{"report_id":"cf2184a1-9dbd-482e-a8b4-a9b08084eb77","version":6,"status":"done","tags":[],"date":"2026-04-11T17:46:12Z","url":{"schema":"https","addr":"phantom-wallet.to/","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":0,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"phantom-wallet.to/","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"title":"Phantom Wallet: Secure Multichain Crypto Wallet for Solana, Ethereum, and NFTs — Phantom Wallet","dom":{"size":96200,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5767)","md5":"16abb60bca91ef48241ad79d39d48db6","sha1":"453bc9c6fc5d735a1e747e2e18afa6b78c08b971","sha256":"66a3ab1f9796db1aa79b5cc24c143f0443c15c47d579f9b0967139dd4d8582e3","sha512":"26162510d01f0a1db46c04287b893697c8ecc00d85c31ade1010ef61c9277db442636f5b3c8bca9f5760d8f4122650112f1c8c7571bfda6575b6e0fbc94611eb","ssdeep":"1536:e7jWeo02ORjRJOkCB031T1d+EPbjrqSa3x7RyUmzR7J7DVLTQo/C9XUcgtWagRxw:e/jqtBb8bTrm6H3","tlshash":"db93c732f1f4153741a342dbbb662b3a6e6ae047d24d144872bc076c9fd6d42a87332e","dom_hash":"domhash834a5f649caa45c25bf228b6bfbacc0e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"phantom-wallet.to/","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":0,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-16T17:46:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"phantom-wallet.to","ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":15,"request_count":5,"received_data":145401,"sent_data":2225,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-05T22:20:18.514512Z","alert_count":0,"request_count":1,"received_data":25972,"sent_data":561,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.coingecko.com","ip":{"addr":"104.20.41.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-03-26","domain_rank":442226,"first_seen":"2018-05-18T12:16:11Z","last_seen":"2026-04-03T21:33:28.502425Z","alert_count":0,"request_count":1,"received_data":1718,"sent_data":577,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"phantom-wallet.to/","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"eaeefbf2ba96464cec53f27d628874d7","sha1":"74ec4c38d6553e08ff3b38abe5f379993fcb655f","sha256":"2bb6e161b9d74b15bd271f39be94622738d24132b9f989223e31b4b5fa476fb2","sha512":"22d4032bd1d1446049e468d7cf0235d9885e1fc3e0bda930dc650c93f03489751f198f55ef6074c32ebd22668e564e485addd74746f45080a6faca809c59959b","ssdeep":"","tlshash":"eae0721e3486103a02b3446a23f2810a15332b0ec85e4712ba5fc5969334cb1090a50c","size":309,"data":"","first_seen":"2026-04-11T17:46:16.680391Z","last_seen":"2026-05-03T22:41:38.711486Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallet.to/app.js","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c872ccc1f64471d9afa3dd086e13b39","sha1":"bb163bd12e668e1dd9da046c80169479c382c2b7","sha256":"199aeb39dd74006d6a355973380fff1d61e7f6be4082942b15af099bd4be0581","sha512":"7698b589a5fa21ed06994593d5658a2b6ced2dda176e7ee9ad671a3fbce33584d87258dee189b4f1efb82c81c8bdf1f3c8e59b3a22ca86a629e6005d65633ca0","ssdeep":"768:e9J+/jE8STyhln+kdZE4l46EUAGBFlzViFu0rHznBbHGXB6JS/v:csDTSGBFlYVgIo/v","tlshash":"ec33716526fb10374173607e5fab55023a25205baa4adc1cbe6c87cc1f89b3096f5bf8","size":54664,"data":"","first_seen":"2026-04-11T17:46:16.673459Z","last_seen":"2026-05-03T22:41:38.701621Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"phantom-wallet.to/","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-11T17:45:50.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom-wallet.to","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 15:50:14 GMT","end":"Mon, 08 Jun 2026 15:50:13 GMT"},"fingerprint":{"sha1":"56:73:4E:ED:BC:5F:56:30:A6:7F:74:7F:5E:82:21:D2:FF:3C:8F:D6","sha256":"D3:4F:DD:9D:4B:83:7A:B7:70:A3:44:2B:8F:74:3A:BF:D7:C1:40:2A:3F:69:18:1A:C0:02:A3:74:B5:09:90:4D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phantom-wallet.