{"report_id":"d071510e-6d88-41b1-a1cb-bb9e7f5f7a98","version":6,"status":"done","tags":[],"date":"2026-03-31T13:50:05Z","url":{"schema":"http","addr":"phamtom.lol","fqdn":"phamtom.lol","domain":"phamtom.lol","tld":"lol"},"ip":{"addr":"104.21.53.39","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"phamtom.lol/","fqdn":"phamtom.lol","domain":"phamtom.lol","tld":"lol"},"title":"Sandbox","dom":{"size":19929,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (467)","md5":"32045b9b2e3d0c5fa4da6791d521280e","sha1":"45947bfa6f78eeaf79cb99e9f420193aa6c1f2e8","sha256":"3b3e5086a3c6f9e99da23725affca0e23e12573b2ad13233c38e5ddb9f602e49","sha512":"7a3ed3ba43edf9001950ebf4766c421627fa5db1227ca0b39ece8225794b7053f0edda757c014844cc715e1bc2876f1c0468b6b861feb34d72adb326017a0931","ssdeep":"384:N06emdFUV8QfG/yDZGH3Li0vAfYBCxBCxb9TYVoe50CWS9sVsagnPX6RFbpMroz1:a6e6FUV8Va8GCBgBekPCQroB","tlshash":"2e92b780b1be2576817747ba5a6b464d7110e043740bccccfe7d57e44faa98ab12ee8c","dom_hash":"domhash1e4c0961c6da8bf2619f3e5599dc7002","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"phamtom.lol","fqdn":"phamtom.lol","domain":"phamtom.lol","tld":"lol"},"ip":{"addr":"104.21.53.39","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-05T13:50:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"phamtom.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"phamtom.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"phamtom.lol","ip":{"addr":"172.67.208.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-10","domain_rank":0,"first_seen":"2026-03-31T13:50:06.047699Z","last_seen":"2026-03-31T13:50:06.047699Z","alert_count":4,"request_count":2,"received_data":39954,"sent_data":878,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"phamtom.lol/","fqdn":"phamtom.lol","domain":"phamtom.lol","tld":"lol"},"ip":{"addr":"172.67.208.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"503bd67eb9b8a4720902e4bf44d16d15","sha1":"7ee2d13874c1ec4d4f5985e84a33645fd6f1e7e3","sha256":"ee89c5fef9ece05aa4ff3dd3f41dede20896e53ba699acf108bf9cfbd417b3af","sha512":"ffd39404c7e7fce46280d2a5a27369888f6d60516e029ddd44a027ead96086babd684907a015d32d345928803650aae62326c1e93f5566d7244a400ab76fa244","ssdeep":"384:vfG/yDZGH3Li0vAfYBCxBCxb9TYVoe50CWS9sVsagnPX6RFbpMroz6B:Wa8GCBgBekPCQro4","tlshash":"56629580b1fe297581a707bd976f55186210a043380eccdcbd6c97a44fbaa4a716ff9c","size":15316,"data":"","first_seen":"2026-03-31T13:50:08.34829Z","last_seen":"2026-03-31T13:55:33.711207Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"phamtom.lol/","fqdn":"phamtom.lol","domain":"phamtom.lol","tld":"lol"},"ip":{"addr":"172.67.208.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-31T13:49:43.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phamtom.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 18:20:46 GMT","end":"Mon, 08 Jun 2026 18:20:45 GMT"},"fingerprint":{"sha1":"F6:E2:16:17:D3:E2:67:6D:6A:E9:19:6D:4D:D4:73:49:CF:DD:78:E4","sha256":"B6:2F:4B:9E:31:FF:35:7C:D8:4F:18:19:86:E1:0A:D3:C6:A2:F8:F0:98:22:12:4E:BD:90:E2:FB:74:A1:AF:40"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phamtom.