{"report_id":"7a7b1ea1-6547-4d71-9ed4-436bf57c07dc","version":6,"status":"done","tags":[],"date":"2026-05-18T21:48:51Z","url":{"schema":"http","addr":"static.trxtransaction.info","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"final":{"url":{"schema":"https","addr":"static.trxtransaction.info/","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"title":"test1","dom":{"size":40355,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1062)","md5":"4134265b6f9e2e9267d8813d85b297cc","sha1":"b7370c406157947ceaff6d2d93974ebe74a4fd91","sha256":"71d62aa79d008eeb4584652595ae8c8a7941ac6070f4194fed520bcda0926c60","sha512":"96be41028d2579aa97a046f1682a2249e6b16f439e7daca9b2a527b94a7db13e9ccf3ced4670eb514e859a8b9cea01d4b62fbe1fbcee6e4d3be9730cbd58628b","ssdeep":"768:5lcB6rx/o+X6KxIf89+DiBJEW7UtBXmgIRWUFWuX:be+UE9miBJEW7UtBXmgIRWSWuX","tlshash":"3f03949fe3091372059203726b8a96f9e76d803c2336e1692da8c11c5395e6d737f3e9","dom_hash":"domhash07fdadd41039d860c42dac20b1b32707","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"static.trxtransaction.info","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-22T21:48:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/import-wallet.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/create-wallet.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/bip39-words.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/qrcode.min.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/welcome.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"static.trxtransaction.info","ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":21,"request_count":16,"received_data":1142046,"sent_data":9179,"comment":"","tags":null,"fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"static.trxtransaction.info/import-wallet.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"aad1f65e768fa5ff1d99bb3614d1127e","sha1":"9bdae4175ec7cbe67eefb1406b475af7dbb9927a","sha256":"b2b5a0e8cf95539d859e1fba545c81d9a92f36a3d86d5526005bfc35ec2ddeb7","sha512":"4e9859a9eea4c58079ee9f29935767d5aa77e48c1c4281e4726807010cc2d5a576af6b8bfc82f77ce97830acb7016f33374b04c00ca74f4422e03ceb6cf8525a","ssdeep":"768:9HcuHSAS/mc3SdNdKBltBIpCCDg0p3QmDrGJ4/iLT+eV4r7SUaVhqxXn+hz+q7DW:98uHSASuc3SdN1i4/U+4eD3Sz+eDFY","tlshash":"046379e477d0d40726ce1b53ff06bde9e46aa836b8c4a50786547bac28b8507c6b4df0","size":68398,"data":"","first_seen":"2026-05-18T21:49:00.716739Z","last_seen":"2026-05-18T21:51:10.266744Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/import-wallet.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/create-wallet.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f60e2a5237e0deb83a98f8df3431598","sha1":"83793970e6a97d95b6f9a8591490c08e943d606e","sha256":"3fd89960c8c7ac6cd21c19e23ff6eef8fddfee8114a0674dcbf76b5669733771","sha512":"002d4373159eb46b64ec31a6e51d0ef305c44fd6436a62bf3d3ee4772c120dd22caecb370a2d391203dbb9c7823615a9e81215e2eb79d261683ff9ca1e463954","ssdeep":"1536:zgVjlSy15pipbZwmGPnMUS1Bv+xbj/xdibs0OUTBTtr/ZBBDBYkyhqT56:Ajl75QdZwmGEUS1pBTbBMkY","tlshash":"89937be473d0d40766cd0b53bf05beeca17aa876b9c4a10786647aad28bd507c2b4df0","size":89191,"data":"","first_seen":"2026-05-18T21:49:00.72649Z","last_seen":"2026-05-18T21:51:10.259119Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/create-wallet.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/agreement-content.