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.2\r\nDate: Sat, 11 Apr 2026 17:45:50 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 18784\r\nConnection: keep-alive\r\nLast-Modified: Thu, 09 Apr 2026 13:14:40 GMT\r\nETag: \"158a8-64f06cc861000-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88232,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (446)","md5":"d3c74c559982416a3b789ce2da523856","sha1":"5c7c9b357deeeb4699f108c5b2e91053c9723180","sha256":"c558af3ead414b415f38ba70432ed4bde16ac77bfe68d2af9c1feaa2684a2625","sha512":"5d7875f18d36756f181f85a94195f14650af546eca22cd76900ef258e153fee894f1671bc9e6bb3fb7c8bdb8272d20cc4aeb33606a236e3cc464da6360ecd802","ssdeep":"768:rDxCq/dCyKO/U9CRGLwDrbw1MqoKmr0xMxdgS2kKN9pbm9V0q:PyPO/UzmbcMqoKmrsMLgy2mzn","tlshash":"8983a512f6f4157742a342afbb62177a6f46e00be24d545876ac032c9fd6d82ac7331e","first_seen":"2026-04-11T17:46:16.667234Z","last_seen":"2026-05-03T22:41:38.706583Z","times_seen":3,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":169,"dns":51,"connect":58,"send":0,"wait":120,"receive":8,"ssl":64},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallet.to/styles.css","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantom-wallet.to/","date":"2026-04-11T17:45:51.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom-wallet.to","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 15:50:14 GMT","end":"Mon, 08 Jun 2026 15:50:13 GMT"},"fingerprint":{"sha1":"56:73:4E:ED:BC:5F:56:30:A6:7F:74:7F:5E:82:21:D2:FF:3C:8F:D6","sha256":"D3:4F:DD:9D:4B:83:7A:B7:70:A3:44:2B:8F:74:3A:BF:D7:C1:40:2A:3F:69:18:1A:C0:02:A3:74:B5:09:90:4D"}}},"request":{"raw":"GET /styles.css HTTP/1.1\r\nHost: phantom-wallet.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallet.to/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.2\r\nDate: Sat, 11 Apr 2026 17:45:51 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 320\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":320,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"3edd52cce6e596068c4ef37fc0ee53bb","sha1":"7fb61954b0deee02d28f64e9c07122f84376563a","sha256":"e072ff0502b0fc2c322846929dd4d2958188bdbd12ae45d77b55e1b2a33732d6","sha512":"5f7be60ef80f44e7e7f54569d7c95e8176a969d1bce69cff031b062daeb7770a9c4827bda65c6acafac060adcc3dab4a7c6020c5c49dbf48222d4b5fddf99363","ssdeep":"","tlshash":"e2e07d9ea152e38b0401b5507dd067d5364b53eb3466c2a42bc5d04351486bdcce56d9","first_seen":"2026-04-11T17:46:16.670386Z","last_seen":"2026-05-03T22:41:38.704996Z","times_seen":3,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallet.to/app.js","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phantom-wallet.to/","date":"2026-04-11T17:45:51.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom-wallet.to","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 15:50:14 GMT","end":"Mon, 08 Jun 2026 15:50:13 GMT"},"fingerprint":{"sha1":"56:73:4E:ED:BC:5F:56:30:A6:7F:74:7F:5E:82:21:D2:FF:3C:8F:D6","sha256":"D3:4F:DD:9D:4B:83:7A:B7:70:A3:44:2B:8F:74:3A:BF:D7:C1:40:2A:3F:69:18:1A:C0:02:A3:74:B5:09:90:4D"}}},"request":{"raw":"GET /app.js HTTP/1.1\r\nHost: phantom-wallet.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallet.to/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.2\r\nDate: Sat, 11 Apr 2026 17:45:51 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Thu, 09 Apr 2026 13:14:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69d7a640-d734\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55092,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (305)","md5":"4c872ccc1f64471d9afa3dd086e13b39","sha1":"bb163bd12e668e1dd9da046c80169479c382c2b7","sha256":"199aeb39dd74006d6a355973380fff1d61e7f6be4082942b15af099bd4be0581","sha512":"7698b589a5fa21ed06994593d5658a2b6ced2dda176e7ee9ad671a3fbce33584d87258dee189b4f1efb82c81c8bdf1f3c8e59b3a22ca86a629e6005d65633ca0","ssdeep":"768:e9J+/jE8STyhln+kdZE4l46EUAGBFlzViFu0rHznBbHGXB6JS/v:csDTSGBFlYVgIo/v","tlshash":"ec33716526fb10374173607e5fab55023a25205baa4adc1cbe6c87cc1f89b3096f5bf8","first_seen":"2026-04-11T17:46:16.673459Z","last_seen":"2026-05-03T22:41:38.701621Z","times_seen":3,"resource_available":true,"data":null}},"time_used":366,"timings":{"blocked":119,"dns":1,"connect":59,"send":0,"wait":117,"receive":4,"ssl":64},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallet.to/apple-touch-icon.png","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom-wallet.to/","date":"2026-04-11T17:45:51.