{"report_id":"adb628b0-1223-4265-94ac-8bf60434fd14","version":6,"status":"done","tags":[],"date":"2026-04-18T19:15:19Z","url":{"schema":"http","addr":"phantomwallet.cash","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"phantomwallet.cash/","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"title":"SecureVault - Crypto Wallet","dom":{"size":10465,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (7019)","md5":"3240b5e27309d769f375fb2ef7ec5874","sha1":"12d4d54ae8898d86ea171ec244853dec0445cfe9","sha256":"dd8dedb8e7df025325b8218ee6c142d8a1be61b046f61ee48d176baab723ab6c","sha512":"6da963a3ebae5f80c855c5320eb9df660401a5568f9d293c006c992a1f03d4e79382e89e7e6347b1364f4729950848a35bff7b4c75bbe08fb528bc42416d2652","ssdeep":"192:F8L1NmieXfK0UqycjYTA5/EC3UgvQLcdm9rOcI4:hirV/cjYTA5coFQgMo4","tlshash":"0f22b771568c1c3e7113c564f4e5b33a46bee24ef06bc490f2ed85625bcad98c823ab4","dom_hash":"domhash962b285d0dbc33169b7df65610177cbf","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"phantomwallet.cash","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-23T19:15:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-12T22:20:19.752051Z","alert_count":0,"request_count":2,"received_data":163114,"sent_data":2283,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-12T22:16:45.621325Z","alert_count":0,"request_count":4,"received_data":197468,"sent_data":2232,"comment":"","tags":null,"fingerprints":null},{"fqdn":"phantomwallet.cash","ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2025-08-27","domain_rank":0,"first_seen":"2026-04-18T19:15:19.981442Z","last_seen":"2026-04-18T19:15:19.981442Z","alert_count":8,"request_count":4,"received_data":535926,"sent_data":1809,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"replit.com","ip":{"addr":"172.64.152.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2011-09-02","domain_rank":8181,"first_seen":"2015-09-15T20:45:19Z","last_seen":"2026-04-16T00:44:55.05316Z","alert_count":0,"request_count":1,"received_data":5435,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"replit.com/public/js/replit-dev-banner.js","fqdn":"replit.com","domain":"replit.com","tld":"com"},"ip":{"addr":"172.64.152.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ef62263fdd4d343920e52101493d5ef","sha1":"66edec25c6e4cf2897dca70332d48af3e092252a","sha256":"e2bedec4d902217c8bd92775b038e27b7864105e42d6358038faeb5f391f9306","sha512":"25a866a0455c6e020820950804183754e09275189b1166060fd60b8c0f9ef166eca8267b558286bc0212638d75e545861537495693e9d01a449a8906341c8943","ssdeep":"96:TZ5Fz5FH59dJuf5GGO4jw2y+ZL5P7buUyDSoyqeUoW/cle:Nfb7dJI7w2yolP7buUyDSoN3/cle","tlshash":"fc91756a6f731235952390ac5bc7a7412338b01be10acd597ead824cdfed614e9637cc","size":4626,"data":"","first_seen":"2025-12-19T19:12:36.875979Z","last_seen":"2026-06-08T11:23:02.470643Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantomwallet.cash/","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"fd029de1bab45ef979af15f55dcf129d","sha1":"d02886a6b5a26d514736fbd0fba5bcc373459418","sha256":"35c26edf24ac7265cc48ea0f636bfb75cd1bcbc2514a37bab3d75a48b6ed55de","sha512":"f0a0391055030dff389c462d0f248d6bc874923ac1632daa8dd0d09076f99c1b8ca044ff391c0998cedb6127c49747ea1c5b189034ffd887d2f2502258eaff69","ssdeep":"","tlshash":"b9e0488e4ff68c370663702e0d0f5606223746474085d554bbed57a15fc1534d6675d8","size":415,"data":"","first_seen":"2025-07-01T05:11:00.894816Z","last_seen":"2026-05-28T10:02:40.037422Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantomwallet.cash/assets/index-Dnxt9MUt.js","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a4e75f68da2bab95b96bbcfa79aac994","sha1":"aa038f86aaa72d339280f0b1df3b2a4acb637435","sha256":"b0d54a559bb4a949ab1fd98c5c5a06e78f96ad7300891cce4619f6dc1940e2a5","sha512":"93d24d75e3e3900f3694355868ef6fa262f85aae35698f49cf18c6182c1f0cd4427fe352889545447fe05aa536be6ad350092b7068ca3744c773951e8f107682","ssdeep":"6144:J0gzWRImmXS5F9kY3tbH6OvybBEDUdn+gkJwgGzWmRDHoTuHDoqo:bZXSvnvybBt+gkJezQ3","tlshash":"d6944b98b052b6adbeb74ad5603f800d713e1a15e80e44a0b03cec792675426b677ffd","size":446272,"data":"","first_seen":"2026-04-18T19:15:24.659293Z","last_seen":"2026-04-18T19:19:05.906524Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://phantomwallet.cash\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 