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"0329baa4e5e816e83f436c0129b0975e","sha1":"fdd025d7b3fe94de174775c4a9ee500997160e2f","sha256":"46bb217bb36c498662f39e77c08b96fc1e873b1dfd2801b5c0ab8be27bce8fc3","sha512":"dac99085787b6429ce920472b108b5db8e6205241d43ac645858fb03e8ae813402aa0c8790e18536751f1c2d5b803a9b3ae8c5001d6858076f4165ca178c984d","ssdeep":"192:liPmnhojtLeM9DRU5HzWr5VB/o/TIHOOSD4/UJs/u22Q76I:ijtD9DRdr5V5SDra2I","tlshash":"03f179e073a4d41722ce4f83bf027deca42ba83a69d5a50787587b9c287d907d5a0df1","size":7594,"data":"","first_seen":"2026-05-18T21:49:00.722837Z","last_seen":"2026-05-18T21:51:10.271484Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f8e8237912481da9799c6735f2f4418","sha1":"9442f2f16dce0325248f3212a9af71aac93a7957","sha256":"55e72363fd050498a5767b5b1b52652477723e3dcbd3dd44fa73e36d2831fe3c","sha512":"016d9ccada536ef60d7ed62c0d7bf8d7400f4683b5b70327169ec3c08075dd8440a7c910de64b131d4e62c414754c951435206227e2b349bcd1c96fad62423fb","ssdeep":"","tlshash":"d3e0d808b78128210a2611289e36d9065819f15f59dadc35ba0caa542fa6d0846eeeab","size":378,"data":"","first_seen":"2026-05-18T21:49:00.729987Z","last_seen":"2026-05-18T21:51:10.276762Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/bip39-generate.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c3746dc28d4646ce5dd63e31824f35c","sha1":"4ee7b0d8c5596401d866163def44dcb758466770","sha256":"56b9ce651244db4c38904d480b3c63c9fe2ea33c57d53a5b2b949ccefe574d3a","sha512":"3a9994ff477e25859bcf25eee5e0928ce04ec6e093c4735aaff30d1d7a070289b6977ee179f82281506ed07f062f17d26527d59814623a986e5efe5cc446b4d7","ssdeep":"192:GFErnl4dvE10JWUGe7CzHel9CI/oImGxRFVyPAPgyFiGQ2wGrBOaYxc/4U0fN5CG:Xids1IWUGe7CzHel9CIwImGxRSPAP/De","tlshash":"0b02789033d1d55722de0b93bf1a3de9e16ea4366dd8ac0b8754769c2dac807c6a0df0","size":8700,"data":"","first_seen":"2026-05-18T21:49:00.711877Z","last_seen":"2026-05-18T21:51:10.275695Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/bip39-words.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa825426af7889653eb8a7804ca49680","sha1":"984984d5d6a54a0586b1270aa8f0cb696df50120","sha256":"94e69e6e313756c72b13987b32fe8ad13a3ea5f402a59cdf57e3b3511ff36354","sha512":"b79acfa723ebeb45a3793158a53e3ecf22dc9faf22789b6dda64c9134685efc68c66a08bb759ab37e33b8592caaf9975ff8112bf260498cd6dc2f077cdd16449","ssdeep":"3072:dpztVyizjUP8LfsQk6Vab13VjckDcmQioqXSAF74qp3lcyQ7mKX:v3PzjUPU/VabtVPomQioqXSC4qp3lcy2","tlshash":"60044dd4b240f84b95ce8b43ff01b9e9f02a987678c8a4978664bead5878117d1f0df1","size":182963,"data":"","first_seen":"2026-05-18T21:49:00.721617Z","last_seen":"2026-05-18T21:51:10.274142Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/bip39-words.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/qrcode.min.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1474323aa1db67abd845f7d0ada96db0","sha1":"e7bbf7f2254b079d2a43339cf321d4e6300fe440","sha256":"6e4e6e7b3c1567e92c491ecdb4acac0ffcd9bd26a5a5e7adbe7340f77e8c7eed","sha512":"99a9aa610f2c3db151b9a0fbc83d131c7f2df4effb5a065b730886ee503b2ae252ce9766640e8ea893844ce3c877f436fbacd1c2cb0400402e95f6f732454cae","ssdeep":"1536:TXvwPk+ON2rzE/Q14G0ArertsG+hyfKBXc+ujF4s+p78VJUA6if465LnBcJYpBjh:TXvwPk3N2nE/Q6RAqBfKBsnTMo","tlshash":"ebd3aed063d0e40726ce4b93bf16bde8e16b9476b8c4a4478654beac29bc507c6b4df0","size":133794,"data":"","first_seen":"2026-05-18T21:49:00.713416Z","last_seen":"2026-05-18T21:51:10.256644Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/qrcode.min.