{"report_id":"1dd04481-0669-4dfd-89fd-a2d4acf380e8","version":0,"status":"done","tags":[],"date":"2026-06-28T10:13:07Z","url":{"schema":"http","addr":"paytrustwallet.zya.me","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"paytrustwallet.zya.me/?i=1","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"title":"Transfer Trust Wallet","dom":{"size":5575,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"004436a8283407682549e34e4b7d64fc","sha1":"5363015c1c34d8376be23bc23aa51c418594ac13","sha256":"10c648420fdd28555d2b0d45511874e4c5013c3cf4793ed84241f57bcb7bd4cc","sha512":"b9496ca15657aab1d8ca3f7bc79e510dd870a40237fb3ec8f3fc4b99a3c21e9107334934958e65782e4f105928ee829e038cd7e288bd470952fb371fe6eabac5","ssdeep":"96:3dvWqO3uuau9WCWaJ9mkow/LqA36ReBL2hBOdkKEBsuXDXOqVO4MP5tD0:3dvWq8uuau9WCWaJAkow/LXQje5tD0","tlshash":"1cb1a565f4e21aaa7043c2f66ae2b52fbea4e607c10f994c71dc91d52fc7c698d93104","dom_hash":"domhash6354f2e9a4a1b86cae34eae252fc1253","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"paytrustwallet.zya.me","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-02T10:13:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-28","alert":"Detects file containing Telegram Bot API","trigger":"paytrustwallet.zya.me/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"aeonfree.com","ip":{"addr":"172.67.189.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-06-03","domain_rank":1525157,"first_seen":"2019-06-07T14:13:59Z","last_seen":"2026-06-23T01:46:49.873325Z","alert_count":0,"request_count":2,"received_data":1394,"sent_data":1077,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}]},{"fqdn":"paytrustwallet.zya.me","ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-09-01","domain_rank":0,"first_seen":"2026-06-28T10:13:07.217799Z","last_seen":"2026-06-28T10:13:07.217799Z","alert_count":21,"request_count":10,"received_data":248773,"sent_data":5300,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-06-21T22:46:13.623663Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":492,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"paytrustwallet.zya.me/aes.js","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc66e046447092c606f2587837f96874","sha1":"fcf354a8044f494ee1f9fe868dde3f570f50e593","sha256":"5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96","sha512":"51cd149b2876e90621afc579fb172e253548a851d4c202181e1faba812f5beb1ae9ccf9f153137f60c569e05a79dcb272176e0126eceac54316208d2699a689f","ssdeep":"192:4hsoEj776Bn/tnHcgaollys/6+EgH3JLg7oLu0MyMVu:i50/3xoGs/jE839g2FB1","tlshash":"355200c203894a7cf2c92ed68c2f605620f3e54a3d251249efb399dbbc77d895075a36","size":13733,"data":"","first_seen":"2023-10-15T19:29:47Z","last_seen":"2026-06-29T16:30:49.903946Z","times_seen":7837,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/?i=1","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"76244d8526da359429886b03a7ada498","sha1":"90415cd87cc2f928fc8e16b7740dfb09f7e5bc10","sha256":"3f699786f5f750c5ee9696bce7941003b51f5e5628b55aa6ca59917195d8b490","sha512":"3ba24210155df81c4378587bf70fa4a66f8eb44e60d01deca3b32a8ccdd092d350a1fd870334d90469b750c2fc86822743811cba384e7baa95635291061c3adb","ssdeep":"","tlshash":"dcc0125970206966048e787d4ccf088ebe268412a20849c999dcd8547fb1e6c42e484c","size":184,"data":"","first_seen":"2023-09-20T06:28:52Z","last_seen":"2026-06-29T00:34:58.504001Z","times_seen":1863,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/?i=1","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"639e563f46a2e6329b7dadff938417bb","sha1":"b2ec4c92270e894617e4c17b0b502e9b603c8573","sha256":"84d225b5d74e09eefdcafc698dbc522d97026553ba45a6debaf88f89f401b6cd","sha512":"462932cb0512388bae6679551c09bbaa71ec9d7d788a085861ca91496d6171e2e3c0681868608e12d478d7a2d463d9ddb2edcd148cd78cfa5e809807a1bf5ec0","ssdeep":"","tlshash":"1ba012b0002035003b909056125c3358f0b9413a044854513050402f440261e40