15 Apr 2026 22:33:37 GMT\r\nexpires: Thu, 15 Apr 2027 22:33:37 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 247281\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-08T23:14:00.082446Z","times_seen":206497,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":152,"dns":0,"connect":22,"send":0,"wait":8,"receive":4,"ssl":131},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://phantomwallet.cash\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 15 Apr 2026 22:33:37 GMT\r\nexpires: Thu, 15 Apr 2027 22:33:37 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 247281\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-08T23:14:00.082446Z","times_seen":206497,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":150,"dns":1,"connect":7,"send":0,"wait":12,"receive":4,"ssl":140},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantomwallet.cash/","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T19:14:57.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantomwallet.cash","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 03:03:43 GMT","end":"Mon, 29 Jun 2026 03:03:42 GMT"},"fingerprint":{"sha1":"36:D5:48:3B:12:59:4E:D7:9B:F8:93:66:F0:29:16:02:8A:21:58:C6","sha256":"E8:11:D5:43:3E:B9:92:07:14:C6:A4:2B:2C:E9:EA:BC:2B:3E:08:86:EE:73:22:08:B1:2C:80:59:CC:50:85:81"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phantomwallet.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 3401\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sat, 18 Apr 2026 19:14:57 GMT\r\netag: W/\"d49-198ec34e7f8\"\r\nlast-modified: Wed, 27 Aug 2025 15:45:47 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 88e7fbe020698aadf843062dfedabf03;o=1\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":3401,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1432)","md5":"0a72e43f353485ce53dfc7daf758dd10","sha1":"092f56a146fddb40286b14dcbeb0f62141196ca3","sha256":"ac4e96f703c5b24d4d951562e2d12a60890fcd919904d9f85d2514ff80209ad1","sha512":"8148da7bf4f94f04b1a673cda8576a23b5b3613f8aead9724a693b81588a7f1fc33de3342dd92bd11be01160dcadf9861278aeff638c0b1bc5631f53588ea231","ssdeep":"","tlshash":"6e6110cb8d9a4c777022a03978e5fe160427a44f46e9c890b2ced587cfc67d8c863e64","first_seen":"2026-04-18T19:15:24.656234Z","last_seen":"2026-04-18T19:19:05.896138Z","times_seen":2,"resource_available":false,"data":null}},"time_used":441,"timings":{"blocked":110,"dns":32,"connect":26,"send":0,"wait":221,"receive":0,"ssl":50},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phantomwallet.cash/assets/index-Dnxt9MUt.js","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantomwallet.cash","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 03:03:43 GMT","end":"Mon, 29 Jun 2026 03:03:42 GMT"},"fingerprint":{"sha1":"36:D5:48:3B:12:59:4E:D7:9B:F8:93:66:F0:29:16:02:8A:21:58:C6","sha256":"E8:11:D5:43:3E:B9:92:07:14:C6:A4:2B:2C:E9:EA:BC:2B:3E:08:86:EE:73:22:08:B1:2C:80:59:CC:50:85:81"}}},"request":{"raw":"GET /assets/index-Dnxt9MUt.js HTTP/1.1\r\nHost: phantomwallet.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantomwallet.cash/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 446272\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 18 Apr 2026 19:14:58 GMT\r\netag: W/\"6cf40-198ec34e7f8\"\r\nlast-modified: Wed, 27 Aug 2025 15:45:47 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: d975562f2b2f230a2a1922aa827530e4\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":446272,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (37534)","md5":"a4e75f68da2bab95b96bbcfa79aac994","sha1":"aa038f86aaa72d339280f0b1df3b2a4acb637435","sha256":"b0d54a559bb4a949ab1fd98c5c5a06e78f96ad7300891cce4619f6dc1940e2a5","sha512":"93d24d75e3e3900f3694355868ef6fa262f85aae35698f49cf18c6182c1f0cd4427fe352889545447fe05aa536be6ad350092b7068ca3744c773951e8f107682","ssdeep":"6144:J0gzWRImmXS5F9kY3tbH6OvybBEDUdn+gkJwgGzWmRDHoTuHDoqo:bZXSvnvybBt+gkJezQ3","tlshash":"d6944b98b052b6adbeb74ad5603f800d713e1a15e80e44a0b03cec792675426b677ffd","first_seen":"2026-04-18T19:15:24.659293Z","last_seen":"2026-04-18T19:19:05.906524Z","times_seen":2,"resource_available":true,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":176,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"replit.com/public/js/replit-dev-banner.js","fqdn":"replit.com","domain":"replit.com","tld":"com"},"ip":{"addr":"172.64.152.