{"report_id":"3f78f8ee-640d-4e8f-9d46-e885808e19f9","version":6,"status":"done","tags":[],"date":"2026-03-24T13:12:59Z","url":{"schema":"http","addr":"trezor-protect.co","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"104.21.87.74","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"trezor-protect.co/","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"title":"Trezor Update","dom":{"size":3161,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2747)","md5":"e950fb04c166e10c246f691cdd077d44","sha1":"baa72bfcbbd1cae8f756a979b2d5d02d6255a4b7","sha256":"340218955c46b6aafef3c02a5c8a3228bcd3012624f594d9332588ebb6ee806d","sha512":"0248b0b3baf81719cb28afcfe06981b7da4b75dca1703f95aaef6a8dcb90e57dbea2e6fa1be745c01c7b02beb262d5599ceca74fb2b85211e002f2dea8541489","ssdeep":"","tlshash":"6c5155214245593f02130b90f5e1ff2d707ad249cb1bec5db26e12a267d6d9989e33d8","dom_hash":"domhashe2d5328d55f57f2397bd58c610551735","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"trezor-protect.co","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"104.21.87.74","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-28T13:12:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-24T13:12:36Z","timestamp":1774357956,"ip_dst":{"addr":"104.26.13.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54646,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI","source":"{\"timestamp\":\"2026-03-24T13:12:36.209809+0000\",\"flow_id\":2154903435013040,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":54646,\"dest_ip\":\"104.26.13.205\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2047703,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_22\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"External_IP_Lookup\"],\"updated_at\":[\"2023_08_22\"]}},\"tls\":{\"sni\":\"api.ipify.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":915,\"bytes_toclient\":1654,\"start\":\"2026-03-24T13:12:36.191408+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"trezor-protect.co","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":30,"request_count":10,"received_data":2801354,"sent_data":4622,"comment":"","tags":null,"fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}]},{"fqdn":"api.ipify.org","ip":{"addr":"104.26.13.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-01-05","domain_rank":8166,"first_seen":"2014-10-06T12:38:43Z","last_seen":"2026-03-23T11:20:08.143507Z","alert_count":0,"request_count":1,"received_data":269,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-22T22:20:05.651051Z","alert_count":0,"request_count":1,"received_data":20820,"sent_data":519,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"trezor-protect.co/assets/index-B96h4Mil.js","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b51e7d8c8aed2400d906816a0aea1032","sha1":"d4c20978ed475995641eb9989c12dc5cf1e2fe71","sha256":"ceeac0b784df0375ef34cc71a0c4e720f1eaafbb2facdc470188dc252ca4da31","sha512":"4b1b73025783bf3e5514b44df9e4b53562ee88d0ca94ab9d529c6c71d1bd96d2a4b158ed93dac87e51ab0ac79f8361c3cd8b11492ec7934162e654ca169be4eb","ssdeep":"12288:+oIWyZVIXPQCZkSnvs0hCwQGftyhnHTkE:RIWEIXPQm1tIhP","tlshash":"65c41a48255c5e7587ee02e000fb1dc221390d17a88c78bfb56de9976a21bc6e0d7bed","size":591757,"data":"","first_seen":"2026-03-24T13:13:04.681488Z","last_seen":"2026-03-24T13:13:04.681488Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"trezor-protect.co/assets/geist-latin-wght-normal-Dm3htQBi.woff2","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /assets/geist-latin-wght-normal-Dm3htQBi.woff2 HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/assets/index-BDIS2v_S.