{"report_id":"bf993ac9-97c3-44df-bf1a-8fde42c6c0b0","version":0,"status":"done","tags":[],"date":"2026-07-02T13:41:05Z","url":{"schema":"http","addr":"xamanwindowswallet.com","fqdn":"xamanwindowswallet.com","domain":"xamanwindowswallet.com","tld":"com"},"ip":{"addr":"91.92.241.250","port":0,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"final":{"url":{"schema":"https","addr":"xamanwindowswallet.com/","fqdn":"xamanwindowswallet.com","domain":"xamanwindowswallet.com","tld":"com"},"title":"Xaman Desktop - Secure XRP Wallet for Your Computer","dom":{"size":812960,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"71d75e52c98fb0cd833de4ba3c2f513b","sha1":"a22d747ecfa768e56e3ff4ef4e5c6b010d6b5617","sha256":"5a3b10125a984cdd2d0db17d8eb7c45fca8d63053259543cf812c4703c54466c","sha512":"7aea5321db443323b8c953e82276fae0a187abf0f26e604d36a69efddfa5fee468e71284f3e7fd93f1ab30680db99dca770e191674f85fef406cc17cd886511a","ssdeep":"12288:3O1pz6q2kJfc3LVBktvA2V/ZiVaNozPr7AAx/lqW9okhAwim:6X2kAmA2uPnAAlltAwim","tlshash":"f905e01675bb516a2d1732b963ee214d7624e083cc1fde94becd0060cf827b5a8eb758","dom_hash":"domhashefc7bd70ae6bb1e1182141c1c1558fed","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xamanwindowswallet.com","fqdn":"xamanwindowswallet.com","domain":"xamanwindowswallet.com","tld":"com"},"ip":{"addr":"91.92.241.250","port":0,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-06T13:41:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"xamanwindowswallet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"xamanwindowswallet.com","ip":{"addr":"91.92.241.250","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"domain_registered":"2026-06-20","domain_rank":0,"first_seen":"2026-07-02T13:41:05.842129Z","last_seen":"2026-07-02T13:41:05.842129Z","alert_count":5,"request_count":1,"received_data":827019,"sent_data":491,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.31.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xamanwindowswallet.com/","fqdn":"xamanwindowswallet.com","domain":"xamanwindowswallet.com","tld":"com"},"ip":{"addr":"91.92.241.250","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"introduction_type":"scriptElement","is_inline":true,"md5":"9b1a7fa346d2eafed8ee711c8b286772","sha1":"3a99d7765a6cff98fdec7290b63254e4e25bc9da","sha256":"6d1ca309d7a1b9fd2e73b2fafcf35b73721fb94741f4502623accd0cef4752e2","sha512":"9b8956fb0300044509b16ff4a32e610fbeecd6573d550574c5c9757390d2deb660b21e840962a3f713870086f9fc25a8a7bed88b102b15acead5d261f28a9b1d","ssdeep":"","tlshash":"c5316a1252b322663c4bb0bd5fbbd84d763a400bd8095450788e918c5f70b6509f37cc","size":1717,"data":"","first_seen":"2026-06-17T18:20:20.998525Z","last_seen":"2026-07-02T13:41:08.655254Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xamanwindowswallet.com/","fqdn":"xamanwindowswallet.com","domain":"xamanwindowswallet.com","tld":"com"},"ip":{"addr":"91.92.241.250","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"introduction_type":"scriptElement","is_inline":true,"md5":"7fb60e2fbf3b1ec1d43ab301b0664af3","sha1":"4e57d95d75015852c10fd1221fbebb6c911e57d0","sha256":"0e9b9db6238562e9c699b253c8255c0b706e63e9dbe8d3fc2989095670b6aaad","sha512":"3d79948edae90812f451f365262cf260ca0db725503d90d3b775bbaee49890d27d1d291b2993bab55327207d7f6abfa108d6163a44fd0feb143c937d7e0473a2","ssdeep":"","tlshash":"1a011289fc42b076a6963228723bfa07516312251894a83359fdc36fef32d87811368c","size":838,"data":"","first_seen":"2026-06-19T05:44:45.453273Z","last_seen":"2026-07-02T13:41:08.658321Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xamanwindowswallet.com/","fqdn":"xamanwindowswallet.com","domain":"xamanwindowswallet.com","tld":"com"},"ip":{"addr":"91.92.241.250","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T13:40:40.933Z","timestamp":1782999640933,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xamanwindowswallet.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Jun 2026 08:58:59 GMT","end":"Fri, 18 Sep 2026 08:58:58 GMT"},"fingerprint":{"sha1":"56:FF:AE:27:FB:6D:A8:01:D9:EE:18:44:B1:2F:B9:6A:21:E5:10:CB","sha256":"11:03:52:6F:38:A0:C0:79:0E:BE:A7:03:A9:43:24:BD:89:90:DA:90:16:CC:FF:CE:EB:7A:96:AE:ED:63:62:01"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xamanwindowswallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: zstd\r\ncontent-type: text/html\r\ndate: Thu, 02 Jul 2026 13:40:41 GMT\r\netag: \"6a32b2d1-c9d7f\"\r\nlast-modified: Wed, 17 Jun 2026 14:44:33 GMT\r\nserver: nginx/1.31.1\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx:1.31.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":826751,"size_decoded":619844,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"fb7be9012c943d8b76513f34dc60adc6","sha1":"38081c080a66ee7ab2a5fff141d032e5d989c629","sha256":"5652c62f1e917d58145d20df2ab6543b29123e641b3d8842c34c5e821357752c","sha512":"d1fb937d2af6390130603bb5cb71015a256e248a9c43967724b14cabe0ce3a6703e20ade8b8db6cba0a3dc1bc8d21638a67c2b5b217645a47195e77f99acef12","ssdeep":"12288:PO5pz6q2kJfc3LVBktvA2V/ZiVaNozPrqAAx/lqW9okhAw1o:8X2kAmA2uPOAAlltAw1o","tlshash":"8a05e11675bb51a92d1732b963ee214d7624e083cc1fde58becd0060cf867b4a8eb758","first_seen":"2026-06-19T05:44:45.448352Z","last_seen":"2026-07-02T13:41:08.651103Z","times_seen":3,"resource_available":true,"data":null}},"time_used":364,"timings":{"blocked":-1,"dns":84,"connect":59,"send":0,"wait":62,"receive":0,"ssl":159},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"xamanwindowswallet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"xamanwindowswallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}