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"replit.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 21:19:04 GMT","end":"Sun, 14 Jun 2026 22:18:57 GMT"},"fingerprint":{"sha1":"F3:79:61:3F:94:F8:6B:1D:C4:49:01:E8:44:D8:6E:B2:4D:94:EA:D1","sha256":"55:43:94:40:66:E4:80:85:8B:B7:D4:3D:93:A3:99:66:06:1A:77:AD:95:32:98:30:30:45:41:E8:67:7E:AC:01"}}},"request":{"raw":"GET /public/js/replit-dev-banner.js HTTP/1.1\r\nHost: replit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantomwallet.cash/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 19:14:58 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nset-cookie: __cf_bm=_JQlBiANLpFE90WrWzDpd9wufz21cIalLH85XFutr0k-1776539698.0835955-1.0.1.1-QZcGE7VTEpBQercMTSbqcuoDaiiVJscgWrmqqPwKcRTlbxz5eyBqUA7JgzsjCfJ8N_QWuFo6ZPPL.9r1NWB7quDdO9o_342h_oNlwgbmunJhj8V8xx1POlDywiaVFjdV; HttpOnly; Secure; Path=/; Domain=replit.com; Expires=Sat, 18 Apr 2026 19:44:58 GMT\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 13 Mar 2026 09:02:38 GMT\r\netag: W/\"1212-19ce66ef7b0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; preload\r\nage: 2849223\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\ncf-ray: 9ee5fed90ea55a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4626,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"3ef62263fdd4d343920e52101493d5ef","sha1":"66edec25c6e4cf2897dca70332d48af3e092252a","sha256":"e2bedec4d902217c8bd92775b038e27b7864105e42d6358038faeb5f391f9306","sha512":"25a866a0455c6e020820950804183754e09275189b1166060fd60b8c0f9ef166eca8267b558286bc0212638d75e545861537495693e9d01a449a8906341c8943","ssdeep":"96:TZ5Fz5FH59dJuf5GGO4jw2y+ZL5P7buUyDSoyqeUoW/cle:Nfb7dJI7w2yolP7buUyDSoN3/cle","tlshash":"fc91756a6f731235952390ac5bc7a7412338b01be10acd597ead824cdfed614e9637cc","first_seen":"2025-12-19T19:12:36.875979Z","last_seen":"2026-06-08T11:23:02.470643Z","times_seen":342,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":13,"dns":3,"connect":1,"send":0,"wait":11,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantomwallet.cash/assets/index-D_-MQeGI.css","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantomwallet.cash","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 03:03:43 GMT","end":"Mon, 29 Jun 2026 03:03:42 GMT"},"fingerprint":{"sha1":"36:D5:48:3B:12:59:4E:D7:9B:F8:93:66:F0:29:16:02:8A:21:58:C6","sha256":"E8:11:D5:43:3E:B9:92:07:14:C6:A4:2B:2C:E9:EA:BC:2B:3E:08:86:EE:73:22:08:B1:2C:80:59:CC:50:85:81"}}},"request":{"raw":"GET /assets/index-D_-MQeGI.css HTTP/1.1\r\nHost: phantomwallet.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantomwallet.cash/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 80857\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Sat, 18 Apr 2026 19:14:58 GMT\r\netag: W/\"13bd9-198ec34e7f8\"\r\nlast-modified: Wed, 27 Aug 2025 15:45:47 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 7282eb7decd542592a1922aa82753a69\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":80857,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"715639064838587263a64273025dbd29","sha1":"0193a7b274233aef06bdb95c8b05a197d7a38abc","sha256":"0e63574cdc6754e7fdb77cab69b447efb996f69ac1c03ffb41691d11038a2b14","sha512":"428f5f2c820ac007acb4e89f6d0b345492a468659b83c67b0dd2bc5106b742965e6ad47189af12c86c2e4ba269efe392f81130f16bfefb4c3379ce6bdef9e684","ssdeep":"1536:Uofh+JqBec62UqBEhGmd378VQZkt5FFCNDC:Uofh+JZcUxhGmd378VQZkt5F6DC","tlshash":"1783842dba68513f3c6790f8c2ccb9aca21ab0c0de3e05e9be5a41255bd37f61d67504","first_seen":"2026-04-18T19:15:24.663375Z","last_seen":"2026-04-18T19:19:05.900095Z","times_seen":2,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":131,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://phantomwallet.cash\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 