d4cd7","size":85,"data":"","first_seen":"2026-06-17T18:04:22.542232Z","last_seen":"2026-06-28T10:32:15.525542Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/?i=1","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"d292f90edd3e14aa180cf99ff8bb56bd","sha1":"29635f2ff14a39825027667f60eea66460f73cea","sha256":"bef1e450d8fc62eff9dc971acd7588be92837aea9f342714ffadff177fd1755c","sha512":"0378a77a0a0b4f69598d9222eee34897d9787af866447fc613048cd6b1d7812415c7bd7a56507758123ddbf220b44cc75e4a8443f89f242b2bb42309de27ee5c","ssdeep":"","tlshash":"cac08075007178513fe0544a57fd7294f0998137585da55131d4407f450951e41dd9e3","size":169,"data":"","first_seen":"2026-06-17T18:04:22.543126Z","last_seen":"2026-06-28T10:32:15.526074Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"paytrustwallet.zya.me/IMG2.jpg","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:44.531Z","timestamp":1782641564531,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /IMG2.jpg HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/?i=1\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 3706\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Jun 2026 14:10:14 GMT\r\nETag: \"e7a-654739e5198b9\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Tue, 28 Jul 2026 10:12:43 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3706,"size_decoded":4046,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, description=Screenshot, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, datetime=2026:02:06 14:30:43], baseline, precision 8, 63x59, components 3","md5":"156b2a9147afab1dfc7c4e0c951aad95","sha1":"171a60278156f523f6741cca7a7aa80f8b29ec2e","sha256":"f5a9272c70ca8498fc3d46f8762afd2debdb4a8d0993b8b8ceee06144fa5088d","sha512":"96f92a6ed53d434b863790ed87e4956dfad35c6cce3cb58dec35d01677fbca5f41c1ce956da0f32041e445ba53cf1bcdc490ace1c484776e11e6f56da57915c3","ssdeep":"","tlshash":"3b713b25bf0166b4cc5356b7f9639b51e27eeef197a8430b65d000e54f806c1b63b405","first_seen":"2026-04-24T13:51:15.11687Z","last_seen":"2026-06-28T10:32:15.52394Z","times_seen":11,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":45,"dns":0,"connect":30,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/IMG_1830%203.jpg","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:44.533Z","timestamp":1782641564533,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /IMG_1830%203.jpg HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/?i=1\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 4061\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Jun 2026 14:10:12 GMT\r\nETag: \"fdd-654739e349e6c\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Tue, 28 Jul 2026 10:12:43 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4061,"size_decoded":4401,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, description=Screenshot, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, datetime=2026:02:06 12:29:13], baseline, precision 8, 74x73, components 3","md5":"5f44fa69215d0817b8a851d49b5dbbd2","sha1":"937417d55a443efb03afb98e76c8232e6889e962","sha256":"27591bbad96e55282b7520f7f30cb4dd1933dfd9fba44e5f06c6d0221a089b7c","sha512":"b102f836c1cda980805aba929140531d4ae66e7e1fddb7fb0838bc482644a210024c32a9391ca61a80d3a09521af9b3c832fa08c0ac461c4b83ff6479675328a","ssdeep":"","tlshash":"1a814b6d77c3ee54e8a308f18963c312d3ddfe62d5a82f93a6d420e847429c5e63d109","first_seen":"2026-04-24T13:51:15.117862Z","last_seen":"2026-06-28T10:32:15.524444Z","times_seen":11,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":56,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/favicon.ico","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:45.942Z","timestamp":1782641565942,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/?i=1\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:45 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 215\r\nConnection: keep-alive\r\nLocation: https://aeonfree.com/error/404/\r\nCache-Control: max-age=2592000\r\nExpires: Tue, 28 Jul 2026 10:12:45 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T22:32:18.526532Z","times_seen":16837427,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/?i=1","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-28T10:12:44.439Z","timestamp":1782641564439,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /?i=1 HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 6136\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Jun 2026 14:30:44 GMT\r\nETag: \"17f8-65473e7a8223a\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Tue, 28 Jul 2026 10:12:43 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6136,"size_decoded":6491,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"dbce1c744005dd5e18043c93acde3b5b","sha1":"4ff7ab049d1ba31e3b8ff051f7a1e46bbf9624e8","sha256":"3f8c898d7568f9daea5b5f481da2e3b4c561400c96e1a1a9e5f8605f046df26b","sha512":"0a2ec45c0eeb13f2a8d0938f450f83f0a367ece4adb418458cc95ef480ca345007d5cc678a27753e7f4357bb7b0052f07937b17e491f384506ee1ee7c054d7ae","ssdeep":"96:pdvWqO3uuau9WCWaJ9mkow/LqA36ReBL2LpOdaKERsgXfPOqVOpMP5tDKCnW:pdvWq8uuau9WCWaJAkow/LR0jZ5tDKCW","tlshash":"efc1b665f8f21aa67047c6fb66e6b11eb9a4e617c10fd98c71ecd0a61fc7c698c83104","first_seen":"2026-06-28T10:13:18.994475Z","last_seen":"2026-06-28T10:32:15.523364Z","times_seen":3,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/style.css","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:44.516Z","timestamp":1782641564516,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/?i=1\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: text/css\r\nContent-Length: 16465\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Jun 2026 14:10:23 GMT\r\nETag: \"4051-654739ed57424\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Tue, 28 Jul 2026 10:12:43 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16465,"size_decoded":16822,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"a415aac7ffeb8678f276930aaafa57b3","sha1":"9bd4f4a252125122743053f891491663d9e4c872","sha256":"d4ce296fb2399d842b732cd930898f96004144ef16fbb061eeb56a509fc72b20","sha512":"0e539a4ec64370cc318b8640e2966c88397ed96fb7c8033b8cba4e99c53977a9f504e0e7565ca849c2fe91eb8401add1d10e7d2ad95c56792ad7acd9941c6bbf","ssdeep":"192:kAfP5BgAgAfP5BgAjBAuiDb1LKquuMU7sN1OwSHsfjkEHOlL7D/8PMeDNEWAw6qd:/BgADBgAZFOhLP/K5Nz","tlshash":"11722014960295026f338ffab3d6a60bfb2b40abcf22a17db6c451058ff557059d1e8d","first_seen":"2025-09-21T18:52:40.582545Z","last_seen":"2026-06-28T10:32:15.520663Z","times_seen":81,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:44.521Z","timestamp":1782641564521,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /npm/ethers@5.7.2/dist/ethers.umd.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T22:32:18.526532Z","times_seen":16837427,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aeonfree.com/error/404/","fqdn":"aeonfree.com","domain":"aeonfree.com","tld":"com"},"ip":{"addr":"172.67.189.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:46.037Z","timestamp":1782641566037,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aeonfree.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 14:05:38 GMT","end":"Sun, 16 Aug 2026 15:04:11 GMT"},"fingerprint":{"sha1":"AD:A8:79:86:4D:0E:38:33:EA:E5:22:20:95:FB:24:DF:E3:24:6F:7A","sha256":"D6:E7:AB:8B:99:66:72:17:5E:1C:12:47:7F:E7:74:5F:C9:31:52:C8:10:78:3F:1F:89:4B:5F:18:A3:00:70:E8"}}},"request":{"raw":"GET /error/404/ HTTP/1.1\r\nHost: aeonfree.