{"report_id":"d8e4f7f0-bd17-4683-b652-7e12f779d4b1","version":6,"status":"done","tags":[],"date":"2026-04-20T13:29:21Z","url":{"schema":"http","addr":"tma.xxxphantom.ru/","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"tma.xxxphantom.ru/","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"title":"Ahmed Alkholy | Portfolio","dom":{"size":29577,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (376)","md5":"c5e390db67d339dc66e1f2558d8e5491","sha1":"176e7c3d0246861a947f365bb8ddb9c93808904d","sha256":"0a9fa59dc56204fcac452def89f1e9a6e3bf5e691e53a26b895f3040b9cd7b4a","sha512":"1a68fb6990d9e59954863c45cf7457eb5a80b1bae229ed45aa4c4a96e3ad6ee96c9113a97b00e7178dec7e5537537365c8826124ccddd59670fad6196f7d5967","ssdeep":"192:GG9bxWF1JyuAKbmBGedp0gomnCzJZs///sk/D/jHfa18m4y+aG0MigV7DTR/WAy/:Gsuih8sH/L7fa18xWdCS","tlshash":"d9d20e31a8f5262b0183d0d1aab2af5bafe1a60bda2b560576fd0bc55fd3d42cc1311d","dom_hash":"domhashd00e630ac470d4440f72bba263c877a1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tma.xxxphantom.ru/","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-25T13:29:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"tma.xxxphantom.ru","ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":44,"request_count":11,"received_data":1327777,"sent_data":4350,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ahmadalkholy.github.io","ip":{"addr":"185.199.109.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2013-03-08","domain_rank":0,"first_seen":"2026-04-20T13:29:22.159793Z","last_seen":"2026-04-20T13:29:22.159794Z","alert_count":0,"request_count":1,"received_data":11526,"sent_data":469,"comment":"","tags":null,"fingerprints":[{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"tma.xxxphantom.ru/","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"1fcc86aba14d17875eb6e5d9c14c116c","sha1":"7b80e223205d6c428d6f5e91a1a14b22b18c3737","sha256":"ef23ab4c0e8265b5a3e761782972ec6ff2277e087ccba48d950ff0b3f21be883","sha512":"fb24dec8a79dd88f0a9b9f546238fe0ab9d78b9b6ede59896759a5ebbfc61584e8c0a600de10f5bb43e7b667a371b2d83e5c0088a793306eed124729fca4b66f","ssdeep":"","tlshash":"f701c07956b2c41d12a319aaf542319dd690802fbe65dcb7b17d0dc1cf81ab06176984","size":766,"data":"","first_seen":"2026-04-20T13:29:26.811925Z","last_seen":"2026-04-20T13:29:26.811925Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"6bd43cf0ae158526c6ab93dc3be79f28","sha1":"15c289e342bd3fdf5b1e95f7abf25a2bc78bf357","sha256":"7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38","sha512":"5190eb107c27f5d655eab378cd468228aa031d088f59082f257f41d464a29fbdb23594043afe89a3f9b63ce86d91efad6c2901c816d85196389293a6a5a28521","ssdeep":"","tlshash":"df90040100513554711530d00134c3dd157df075dc4dd335754f57004040405c53c401","size":40,"data":"","first_seen":"2023-03-07T01:02:07Z","last_seen":"2026-04-20T15:51:02.524688Z","times_seen":21077,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"c92a10324374fac681719d63979d00fe","sha1":"aee655773d856fb038536adcfd6472fc7543463e","sha256":"158a323a7ba44870f23d96f1516dd70aa48e9a72db4ebb026b0a89e212a208ab","sha512":"d27859c90f5748d3ec0ef6d4ef49c1755d6ce1ac8035cd4f7dba41b8dd7d440ad8fca164ccc948b5630ef90346ff9279e35d31887e724ab6e0284300a80eb61f","ssdeep":"","tlshash":"8430000000000000000c0000000000000000000003000000c000003000000000000c00","size":4,"data":"","first_seen":"2024-08-20T00:14:53.541497Z","last_seen":"2026-04-20T16:07:45.628412Z","times_seen":19134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"tma.xxxphantom.ru/","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-20T13:28:57.372Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: