},"time_used":996,"timings":{"blocked":136,"dns":35,"connect":16,"send":0,"wait":715,"receive":9,"ssl":82},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"phantom-wallets.blogspot.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-222882761-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantom-wallets.blogspot.com/","date":"2026-01-28T00:08:59.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:51:06 GMT","end":"Mon, 23 Mar 2026 19:51:05 GMT"},"fingerprint":{"sha1":"66:A1:61:62:8E:0D:AB:F0:EF:5F:4C:AF:37:49:48:06:29:96:E9:34","sha256":"D7:A4:98:64:D8:F7:BE:4D:88:E8:1A:4B:70:69:43:46:6E:47:36:BD:31:38:07:95:66:16:C2:14:9E:82:E8:9B"}}},"request":{"raw":"GET /gtag/js?id=UA-222882761-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallets.blogspot.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 28 Jan 2026 00:08:59 GMT\r\nexpires: Wed, 28 Jan 2026 00:08:59 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 103105\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":289959,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4251)","md5":"de5a1e3dfc83020ea49f90cdd36d4251","sha1":"a3d04a4286afd555113e8ab912aecf1cc8ad1a0d","sha256":"8815a71733316c7d2a63b55e56b4a608bc831fd48a82bc1de0088d898c4de9a5","sha512":"ca2772044c7e0458dd33fb63f471f1d2230b375ecff494e7aa47bf7179c499539924c6e02c9e6825ff520da5f169794b1f52053dd8033348a3a6ca368b0bb6f0","ssdeep":"6144:rJewvdEUAxJ509MFTe5LGl9FlbzyB8O1SUxBlF:dewVEUAxJ509MF8Yg1Ss/F","tlshash":"f85419cdb7d6b06683a36478403f114bb13b7992f84cc894e186d8d42e74aaa4277f7d","first_seen":"2026-01-27T23:37:44.508015Z","last_seen":"2026-01-28T00:09:22.988841Z","times_seen":2,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":82,"dns":1,"connect":9,"send":0,"wait":26,"receive":20,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}