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://paytrustwallet.zya.me/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 \r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-type: text/html\r\ndate: Sun, 28 Jun 2026 10:12:46 GMT\r\nlocation: /error/404\r\nserver: cloudflare\r\nx-nf-request-id: 01KW6VF8T671CT2GFCF1844JV9\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wz8u9Qt2ClteO91wkrh56pVNsRc6gEnD9ZR6WH86UlKo5jJcg8IpAVBxsEM4JvE7cHJDYzJefjUx7wknV7llvOOgVbzVnLr0E1LweYf9Lo3DaVAmYSFDGgzi5P1X6Hw%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: a12bea3bea4f8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T22:32:18.526532Z","times_seen":16837427,"resource_available":true,"data":null}},"time_used":691,"timings":{"blocked":0,"dns":9,"connect":19,"send":0,"wait":663,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aeonfree.com/error/404","fqdn":"aeonfree.com","domain":"aeonfree.com","tld":"com"},"ip":{"addr":"172.67.189.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:46.735Z","timestamp":1782641566735,"http_version":"HTTP/3","security_state":"","security_info":null,"request":{"raw":"GET /error/404 HTTP/1.1\r\nHost: aeonfree.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://paytrustwallet.zya.me/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-encoding: zstd\r\nage: 93930\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\npriority: u=6,i=?0\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sun, 28 Jun 2026 10:12:47 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KW6VF9DTXAN1Z0GXKEE0VWXQ\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7ZHX3fZjKBEHMi6W12SMR2zuGXyKnD5RhTlIOpSKSInmDcjcwBPt%2Feg01EIvArmUQIr7lE0hyTuOCw3B4SAoZVq2WI8pHM0GwHsQa13j7bpBFIACRmSsd98YzeHM0aY%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a12bea401b308be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T22:32:18.526532Z","times_seen":16837427,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-28T10:12:43.876Z","timestamp":1782641563876,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 848\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":848,"size_decoded":1058,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (848), with no line terminators","md5":"02146b3fd1d7556ea604f17765eb2948","sha1":"a2a78e6af1ac7b8a30fcf3c588c780db337fbe4b","sha256":"4e32e064a47eaac5be7101cea315208be9ea02f80bc38ffa1c6c1542dfeb9853","sha512":"64bc6c32088ce53472fa3609c5573e0a0a70e116a8678f65beba7912a27a45a6edfd1cb5f0305ecfa743a376d03bc9fb40d2891c748ad5027f8f81c02f067bb3","ssdeep":"","tlshash":"af011eb9eca1f18a9bc001c01576d56e64159aa2f502c9ab84c252e466a0bdd0e85d2a","first_seen":"2026-06-28T10:13:18.99695Z","last_seen":"2026-06-28T10:32:15.520067Z","times_seen":3,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":121,"connect":30,"send":0,"wait":30,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/aes.js","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://paytrustwallet.zya.me/","date":"2026-06-28T10:12:44.343Z","timestamp":1782641564343,"http_version":"HTTP/1.1","security_state":"secure","security_info":null,"request":{"raw":"GET /aes.js HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T22:32:18.526532Z","times_seen":16837427,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/config.js","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:44.523Z","timestamp":1782641564523,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /config.js HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/?i=1\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 1172\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Jun 2026 14:10:11 GMT\r\nETag: \"494-654739e2aa39f\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Tue, 28 Jul 2026 10:12:43 