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 31 Mar 2026 13:49:55 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: DENY, SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: camera=(), microphone=(), geolocation=()\r\ncache-control: no-store, no-cache, must-revalidate, private\r\npragma: no-cache\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aWURT7%2FdyfvdlGF2EM1kR7yIPSyIch9D0gdu98U0QWE0Lya0BFHwHSDoCijnXhTS9C%2FMD%2B8AF74ZZrz0F6S6aM63yCuM4ZMGe8MGoju8fdRMXpxJ0L5lxZGTL8ee1w%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9e4fd1acb81a0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19034,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5f8928900add2ce091ae9f98ced3aa27","sha1":"f65d2cf41d944ef5b1cc5d4245d74960fccd085b","sha256":"05d62bad80ac079ecf8fd3fff75299b1506ab7ca9c3b5b300806b045ccb0de37","sha512":"04a60c15d19c3a21c10213222cbce4e8b2311c06569178972a9218d197eeefc904de3e0de313860a49e49aaef6b32d1f9cbc47303081f63d34d4c1c8e69b47b0","ssdeep":"384:B06emdFUUT7fG/yDZGH3Li0vAfYBCxBCxb9TYVoe50CWS9sVsagnPX6RFbpMrozj:e6e6FUUTCa8GCBgBekPCQroP","tlshash":"df82a580b1bf287581b347be5a6b564d7110e043740ac8ccfe6d57a44faa98b716ee8c","first_seen":"2026-03-31T13:50:08.347353Z","last_seen":"2026-03-31T13:55:33.710169Z","times_seen":2,"resource_available":true,"data":null}},"time_used":11391,"timings":{"blocked":76,"dns":54,"connect":1,"send":0,"wait":11239,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"phamtom.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"phamtom.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phamtom.lol/favicon.ico","fqdn":"phamtom.lol","domain":"phamtom.lol","tld":"lol"},"ip":{"addr":"172.67.208.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phamtom.lol/","date":"2026-03-31T13:49:55.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phamtom.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 18:20:46 GMT","end":"Mon, 08 Jun 2026 18:20:45 GMT"},"fingerprint":{"sha1":"F6:E2:16:17:D3:E2:67:6D:6A:E9:19:6D:4D:D4:73:49:CF:DD:78:E4","sha256":"B6:2F:4B:9E:31:FF:35:7C:D8:4F:18:19:86:E1:0A:D3:C6:A2:F8:F0:98:22:12:4E:BD:90:E2:FB:74:A1:AF:40"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: phamtom.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 31 Mar 2026 13:49:55 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: accept-encoding\r\npriority: u=6,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: DENY, SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: camera=(), microphone=(), geolocation=()\r\ncache-control: no-store, no-cache, must-revalidate, private\r\npragma: no-cache\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\ncontent-encoding: br\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y1ltioesNd3veKQj6uFvY9%2FkOoybe1tWRcN4wOX8mxsst%2BnOpI19d6EqE%2B0KzCqNyXzHX0mrvtGHp3wW9qk9Bdj6UDZrqxrgRCzKFsQ2XQ6VrtDD40gsWrRemrRsMA%3D%3D\"}]}\r\ncf-ray: 9e4fd1f47bba5696-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19034,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5f8928900add2ce091ae9f98ced3aa27","sha1":"f65d2cf41d944ef5b1cc5d4245d74960fccd085b","sha256":"05d62bad80ac079ecf8fd3fff75299b1506ab7ca9c3b5b300806b045ccb0de37","sha512":"04a60c15d19c3a21c10213222cbce4e8b2311c06569178972a9218d197eeefc904de3e0de313860a49e49aaef6b32d1f9cbc47303081f63d34d4c1c8e69b47b0","ssdeep":"384:B06emdFUUT7fG/yDZGH3Li0vAfYBCxBCxb9TYVoe50CWS9sVsagnPX6RFbpMrozj:e6e6FUUTCa8GCBgBekPCQroP","tlshash":"df82a580b1bf287581b347be5a6b564d7110e043740ac8ccfe6d57a44faa98b716ee8c","first_seen":"2026-03-31T13:50:08.347353Z","last_seen":"2026-03-31T13:55:33.710169Z","times_seen":2,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"phamtom.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"phamtom.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}