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:36 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 28400\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\netag: W/\"6ef0-19d084af890\"\r\nlast-modified: Thu, 19 Mar 2026 22:50:24 GMT\r\nx-powered-by: Express\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IPyNCwT3xf59clsZiC4t2JZzL1E2cd1XXMDnhHpFpIrsqA%2BvqxSy1nDmofIQE2t9QbSv1k36dEBDcdmnLiI2O%2FDnUNtJsyrgC5h8ZqUvhn7f\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e15eda9ff18de91-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":28400,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28400, version 1.0","md5":"284d2af3ed9db2bceefa23a14638db62","sha1":"a59aabd24d95f76b7e97143fa20c6a4c83a00c63","sha256":"0cbbe6286a00f356e98980783cc950a9b693751e04aedfb97d9526ff6dc2b316","sha512":"5381a032969cedc993f4d513a33e24f84cdbd245336902854e7c68440bd6c5d51d8de940656dba9396209dab9680276cffb948270c742c8768b0cfdf2eb6620f","ssdeep":"768:4lKwpkYgBu5H3M5tj/xk6fmzoybLiZDc8IHmSR78YpJgWcF:tEgw5HGtnf0oyb+Crl1pJkF","tlshash":"bbd2e173e2d2355bf3a8ecb902cf3e53ae8b256d82fcd5e5046a085a754970133147d1","first_seen":"2025-09-13T13:12:37.463474Z","last_seen":"2026-06-13T19:05:16.491974Z","times_seen":945,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":143,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.ipify.org/?format=json","fqdn":"api.ipify.org","domain":"ipify.org","tld":"org"},"ip":{"addr":"104.26.13.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipify.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 01 Mar 2026 16:45:18 GMT","end":"Sat, 30 May 2026 17:45:14 GMT"},"fingerprint":{"sha1":"EF:8D:ED:C7:B3:46:8A:91:47:71:92:F2:D9:B0:67:EA:C1:FC:5B:89","sha256":"01:CA:DB:EB:79:61:2D:B3:FE:2B:09:FE:44:84:EA:5B:6E:C1:3B:81:A1:0F:8C:9F:DE:2E:16:1E:59:45:06:D9"}}},"request":{"raw":"GET /?format=json HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://trezor-protect.co/\r\nOrigin: https://trezor-protect.co\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:36 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9e15edaa68cd45dd-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7d69c71af0f191e9a72db6153f8018d1","sha1":"f67c5f2887bc05654b47f76e9621e53a4091aed1","sha256":"5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65","sha512":"fdf43a8f3d843fe9008949d6709c8e2a5cd640f6101522319745f0a829f21dc8f4bd4d70ff3e2f6e1fd53ca0d2dd872bf3588c593a403071102ab28763cbdba5","ssdeep":"","tlshash":"b8700022000000208c80800eca0a032223a0000ac20a00088e800b2288a0b380282032","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-07T07:51:18.251001Z","times_seen":93313,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":51,"dns":22,"connect":8,"send":0,"wait":104,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/assets/index-BDIS2v_S.css","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:35.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /assets/index-BDIS2v_S.css HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:35 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\netag: W/\"b92c-19d084af894\"\r\nlast-modified: Thu, 19 Mar 2026 22:50:24 GMT\r\nx-powered-by: Express\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DS2fQ9S%2FUH%2FfdpIJWQ1YkaxcayQMs8bCDoliYGd0waxA3QzE%2Fh45dNkd4kSEqBCe7rka8qw4rVdxyoPkhoYntbLSojiGew8Izjzq0yuIrgo0\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9e15eda7285ede91-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47404,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (47403)","md5":"aa2c07af6aa05a806cb98ed42780a4f7","sha1":"2e367785743eac90a73925c06bb89f3d4a409a6d","sha256":"f20ac3c8db52ad7f696e58a538f35bcb5ee273062933e68292cc998af42b71f1","sha512":"ce0b6778042e716c7b069a9926846e8588bd0c565de1ca36e5095c3a01b2cd51d5bb49637a6305e2fd17642406bacf4c679a017c3873d8ad112c130a038a7be5","ssdeep":"768:Y75SkHD3aSQhtXWpnToeCaUVZszhXXAIEk0Xj8FUMP44Ej10yCKhd:YtSkHDc+nAVIFUMP44E5UG","tlshash":"3d23a650f239e83fbd3369bda39cf44ca20964c0ad255bedf612322216c77f26d16619","first_seen":"2026-03-24T13:13:04.672844Z","last_seen":"2026-03-24T13:13:04.672844Z","times_seen":1,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:35.