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1172,"size_decoded":1541,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"22fe825f5bdbdc13461ebb14cc6bc8bd","sha1":"1ff58c4c447d557d961bb268a904a527f0a18c8f","sha256":"11bd8a83016235d6b29317f6dbd2d5d4f6cbc455f3c17e7ec5b8873a7966c0bf","sha512":"89a04cab41c1ac81c30b1a015075dd3444bf2618a5bef477baf3d949d4b83d3d07ab3cc76c3c4287d2a86e69c442bf754dbb840577203755b454f5bb53fd462a","ssdeep":"","tlshash":"4721415b1738674206020083ab8bf06579e7c177b548b413365fdf881fa5eb2497b1cb","first_seen":"2026-06-28T10:13:18.998296Z","last_seen":"2026-06-28T10:32:15.521656Z","times_seen":3,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":30,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/main.js","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:44.525Z","timestamp":1782641564525,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/?i=1\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 209968\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Jun 2026 14:31:49 GMT\r\nETag: \"33430-65473eb87195c\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Tue, 28 Jul 2026 10:12:43 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":209968,"size_decoded":210341,"mime_type":"application/javascript","magic":"ASCII text","md5":"69382ac5f1be91d15444f0ffcd78036f","sha1":"c0481dbf166023ab21a2cc106e5f3e9cfb9fda67","sha256":"487d6b5c2b421119fb4a79c39fb6eb962288bfd3d2a5e5685b9afbdba60a42ae","sha512":"f48793333e6eaeeefc5e9274dfe0240ef39e544888032fc63ba06ff4d3cb3f03f0aab028ae22b07a5d502e300facff806d65fa81f45012da04011b6dae718d34","ssdeep":"192:Ac7kOBkYs3dRW3CGoCYpmzHRfycxmr1g3LcoxUjHXekB3kn9DA5YwIAGQ3h8F8rG:V7XBmddr2YoCjiy5J8F9v","tlshash":"a224745ae67730200597617a1bd7104d3323805be909eda07b9dc3660f49c6aedf2ba9","first_seen":"2026-06-28T10:13:19.002019Z","last_seen":"2026-06-28T10:32:15.522211Z","times_seen":3,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":30,"send":0,"wait":32,"receive":118,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-28","alert":"Detects file containing Telegram Bot API","trigger":"paytrustwallet.zya.me/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paytrustwallet.zya.me/IMG1.jpg","fqdn":"paytrustwallet.zya.me","domain":"zya.me","tld":"me"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paytrustwallet.zya.me/?i=1","date":"2026-06-28T10:12:44.529Z","timestamp":1782641564529,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zya.me","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Mon, 15 Jun 2026 00:00:00 GMT","end":"Sun, 13 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:46:B4:FC:74:34:BE:2F:C5:9A:62:83:9A:1F:DF:47:62:A3:F8:72","sha256":"26:60:87:34:B3:8E:D9:F2:5E:48:AA:9A:C2:C9:0B:F4:60:A8:B4:06:1F:DE:4A:27:40:B1:E5:19:A9:46:26:F9"}}},"request":{"raw":"GET /IMG1.jpg HTTP/1.1\r\nHost: paytrustwallet.zya.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paytrustwallet.zya.me/?i=1\r\nCookie: __test=25ab5afe22b5a8e115ae6ece67b216ab\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 28 Jun 2026 10:12:43 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 3450\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Jun 2026 14:10:13 GMT\r\nETag: \"d7a-654739e444282\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Tue, 28 Jul 2026 10:12:43 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3450,"size_decoded":3790,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, description=Screenshot, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, datetime=2026:02:06 12:28:44], baseline, precision 8, 63x64, components 3","md5":"ab5f5ab78706b058f689db803ec36737","sha1":"9055257461c278d641fc637fa27621ea2801b336","sha256":"0a864113271a5601da09aac1c19155593efbd052573ed6c4f4172a64c2d9f926","sha512":"04ecf09e97cd4e507f0f8c4e1cde066ca8288573f68be6f2eda2de70ff2a9be4dc7f987f4a23436558362939004aaa7a8fbd619930e315df80bd6a2a3f0fdd26","ssdeep":"","tlshash":"05613b53b3a1271cc9c596b6a4610b12d1aeeb51ffa8278be4c037d6b9a04c27e1e641","first_seen":"2026-04-24T13:51:15.111857Z","last_seen":"2026-06-28T10:32:15.522848Z","times_seen":11,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":14,"dns":0,"connect":30,"send":0,"wait":33,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"paytrustwallet.zya.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}