text/html\r\nLast-Modified: Thu, 29 Jan 2026 01:29:42 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"697ab806-734c\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29516,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (376)","md5":"1bbed8cd332c5386e2b41d775af33993","sha1":"122640b89c346a99c09ce2b50a7a9f8a59b2aad1","sha256":"fac3aa4e2fd841c68ddf13a39a3bccc586dbe92cc790802e6a932c1ace3519bc","sha512":"64d4e4668a080d1126f6a7597a684aa21f4cb8269a9f1c8f10baaea38d969dd9d435594724d8d4242b19a79a84baa033d9e05c02e6107e2a0e170c90e5f3fd5a","ssdeep":"192:oG9bxWdFOuAKbmBGedp0goTnCzJZs///sk/D/jHfa18m4y+aG0MigV7DTR/Wiyrs:osYFChvsH/L7fa18xWqC6","tlshash":"64d20d31a8f52627018390d1aab2af5bafe1a60bda2b560576fd0bc55fd3e42cc1311d","first_seen":"2026-04-20T13:29:26.78662Z","last_seen":"2026-04-20T13:29:26.78662Z","times_seen":1,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":30,"dns":1,"connect":32,"send":0,"wait":33,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/vendors/themify-icons/css/themify-icons.css","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.567Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/vendors/themify-icons/css/themify-icons.css HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: text/css\r\nContent-Length: 16450\r\nLast-Modified: Fri, 23 Jan 2026 23:37:54 GMT\r\nConnection: keep-alive\r\nETag: \"69740652-4042\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16450,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"237605bbbb7ed1b7c2aff752fff078b0","sha1":"477cbf835966c9e63d06865136ed01fbeeed2bd9","sha256":"fbf005e2032e2b5550a3d06190ee8dac7e5d9ed4e91513b507d15dc99319d345","sha512":"279bbdab1321fa5a7b061b1e631ec6da77cd000da0061342bea321c59bcf49ceb42ea60e6ed32aa74b05c8bd1375a713c17ef019709fd49fdf347f3459a11b7d","ssdeep":"192:hsl5yC7huMqJ5UmejPz35E3r4F5cvOAtH:YysEDy+3HvJ","tlshash":"b372dda49d0f3caa6795e0c16b447a195b0da738de822c6fd113bd3cbbd3a11d6c42d8","first_seen":"2023-04-15T22:54:17Z","last_seen":"2026-04-20T13:29:26.789713Z","times_seen":63,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/imgs/logo.webp","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.570Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/imgs/logo.webp HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: image/webp\r\nContent-Length: 9448\r\nLast-Modified: Fri, 23 Jan 2026 23:34:35 GMT\r\nConnection: keep-alive\r\nETag: \"6974058b-24e8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":9448,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"420789b6f72ca877d81574e6b94408a0","sha1":"243826b72b2f386b03287a8af5714230b0c7d814","sha256":"e596ad910b9b966d999a5efecca6a04711fc9cde3b9ed0a9faece91cbe677fbb","sha512":"8b31ff67ffdf4911deda0da5003884ef6556cf362a780fc7e3c33e0a224b5fe9e300156818a67ab193ca15ddbd1da6bc4d9e098aa6cf42f4e1cb7382aab0663a","ssdeep":"192:XwHMWdoPHwhxrVoFZUdlyKnB5/9LO1NdFxvAW7hgzSbsREgCOcohTtuT:gDoPwhx+ZUPBHLyTvJhgznEfchB+","tlshash":"9312ae9ccef2a26addd2c7b45bcf064115236860137e7b53090425db06bef6b39621ca","first_seen":"2026-04-20T13:29:26.791206Z","last_seen":"2026-04-20T13:29:26.791206Z","times_seen":1,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":190,"dns":1,"connect":33,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/imgs/man.svg","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.571Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/imgs/man.svg HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 48394\r\nLast-Modified: Fri, 23 Jan 2026 23:34:35 GMT\r\nConnection: keep-alive\r\nETag: \"6974058b-bd0a\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":48394,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee9601abb970a5432963719b8adbdddb","sha1":"f324d2010614483850556ea95c88f9a65fce85c6","sha256":"ce3a13a56502909841ff4f08107e78e6cced25c9343c340989507fd4e5a11794","sha512":"dbec6b5c0ff4342281d71f583718fdd915843e787f511f09262a1ffef87fdf750a20ff82b96cce127c79fce8d20f9d32cabc822094d56460bca81e7789d90c2c","ssdeep":"384:saWoBAXG0e0nYFKEeDuUy5PmGLuELZNLmDfmzugnE3Xa48jXPzN:saW5HXzjahuoyms3GZ","tlshash":"5c2320a9d7e840a4609f8374bbf5360d1a5620e3271a0c86375e4832bfe8bd746777c9","first_seen":"2023-12-07T00:30:10Z","last_seen":"2026-04-20T13:29:26.793757Z","times_seen":4,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":189,"dns":0,"connect":0,"send":0,"wait":33,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/imgs/avatar.webp","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.571Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/imgs/avatar.webp HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: image/webp\r\nContent-Length: 900924\r\nLast-Modified: Fri, 23 Jan 2026 23:34:23 GMT\r\nConnection: keep-alive\r\nETag: \"6974057f-dbf3c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":900924,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"06833e6ca67b1170c3a019d84ad341d1","sha1":"704cae57f48bb564347f2052e66592b4ec1509ee","sha256":"40f47953a5760d04212f066db6d8ec480098511c2e671dafa5d7a8887fac8eff","sha512":"7c58e7c175bafd7b02e511cef83e97a3f5094dafe45ed332123babe1bcb3f2e9bddaef520fed5f6d2f504de7261f95c0e685968c3b2e2ec505859c64f47c01bd","ssdeep":"24576:PmlbtVN++O5MyCTmje8T5CeffE1DHsAHY67SSCX8d+XjN:PmlvwP5aF8TNMVHsEdkj","tlshash":"3615337c3e958e2de3b723fc42ed09510a7b9362c13f55d8c09e96c62b5b3a2d468486","first_seen":"2026-04-20T13:29:26.79633Z","last_seen":"2026-04-20T13:29:26.79633Z","times_seen":1,"resource_available":false,"data":null}},"time_used":658,"timings":{"blocked":188,"dns":1,"connect":35,"send":0,"wait":36,"receive":239,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ahmadalkholy.github.io/Javascript-Chess-Game/img/share.jpeg","fqdn":"ahmadalkholy.github.io","domain":"ahmadalkholy.github.io","tld":"github.io"},"ip":{"addr":"185.199.109.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 23:32:36 GMT","end":"Sun, 05 Jul 2026 23:32:35 GMT"},"fingerprint":{"sha1":"18:DE:96:E8:3D:99:B2:8A:0C:D1:0C:48:78:BD:6A:14:6A:05:25:60","sha256":"EA:69:BC:71:1C:B9:D4:56:98:D2:FD:AA:48:54:D7:DC:08:6A:CD:3A:9C:35:01:64:90:9B:68:8A:C7:C0:63:1F"}}},"request":{"raw":"GET /Javascript-Chess-Game/img/share.jpeg HTTP/1.1\r\nHost: ahmadalkholy.github.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: GitHub.com\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 12 Jul 2024 00:33:53 GMT\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31556952\r\netag: \"669079f1-2a61\"\r\nexpires: Mon, 20 Apr 2026 13:38:57 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: MISS\r\nx-github-request-id: 5250:12888F:5345EC7:541189D:69E62A19\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Mon, 20 Apr 2026 13:28:57 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410022-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1776691738.685438,VS0,VE149\r\nvary: Accept-Encoding\r\nx-fastly-request-id: 82484cb7932b0c5e9eec25bb54331eb7b9389a96\r\ncontent-length: 10849\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]}],"data":{"size":10849,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x234, components 