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/welcome.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"9671da8603a10d34a7329ef0b6b9df85","sha1":"3226ee5e87982e2e135f62d1b87ae0a106094522","sha256":"4f69b1cedf42e7c3a51d239c9d06508580168266a88d7767f379f6102b54cf75","sha512":"61414406a1aa8f7e3b6ac7dfadd5f5be5c833f33cd4788815ca1f95135159e1257a8ff6930b871a5ff0185352bf774257bfb6f2b7b99e6f701c302295d363611","ssdeep":"768:1NfJ3vlF8e4FAYuIzJohRc/k088W/k0Lm1fHEczIF/ArI:jpdF8pFAYu03YmI","tlshash":"16236de463d0e40726ce0b53bf06beece076a476b8c4a54786547aad29bc507c6b4df0","size":47396,"data":"","first_seen":"2026-05-18T21:49:00.715235Z","last_seen":"2026-05-18T21:51:10.270462Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/welcome.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"static.trxtransaction.info/img/backup-camera-no.png","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /img/backup-camera-no.png HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=XhfsK3OQE6tfn9Ea; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 10970\r\nlast-modified: Mon, 16 Mar 2026 03:28:35 GMT\r\netag: \"69b778e3-2ada\"\r\naccept-ranges: bytes\r\nage: 4\r\nddg-cache-status: HIT,MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":10970,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 118 x 88, 8-bit/color RGBA, non-interlaced","md5":"811c5f7bbaad4a4fb7d293d2d50ff4fe","sha1":"e01ab950b7e75286d9ed53f8290bfa94ff5281ce","sha256":"576f7664d64998ae0b2bd1ddd48ae81e401bb471b899551d01573f267848e38a","sha512":"8f453c2851954e7e1023ae5d52a82c51f04ffd5649bc321c0298c1deede668dfd0587156610d3db0365daa9a3d1b61cb2547f35030824770a1ea8b3500acd06b","ssdeep":"192:KwPRLZKCUDTD2JsJw28UKUC7nVcT3dAoMFal32NtULP2l0ajPKyOB2lU+g+bgp10:Kw7KCq2w8ICLq3dAoMF+LK7KyHSUbA0","tlshash":"ac32c0c64ad6171f8b2cbb3f389c3095d58462ca26fa39c508356bd5626072d2943dde","first_seen":"2026-05-18T21:49:00.710435Z","last_seen":"2026-05-18T21:51:10.265629Z","times_seen":2,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/bip39-generate.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /bip39-generate.js HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=YJm1vN8pLQs6kTfe; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:26 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 19 Mar 2026 03:51:28 GMT\r\netag: W/\"69bb72c0-21fc\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 4\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 2785\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":8700,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8700), with no line terminators","md5":"6c3746dc28d4646ce5dd63e31824f35c","sha1":"4ee7b0d8c5596401d866163def44dcb758466770","sha256":"56b9ce651244db4c38904d480b3c63c9fe2ea33c57d53a5b2b949ccefe574d3a","sha512":"3a9994ff477e25859bcf25eee5e0928ce04ec6e093c4735aaff30d1d7a070289b6977ee179f82281506ed07f062f17d26527d59814623a986e5efe5cc446b4d7","ssdeep":"192:GFErnl4dvE10JWUGe7CzHel9CI/oImGxRFVyPAPgyFiGQ2wGrBOaYxc/4U0fN5CG:Xids1IWUGe7CzHel9CIwImGxRSPAP/De","tlshash":"0b02789033d1d55722de0b93bf1a3de9e16ea4366dd8ac0b8754769c2dac807c6a0df0","first_seen":"2026-05-18T21:49:00.711877Z","last_seen":"2026-05-18T21:51:10.275695Z","times_seen":2,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/qrcode.min.