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom-wallet.to","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 15:50:14 GMT","end":"Mon, 08 Jun 2026 15:50:13 GMT"},"fingerprint":{"sha1":"56:73:4E:ED:BC:5F:56:30:A6:7F:74:7F:5E:82:21:D2:FF:3C:8F:D6","sha256":"D3:4F:DD:9D:4B:83:7A:B7:70:A3:44:2B:8F:74:3A:BF:D7:C1:40:2A:3F:69:18:1A:C0:02:A3:74:B5:09:90:4D"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: phantom-wallet.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallet.to/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.2\r\nDate: Sat, 11 Apr 2026 17:45:51 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 320\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":320,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"3edd52cce6e596068c4ef37fc0ee53bb","sha1":"7fb61954b0deee02d28f64e9c07122f84376563a","sha256":"e072ff0502b0fc2c322846929dd4d2958188bdbd12ae45d77b55e1b2a33732d6","sha512":"5f7be60ef80f44e7e7f54569d7c95e8176a969d1bce69cff031b062daeb7770a9c4827bda65c6acafac060adcc3dab4a7c6020c5c49dbf48222d4b5fddf99363","ssdeep":"","tlshash":"e2e07d9ea152e38b0401b5507dd067d5364b53eb3466c2a42bc5d04351486bdcce56d9","first_seen":"2026-04-11T17:46:16.670386Z","last_seen":"2026-05-03T22:41:38.704996Z","times_seen":3,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phantom-wallet.to/favicon.svg","fqdn":"phantom-wallet.to","domain":"phantom-wallet.to","tld":"to"},"ip":{"addr":"178.16.52.122","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phantom-wallet.to/","date":"2026-04-11T17:45:51.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phantom-wallet.to","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 15:50:14 GMT","end":"Mon, 08 Jun 2026 15:50:13 GMT"},"fingerprint":{"sha1":"56:73:4E:ED:BC:5F:56:30:A6:7F:74:7F:5E:82:21:D2:FF:3C:8F:D6","sha256":"D3:4F:DD:9D:4B:83:7A:B7:70:A3:44:2B:8F:74:3A:BF:D7:C1:40:2A:3F:69:18:1A:C0:02:A3:74:B5:09:90:4D"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: phantom-wallet.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallet.to/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.2\r\nDate: Sat, 11 Apr 2026 17:45:51 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 320\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":320,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"3edd52cce6e596068c4ef37fc0ee53bb","sha1":"7fb61954b0deee02d28f64e9c07122f84376563a","sha256":"e072ff0502b0fc2c322846929dd4d2958188bdbd12ae45d77b55e1b2a33732d6","sha512":"5f7be60ef80f44e7e7f54569d7c95e8176a969d1bce69cff031b062daeb7770a9c4827bda65c6acafac060adcc3dab4a7c6020c5c49dbf48222d4b5fddf99363","ssdeep":"","tlshash":"e2e07d9ea152e38b0401b5507dd067d5364b53eb3466c2a42bc5d04351486bdcce56d9","first_seen":"2026-04-11T17:46:16.670386Z","last_seen":"2026-05-03T22:41:38.704996Z","times_seen":3,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"phantom-wallet.to","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800\u0026family=Space+Grotesk:wght@400;500;600;700\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phantom-wallet.to/","date":"2026-04-11T17:45:51.