3","md5":"b203db699403fc2822db22390cb91682","sha1":"9d5f66ac53957423479ad42dff80b297f3c0e8be","sha256":"95ec4981bbbc965cb6461a7768f48292f39587f017cedc46d2fa5688df453d50","sha512":"316064e249abab02f8e8dadf6ba713d5f348bd42da22806f80d88b7a459382a55aa0d8a90e61285ba4671aa4828c9b47e0bae73d8b814d65a759cb64f3e015a6","ssdeep":"192:LlWpdSLFUqga3mBoNbbRuHCYtFbc2vXZ3MfOlgR9S97LIsk14UZuBxd7Lzt:BqNqga3miTuHCYtquXZcfU97L+14UZuP","tlshash":"4822af2a9f537a11d7249536909d173267a4a2c1300657f3a54bda6cf0b2ef7c9d3338","first_seen":"2026-04-20T13:29:26.798709Z","last_seen":"2026-04-20T13:29:26.798709Z","times_seen":1,"resource_available":false,"data":null}},"time_used":375,"timings":{"blocked":94,"dns":41,"connect":26,"send":0,"wait":175,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/imgs/poemchecker.webp","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.575Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/imgs/poemchecker.webp HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: image/webp\r\nContent-Length: 5216\r\nLast-Modified: Tue, 27 Jan 2026 21:31:19 GMT\r\nConnection: keep-alive\r\nETag: \"69792ea7-1460\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":5216,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 513x369, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9546e075cb76cfb1bd262287e43e76a1","sha1":"c1d743b9d53533c617ec1a77a5760399d8066e37","sha256":"71aaece9d27d4b2e49910a7e206e85b966b3a01d7791eb1c30d47650663977b3","sha512":"b541e5e1a26d3c8dab2e993522826f76f80283e98216c2403e4e7403dab211dbbac511be6aa1b4ed552b1be6317d7a5ffd3467f1cc8dbc4213fdba396f469ea3","ssdeep":"96:8o7NV5/bCam1btD8fwo69Q/HfmCLTWRmYgeQBXv5AZBREAJbbJrCstzAvk:8s5/gdR8r6mmCLeRmf5AZBRvB1ustd","tlshash":"5eb17d46f500dd4ae0b5f26423950219e81a527de85253aa8cf38c0676f54d67fd2b8c","first_seen":"2026-04-20T13:29:26.801843Z","last_seen":"2026-04-20T13:29:26.801843Z","times_seen":1,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":185,"dns":1,"connect":34,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/imgs/ec.webp","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.573Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/imgs/ec.webp HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: image/webp\r\nContent-Length: 7728\r\nLast-Modified: Tue, 27 Jan 2026 21:33:18 GMT\r\nConnection: keep-alive\r\nETag: \"69792f1e-1e30\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":7728,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 400x203, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d06efa7365211c8029399b5073514965","sha1":"0ab8d90d2a7dcdb74fb2bd783e572814ce8fba52","sha256":"5a39a67d9877cb71775ad36fc0329d3ebd28bda7c1e3c9026d396710ff2aa2f2","sha512":"4201121b0e7de98f9c28eb97ccd1d54048459dce0325d516c3a86aa49de3459e9039a403b915aa0e83ff02853664a7411a90d6261793318e08d82e848635bad1","ssdeep":"192:wHMD0nyi6wyP3xFtfv1TaQ8Oas9SeXmKTo7I0NfIzb0ClIFJdUrA4Sq79MS:wSQiBzrT1LIKTok0iDgdFnBS","tlshash":"7bf1ae37b13884c75d0e4986ace1deb487ddebabb3790e720b6582d96103e247c481a5","first_seen":"2026-04-20T13:29:26.804571Z","last_seen":"2026-04-20T13:29:26.804571Z","times_seen":1,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":186,"dns":1,"connect":33,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tma.xxxphantom.ru/","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-20T13:28:57.234Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T15:59:59.186893Z","times_seen":13981133,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":43,"connect":35,"send":0,"wait":0,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/css/steller.css","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.569Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/css/steller.css HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: text/css\r\nContent-Length: 242029\r\nLast-Modified: Fri, 23 Jan 2026 23:34:20 GMT\r\nConnection: keep-alive\r\nETag: \"6974057c-3b16d\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":242029,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (566)","md5":"fa1f353114f678432054492a7e11e262","sha1":"8a9d6985bd83d82f3a001d34d74814462594b78b","sha256":"96333a8de8b6da4e64db6da0e502e4f03c26dc7ee92a4be07f2e2f690c04dd7e","sha512":"0981280f03a99fe3012f651f6c26eec8b6980fb9956e50d509e7f219700086bc9aef6e2de56dae29a1a2443eaa051b512ac362923303202823570af77cba7bb1","ssdeep":"1536:qDyc9lspDfzTeUeDLcXIBZx4NeASzja+QTzN58zY0wBK3nb/zDL4iDF4Vw4Voxjq:m5+TeUeDLJFwBMb/zDL4iDF4VbD","tlshash":"b234862abdf11504301b895c16cabbf57b7d8053c60aeef679df2524cf4abc14ca2989","first_seen":"2023-12-07T00:30:10Z","last_seen":"2026-04-20T13:29:26.808604Z","times_seen":5,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":24,"dns":0,"connect":33,"send":0,"wait":32,"receive":135,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/vendors/themify-icons/fonts/themify.woff?-fvbane","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:57.934Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/vendors/themify-icons/fonts/themify.woff?-fvbane HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/assets/vendors/themify-icons/css/themify-icons.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:57 GMT\r\nContent-Type: font/woff\r\nContent-Length: 56108\r\nLast-Modified: Fri, 23 Jan 2026 23:37:51 GMT\r\nConnection: keep-alive\r\nETag: \"6974064f-db2c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":56108,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, CFF, length 56108, version 1.0","md5":"a1ecc3b826d01251edddf29c3e4e1e97","sha1":"9394f35bd2addd24666b79bfc36d4f9d247cb01d","sha256":"0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7","sha512":"2329063d667b5480a2862fe4e11154b4dabf3b8782fd67be79ebfe55bfda96e28e70f8f438f73c7ef9901afcb16370897c3022c8b649a33cb74459c610cca00a","ssdeep":"768:tImTAHYFg71fAWsOKi5qSy5LBaK+mn2noN5IO3RCtebWA8ipCWUa:GmTp0gpBpv2a58oSA81","tlshash":"244328747f6a5b2bde839db9fe850e5160f098c61f43f123c09e98522c7b7a88979143","first_seen":"2023-04-05T04:30:11Z","last_seen":"2026-04-20T16:16:57.763432Z","times_seen":26269,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tma.xxxphantom.ru/assets/imgs/logo.webp","fqdn":"tma.xxxphantom.ru","domain":"xxxphantom.ru","tld":"ru"},"ip":{"addr":"161.35.29.74","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://tma.xxxphantom.ru/","date":"2026-04-20T13:28:58.061Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/imgs/logo.webp HTTP/1.1\r\nHost: tma.xxxphantom.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tma.xxxphantom.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Mon, 20 Apr 2026 13:28:58 GMT\r\nContent-Type: image/webp\r\nContent-Length: 9448\r\nLast-Modified: Fri, 23 Jan 2026 23:34:35 GMT\r\nConnection: keep-alive\r\nETag: \"6974058b-24e8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":9448,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"420789b6f72ca877d81574e6b94408a0","sha1":"243826b72b2f386b03287a8af5714230b0c7d814","sha256":"e596ad910b9b966d999a5efecca6a04711fc9cde3b9ed0a9faece91cbe677fbb","sha512":"8b31ff67ffdf4911deda0da5003884ef6556cf362a780fc7e3c33e0a224b5fe9e300156818a67ab193ca15ddbd1da6bc4d9e098aa6cf42f4e1cb7382aab0663a","ssdeep":"192:XwHMWdoPHwhxrVoFZUdlyKnB5/9LO1NdFxvAW7hgzSbsREgCOcohTtuT:gDoPwhx+ZUPBHLyTvJhgznEfchB+","tlshash":"9312ae9ccef2a26addd2c7b45bcf064115236860137e7b53090425db06bef6b39621ca","first_seen":"2026-04-20T13:29:26.791206Z","last_seen":"2026-04-20T13:29:26.791206Z","times_seen":1,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"tma.xxxphantom.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}