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:09 GMT","end":"Mon, 18 May 2026 18:21:08 GMT"},"fingerprint":{"sha1":"63:D1:AE:99:1E:49:D7:6C:71:F3:BA:F5:BA:47:74:1E:EB:90:E7:D6","sha256":"69:90:BB:9D:82:60:82:88:FF:CE:F6:B3:3D:DD:B5:B5:FB:F0:56:17:FD:FA:0D:BC:9C:5B:83:51:98:0D:2F:CF"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;600;700;800\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 24 Mar 2026 13:12:35 GMT\r\ndate: Tue, 24 Mar 2026 13:12:35 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20134,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"8b90d2e664ae69443072a35d05055eb7","sha1":"8a61bcec877da9d243ace1d7c27a484d95854662","sha256":"b563eae7bb2cfa2d12e381a963e35058d63cb6a1983a96bd700827b0172a0d87","sha512":"bdc8dd894d8e281fc7161d3035e921541444ed00ee071d92a08d32bc5e3d44942c1509ee5ef0df95c5b7eed3e0d3b1c9312ab80f2b29dc474946b58d30dde0dc","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kO:8KYXuM0p2+g7rOGCE","tlshash":"99929b92002ba400ab871cc273cf7e3aadce50896085d5b99ffd0d895ceed66537875d","first_seen":"2025-11-16T09:04:45.946421Z","last_seen":"2026-06-11T17:01:34.376347Z","times_seen":125,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":88,"dns":1,"connect":7,"send":0,"wait":21,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/trezor-device.png","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /trezor-device.png HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/api/visitor/capture","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"POST /api/visitor/capture HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://trezor-protect.co/\r\nContent-Type: application/json\r\nContent-Length: 433\r\nOrigin: https://trezor-protect.co\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":433,"data":"{\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"platform\":\"Win32\",\"language\":\"en-US\",\"languages\":[\"en-US\",\"en\"],\"screenResolution\":\"1280x1024\",\"colorDepth\":24,\"deviceMemory\":\"N/A\",\"hardwareConcurrency\":48,\"timezone\":\"UTC\",\"cookieEnabled\":true,\"doNotTrack\":\"1\",\"publicIp\":\"91.90.42.154\",\"pageUrl\":\"https://trezor-protect.co/\",\"referrer\":\"Direct\",\"visitedAt\":\"2026-03-24T13:12:36.374Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:36 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 45\r\naccess-control-allow-headers: Content-Type, Authorization\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: https://trezor-protect.co\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: W/\"2d-rpONd0OUhXD7UJe+dBtx0br3hhY\"\r\nx-powered-by: Express\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rwoDadDKoJfJ%2FEYVdRO0rPcp2IWoF1mb0viE7m%2BV5JqYo9xQS20QvudkdUmh6PXwBsMP5%2FDd0iGN2vqwkAWf68i0wMrXTL3%2Byp84hcLCaNCx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e15edab6ba2de91-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ae867e333334dff2c8d12a799b2cb58e","sha1":"ae938d7743948570fb5097be741b71d1baf78616","sha256":"1dd808a7534dc0688073d46f5efa610c76778d64b41cec3a0c4936c10d63e574","sha512":"284c11086469bc600d459b0dc0e1738fbbe7a1a082da3c94db527c00f054bc1b50e9dbf0aa8410bb152f18c2d7c6171647c9b0fa20794f556bddf04a9f119705","ssdeep":"","tlshash":"20900225021038659611130130292a8058d550a390c56085901d005c56168416243656","first_seen":"2026-03-24T13:13:04.675316Z","last_seen":"2026-03-24T13:13:04.675316Z","times_seen":1,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":512,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/trz2.jpg","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /trz2.jpg HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:36 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25258\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\netag: W/\"62aa-19d084af474\"\r\nlast-modified: Thu, 19 Mar 2026 22:50:23 GMT\r\nx-powered-by: Express\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ofCAZqR6t3n9S8j5z9qGghb7TH9T9GPVKyhR9Ccf859nP49WcFuiJ0mJzRrvw3Zdp2HAUq7z%2BUoxuhOj6iorfjdQfNVYmPHaS4DgxHWmUE2r\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e15edad0fe1de91-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":25258,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Picasa], baseline, precision 8, 900x900, components 3","md5":"f6e167f176ecaef8c95180153d13c24d","sha1":"383e60c7ca13f397fd78975cbed9ba1e4997eca7","sha256":"7ff12854bb13ffccc5682e6dec637764433dc2897d9888e5051f3c7363916568","sha512":"62e7766b8bede5a69858bc8c456bb32823a2198e5f5cde0861581532c8fccad27e00468c19ade5df8ff166b0211648303b00741d8e2a274af4efed8cc4b1c8f5","ssdeep":"384:XYNg7Z8l2kxV1PT8npsagkM/idpXAFkJ2DluI64IYg7oZcpBljr:XYy7krdT8nu2TXPJ2DluI6/Yg7oZcrZr","tlshash":"2bb2cf3bbf4b4994f43742fa1cc61f0c49a622f6f9b41092007236772eab54e6f1971a","first_seen":"2026-03-24T13:13:04.676573Z","last_seen":"2026-03-24T13:13:04.676573Z","times_seen":1,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":132,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-24T13:12:35.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:35 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qYpejCtOVFIFWrAWAWfTbQLMufTrLMt79mKsxQpMoMnRf%2BahBLHshucvs%2BIjzRwd0TYJmuYF7U3VH8X8DSzGWvP2grrUIZ%2Fxz8RteATUPfHh\"}]}\r\nlast-modified: Thu, 19 Mar 2026 22:50:24 GMT\r\nx-powered-by: Express\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9e15eda5498d4eff-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":458,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"97b3930eb13f2e2937418c75d7bbbf12","sha1":"22fb4578d8a1a1181b55dfecc3f993df098f2107","sha256":"c3cdd2d5cf4bcd0df8fc6de1db04355448ddc832b9c09dcea0cfca8a09fb299a","sha512":"a5ff632ac91ec3df976a2812ea973d41e74099141fa721b556ba8ce12772b8e00f02fa8bab23419d099aef69b4f7f02871eb1642aea4a08467f2289c0252810d","ssdeep":"","tlshash":"e0f05c4184a08d15423007546ec2f5089aa3e7478389ad0471ab60bd1fc4786cedf9bc","first_seen":"2026-03-24T13:13:04.677572Z","last_seen":"2026-03-24T13:13:04.677572Z","times_seen":1,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":80,"dns":48,"connect":8,"send":0,"wait":131,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/assets/index-B96h4Mil.js","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:35.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /assets/index-B96h4Mil.js HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:35 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\netag: W/\"9078d-19d084af894\"\r\nlast-modified: Thu, 19 Mar 2026 22:50:24 GMT\r\nx-powered-by: Express\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3SKVa50WadUHjqT7VKX0m%2B8eDBg980H%2BbDFGdvCVjtR8nG3mBzTY4ykBHzapTaksHOk5EWCpJQg1hp5Jq7etgiB74uXbkIvq8TY8S%2BaUSJ1D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9e15eda7285ade91-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":591757,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (41488)","md5":"31bd50a39ad8a62064496b15ceb1a00a","sha1":"bc98ac2806a072ba8bba9db60c24c07a14f3f6ac","sha256":"990fb67139b29e9ad27e773a3b7da8167a3a1c18cad58fcba0a868074b1ed8d9","sha512":"f0bbf31134c3a94191febd3575431b46a0377143c3a74aacd0c6e98c67ffdf6d313c3cf40780e4e073063b5e80620f77878d8ccaf8fda8caef855b86de5f3ce5","ssdeep":"12288:+oIWyZVIXPQCZkSnvb0yCwM48FTHnHTkE:RIWEIXPQm15kHP","tlshash":"40d429cc229b5b7b8eee02d0107b1fc571ada607644c5426782dec993e1e6da30d36ed","first_seen":"2026-03-24T13:13:04.678599Z","last_seen":"2026-03-24T13:13:04.678599Z","times_seen":1,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":134,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/logotrezor.png","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /logotrezor.png HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/logotrezor.png","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /logotrezor.png HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 25666\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\netag: W/\"6442-19d084af474\"\r\nlast-modified: Thu, 19 Mar 2026 22:50:23 GMT\r\nx-powered-by: Express\r\ncf-cache-status: EXPIRED\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mRiOWJQtX2ekCluWK9%2FZ6S1EMGUEFNxVX%2FTeOQBklRjki8i607RQe9kMyHgY%2FzqTlZtt3lqaDYurlO%2BupHS6nqY%2BPBxqVyImUd3z%2F%2BaKphXK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e15eda9eef4de91-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":25666,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 360 x 360, 8-bit/color RGBA, non-interlaced","md5":"ce0dc3f0edc6366eaef525132d289f0f","sha1":"63278ae54b6c5f0b3a73354bfd31455d801f95bf","sha256":"b9729dcdd9193c51cdac45d4edaf3a50dc1186ee9b3cc7058a40b97a6954d36f","sha512":"20286aa740510b0efcc23d7ed940019b30faeb815418402cc65752645ce847b0e2fb6ec51f8c3c02786e2e4e56fc45ad881f5b47cc85b19b90a6de7f7bc08bd0","ssdeep":"768:Tppqn5hNzP0yJn3rgQYi4yv51pC8S3lU9iY641:NA5PJn3QyhjPS3e9io1","tlshash":"58b2e1a723ab04e5f01f231083c46b7afc2a55b0e7096ac0d911e99adbb615ddcfc761","first_seen":"2026-03-24T13:13:04.679596Z","last_seen":"2026-03-24T13:13:04.679596Z","times_seen":1,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trezor-protect.co/trezor-device.png","fqdn":"trezor-protect.co","domain":"trezor-protect.co","tld":"co"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trezor-protect.co/","date":"2026-03-24T13:12:36.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trezor-protect.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 05:53:12 GMT","end":"Thu, 11 Jun 2026 05:53:11 GMT"},"fingerprint":{"sha1":"3F:FB:76:94:45:8C:F3:54:71:7D:F2:78:48:B9:EE:1F:16:D4:0F:F8","sha256":"0B:C1:BB:35:3A:76:60:81:03:2B:41:F2:74:E3:C9:69:9D:40:B3:F6:12:59:1D:B3:D1:CE:0C:84:C2:38:B1:7A"}}},"request":{"raw":"GET /trezor-device.png HTTP/1.1\r\nHost: trezor-protect.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trezor-protect.co/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Mar 2026 13:12:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 2076681\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\netag: W/\"1fb009-19d084af474\"\r\nlast-modified: Thu, 19 Mar 2026 22:50:23 GMT\r\nx-powered-by: Express\r\ncf-cache-status: EXPIRED\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nOarmzgFKG1upHKIEdLnCh71zMgv8eZk34Y3WvtqdF9IhDMqoiPAF0Kn1HJDlOMXs96WEyDqvjzcMWmSqZCN5sE0WvuKzfgr7Yb1xR4dQPNy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e15eda9ef06de91-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2076681,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1536 x 1024, 8-bit/color RGBA, non-interlaced","md5":"2bf7169bc9ba57a30cc208f762bc83b6","sha1":"7e1714cdfb694ccfc36d5e570a047c7121e2fd60","sha256":"bcf6e5672df9021eb0b7d600d43b311b5e054abbe1645c996695f8391a559733","sha512":"9e3a865b3a6a2b16cef1c128481b344334c14aa9fabb8609713633b8286ca3ccc835ed9038f74a8a59f45c904340786742e9b88142eb41d8b64ac266f2e31b2d","ssdeep":"24576:IU+ioWlIqQUI0KWQ98P2N/dhPyhUl7dlAG0QbOBgl4h2zTfJ8KQzJ:43qjI0KWQ98PehquljgQyBg2hcTJ8x","tlshash":"a42533f19194fa70d884ceb44fad0743fe9bfea2189c600501d4099a5bf27e9ca6f46d","first_seen":"2026-03-24T13:13:04.68058Z","last_seen":"2026-03-24T13:13:04.68058Z","times_seen":1,"resource_available":false,"data":null}},"time_used":395,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":204,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-24","alert":"Phishing Block","trigger":"trezor-protect.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-24","alert":"Sinkholed","trigger":"trezor-protect.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}