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:38 GMT","end":"Mon, 15 Jun 2026 08:38:37 GMT"},"fingerprint":{"sha1":"C3:E4:BE:7B:38:DD:F1:59:DC:DF:FA:8A:48:52:C7:1D:D2:BF:F7:5E","sha256":"31:F4:52:B9:AA:C3:06:E9:A3:71:DA:02:A5:63:C9:78:CC:3A:04:07:E1:B4:42:F5:DC:BF:40:0F:BE:3E:6F:9E"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;600;700;800\u0026family=Space+Grotesk:wght@400;500;600;700\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phantom-wallet.to/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 11 Apr 2026 17:45:51 GMT\r\ndate: Sat, 11 Apr 2026 17:45:51 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25286,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"31784ed02151859ea40fcb533651584e","sha1":"821efd6d2193429e2f07d33c6469bb60546b8361","sha256":"6f463797042a80dd54ad24b44c7acd77c6bde9322b6c2f58120619e99fe75a08","sha512":"d5807188f16cc30efda4ef0a85fd9aeaa6adcf4520946b3cc82412a39df57639840e2d0035d020f90e18b38afe9d0e4f2e489ce86d2274a5b1cc490d6ef44bec","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kK:8KYXuM0p2+g7rOGCDDgRt","tlshash":"95b2bc92002ba500eb971cc233cf7e3abe8e60456085d5b99ffe1c899ceec66536475d","first_seen":"2026-04-11T17:46:16.676193Z","last_seen":"2026-05-03T22:41:38.707767Z","times_seen":3,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":87,"dns":1,"connect":7,"send":0,"wait":20,"receive":0,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.coingecko.com/api/v3/simple/price?ids=bitcoin,ethereum,solana,binancecoin,ripple,cardano,avalanche-2,dogecoin\u0026vs_currencies=usd\u0026include_24hr_change=true","fqdn":"api.coingecko.com","domain":"coingecko.com","tld":"com"},"ip":{"addr":"104.20.41.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://phantom-wallet.to/","date":"2026-04-11T17:45:51.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.coingecko.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Apr 2026 17:57:17 GMT","end":"Thu, 09 Jul 2026 17:57:16 GMT"},"fingerprint":{"sha1":"0A:76:FC:A0:B4:90:2E:93:25:BB:9A:D5:01:C3:A5:38:BF:76:78:92","sha256":"14:91:25:42:87:CA:3E:E2:A5:79:BF:0B:95:61:5D:98:A3:D4:89:33:61:77:84:02:C3:BD:2E:BC:FF:4E:77:D7"}}},"request":{"raw":"GET /api/v3/simple/price?ids=bitcoin,ethereum,solana,binancecoin,ripple,cardano,avalanche-2,dogecoin\u0026vs_currencies=usd\u0026include_24hr_change=true HTTP/1.1\r\nHost: api.coingecko.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://phantom-wallet.to/\r\nOrigin: https://phantom-wallet.to\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 17:45:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, PUT, DELETE, GET, OPTIONS\r\naccess-control-expose-headers: link, per-page, total\r\naccess-control-max-age: 7200\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=30, public, must-revalidate, s-maxage=60\r\naccess-control-request-method: *\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\netag: W/\"cb0bc60501cf5e3cb3feccaaff973a3e\"\r\nx-request-id: c3f1c03c-3f5c-4f37-88f2-39b575ab6798\r\nx-runtime: 0.007687\r\nalternate-protocol: 443:npn-spdy/2\r\ncontent-security-policy-report-only: script-src https://accounts.google.com/gsi/client; frame-src https://accounts.google.com/gsi/; connect-src https://accounts.google.com/gsi/;\r\nstrict-transport-security: max-age=15724800; includeSubdomains\r\ncf-cache-status: HIT\r\ncf-ray: 9eabceb15e385696-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":499,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1056642d5046254c66d3cfb7710ac26c","sha1":"a14684da885a51af3f79954d75ce3013895e20d9","sha256":"6c27f64fc663f09aaa3752dc4e6a34d9d85b065e3597868d0c61b24a55c51180","sha512":"2c577cd6ffcb97e60580ab8681257a6f1d7b1162fa2a44f9140514bdd05fd51f03a8a94f2ebb2ebba797746815da62fb8db590576228cfb390f0ab491b0f69b8","ssdeep":"","tlshash":"e0f0b4831130c0638ca58fb34ea423a1de5f29f5cc4c430a072fdd9609c519e175b8c3","first_seen":"2026-04-11T17:46:16.678564Z","last_seen":"2026-04-11T17:46:16.678564Z","times_seen":1,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":24,"dns":4,"connect":1,"send":0,"wait":133,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}