15 Apr 2026 22:33:37 GMT\r\nexpires: Thu, 15 Apr 2027 22:33:37 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 247281\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-08T23:14:00.082446Z","times_seen":206497,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":81,"dns":0,"connect":7,"send":0,"wait":10,"receive":10,"ssl":75},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://phantomwallet.cash\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 15 Apr 2026 22:33:37 GMT\r\nexpires: Thu, 15 Apr 2027 22:33:37 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 247281\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-08T23:14:00.082446Z","times_seen":206497,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":113,"dns":0,"connect":20,"send":0,"wait":8,"receive":7,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantomwallet.cash/favicon.ico","fqdn":"phantomwallet.cash","domain":"phantomwallet.cash","tld":"cash"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantomwallet.cash","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 03:03:43 GMT","end":"Mon, 29 Jun 2026 03:03:42 GMT"},"fingerprint":{"sha1":"36:D5:48:3B:12:59:4E:D7:9B:F8:93:66:F0:29:16:02:8A:21:58:C6","sha256":"E8:11:D5:43:3E:B9:92:07:14:C6:A4:2B:2C:E9:EA:BC:2B:3E:08:86:EE:73:22:08:B1:2C:80:59:CC:50:85:81"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: phantomwallet.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantomwallet.cash/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 3401\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sat, 18 Apr 2026 19:14:58 GMT\r\netag: W/\"d49-198ec34e7f8\"\r\nlast-modified: Wed, 27 Aug 2025 15:45:47 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: a416fa44dd0ea04c2a1922aa827531ff\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":3401,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1432)","md5":"0a72e43f353485ce53dfc7daf758dd10","sha1":"092f56a146fddb40286b14dcbeb0f62141196ca3","sha256":"ac4e96f703c5b24d4d951562e2d12a60890fcd919904d9f85d2514ff80209ad1","sha512":"8148da7bf4f94f04b1a673cda8576a23b5b3613f8aead9724a693b81588a7f1fc33de3342dd92bd11be01160dcadf9861278aeff638c0b1bc5631f53588ea231","ssdeep":"","tlshash":"6e6110cb8d9a4c777022a03978e5fe160427a44f46e9c890b2ced587cfc67d8c863e64","first_seen":"2026-04-18T19:15:24.656234Z","last_seen":"2026-04-18T19:19:05.896138Z","times_seen":2,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":196,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"phantomwallet.cash","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Architects+Daughter\u0026family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000\u0026family=Fira+Code:wght@300..700\u0026family=Geist+Mono:wght@100..900\u0026family=Geist:wght@100..900\u0026family=IBM+Plex+Mono:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;1,100;1,200;1,300;1,400;1,500;1,600;1,700\u0026family=IBM+Plex+Sans:ital,wght@0,100..700;1,100..700\u0026family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026family=JetBrains+Mono:ital,wght@0,100..800;1,100..800\u0026family=Libre+Baskerville:ital,wght@0,400;0,700;1,400\u0026family=Lora:ital,wght@0,400..700;1,400..700\u0026family=Merriweather:ital,opsz,wght@0,18..144,300..900;1,18..144,300..900\u0026family=Montserrat:ital,wght@0,100..900;1,100..900\u0026family=Open+Sans:ital,wght@0,300..800;1,300..800\u0026family=Outfit:wght@100..900\u0026family=Oxanium:wght@200..800\u0026family=Playfair+Display:ital,wght@0,400..900;1,400..900\u0026family=Plus+Jakarta+Sans:ital,wght@0,200..800;1,200..800\u0026family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026family=Roboto+Mono:ital,wght@0,100..700;1,100..700\u0026family=Roboto:ital,wght@0,100..900;1,100..900\u0026family=Source+Code+Pro:ital,wght@0,200..900;1,200..900\u0026family=Source+Serif+4:ital,opsz,wght@0,8..60,200..900;1,8..60,200..900\u0026family=Space+Grotesk:wght@300..700\u0026family=Space+Mono:ital,wght@0,400;0,700;1,400;1,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:9D:A0:A4:A4:3B:62:A3:D0:B3:63:4B:5B:C3:1D:9B:09:43:3C:91","sha256":"DB:10:40:08:19:EF:D7:9C:5F:11:BC:78:DC:9F:81:F3:9E:A7:30:2F:1F:06:C8:C4:A4:DD:BC:C3:27:6F:2A:AA"}}},"request":{"raw":"GET /css2?family=Architects+Daughter\u0026family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000\u0026family=Fira+Code:wght@300..700\u0026family=Geist+Mono:wght@100..900\u0026family=Geist:wght@100..900\u0026family=IBM+Plex+Mono:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;1,100;1,200;1,300;1,400;1,500;1,600;1,700\u0026family=IBM+Plex+Sans:ital,wght@0,100..700;1,100..700\u0026family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026family=JetBrains+Mono:ital,wght@0,100..800;1,100..800\u0026family=Libre+Baskerville:ital,wght@0,400;0,700;1,400\u0026family=Lora:ital,wght@0,400..700;1,400..700\u0026family=Merriweather:ital,opsz,wght@0,18..144,300..900;1,18..144,300..900\u0026family=Montserrat:ital,wght@0,100..900;1,100..900\u0026family=Open+Sans:ital,wght@0,300..800;1,300..800\u0026family=Outfit:wght@100..900\u0026family=Oxanium:wght@200..800\u0026family=Playfair+Display:ital,wght@0,400..900;1,400..900\u0026family=Plus+Jakarta+Sans:ital,wght@0,200..800;1,200..800\u0026family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026family=Roboto+Mono:ital,wght@0,100..700;1,100..700\u0026family=Roboto:ital,wght@0,100..900;1,100..900\u0026family=Source+Code+Pro:ital,wght@0,200..900;1,200..900\u0026family=Source+Serif+4:ital,opsz,wght@0,8..60,200..900;1,8..60,200..900\u0026family=Space+Grotesk:wght@300..700\u0026family=Space+Mono:ital,wght@0,400;0,700;1,400;1,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantomwallet.cash/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 18 Apr 2026 19:14:58 GMT\r\ndate: Sat, 18 Apr 2026 19:14:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":144073,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"740eff5976ec5a7e25e3f9b01b1a637d","sha1":"69d18774433f2bc57102d8eff453e9e1f17e1304","sha256":"a98bedda5f431e420164188a09f11b4e42a514388f14a35426554fe6ffdc598e","sha512":"946fb22e81bae4341735ab6780ae2ff2eb44a23f296cd402875e71e1e38951a0bcb3add6e74dba013c6f6f54f69f327a32969dcc7a30bc45004373f3b9664e72","ssdeep":"768:CHFCevmEAr+gCS5xFJNGo6n3wafwe0utoEA3mknCiFyg2UfIUk+H00YNRYj7V3Et:xVXPNo6mACNqHvDyWNpQ9","tlshash":"fce31e91042b9004eb831cc233cfbe36ee4ea2657444d579affe1d99ac9bc265364b1d","first_seen":"2026-02-20T03:22:56.053146Z","last_seen":"2026-05-12T22:57:26.546803Z","times_seen":296,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":142,"dns":1,"connect":15,"send":0,"wait":38,"receive":0,"ssl":128},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800;900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantomwallet.cash/","date":"2026-04-18T19:14:58.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:9D:A0:A4:A4:3B:62:A3:D0:B3:63:4B:5B:C3:1D:9B:09:43:3C:91","sha256":"DB:10:40:08:19:EF:D7:9C:5F:11:BC:78:DC:9F:81:F3:9E:A7:30:2F:1F:06:C8:C4:A4:DD:BC:C3:27:6F:2A:AA"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;600;700;800;900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantomwallet.cash/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 18 Apr 2026 19:14:58 GMT\r\ndate: Sat, 18 Apr 2026 19:14:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17689,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"30e76aaeae29f594433bc728a08b4d8f","sha1":"ac1b677b4d702295e7802802376ddd8c84acbc13","sha256":"395e51e3dc84faf99710da8cf316e573703addd6eb598e1b334eff76653e820d","sha512":"93b1661d34210abbdb2c6cca46bb229254b615ba07c05dbcadb65199b9d1e61e18dbb4302236e89188ddc34be20528f503f6140358f82385b1f0e621f93ec4d8","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kV:8KYXuM0p2+g7GQK","tlshash":"b1828892002ba400ab971dc233cf7f3aaece10896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-11T05:09:40.151737Z","last_seen":"2026-06-08T23:03:29.913348Z","times_seen":4204,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}