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /qrcode.min.js HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=kCnIZqU1RVHPqsJv; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:26 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 19 Mar 2026 03:51:43 GMT\r\netag: W/\"69bb72cf-20aa2\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 4\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 35521\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":133794,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1474323aa1db67abd845f7d0ada96db0","sha1":"e7bbf7f2254b079d2a43339cf321d4e6300fe440","sha256":"6e4e6e7b3c1567e92c491ecdb4acac0ffcd9bd26a5a5e7adbe7340f77e8c7eed","sha512":"99a9aa610f2c3db151b9a0fbc83d131c7f2df4effb5a065b730886ee503b2ae252ce9766640e8ea893844ce3c877f436fbacd1c2cb0400402e95f6f732454cae","ssdeep":"1536:TXvwPk+ON2rzE/Q14G0ArertsG+hyfKBXc+ujF4s+p78VJUA6if465LnBcJYpBjh:TXvwPk3N2nE/Q6RAqBfKBsnTMo","tlshash":"ebd3aed063d0e40726ce4b93bf16bde8e16b9476b8c4a4478654beac29bc507c6b4df0","first_seen":"2026-05-18T21:49:00.713416Z","last_seen":"2026-05-18T21:51:10.256644Z","times_seen":2,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":11,"dns":0,"connect":0,"send":0,"wait":54,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/qrcode.min.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/welcome.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /welcome.js HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=5UAEUycTJVIcS5Ed; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:26 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 01 Apr 2026 10:26:44 GMT\r\netag: W/\"69ccf2e4-b924\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 4\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 12789\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":47396,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (47396), with no line terminators","md5":"9671da8603a10d34a7329ef0b6b9df85","sha1":"3226ee5e87982e2e135f62d1b87ae0a106094522","sha256":"4f69b1cedf42e7c3a51d239c9d06508580168266a88d7767f379f6102b54cf75","sha512":"61414406a1aa8f7e3b6ac7dfadd5f5be5c833f33cd4788815ca1f95135159e1257a8ff6930b871a5ff0185352bf774257bfb6f2b7b99e6f701c302295d363611","ssdeep":"768:1NfJ3vlF8e4FAYuIzJohRc/k088W/k0Lm1fHEczIF/ArI:jpdF8pFAYu03YmI","tlshash":"16236de463d0e40726ce0b53bf06beece076a476b8c4a54786547aad29bc507c6b4df0","first_seen":"2026-05-18T21:49:00.715235Z","last_seen":"2026-05-18T21:51:10.270462Z","times_seen":2,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":52,"dns":0,"connect":0,"send":0,"wait":53,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/welcome.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/import-wallet.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /import-wallet.js HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=M8wa1yg6YeflRUtR; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 19 Mar 2026 03:51:37 GMT\r\netag: W/\"69bb72c9-10b2e\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 5\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 17754\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":68398,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"aad1f65e768fa5ff1d99bb3614d1127e","sha1":"9bdae4175ec7cbe67eefb1406b475af7dbb9927a","sha256":"b2b5a0e8cf95539d859e1fba545c81d9a92f36a3d86d5526005bfc35ec2ddeb7","sha512":"4e9859a9eea4c58079ee9f29935767d5aa77e48c1c4281e4726807010cc2d5a576af6b8bfc82f77ce97830acb7016f33374b04c00ca74f4422e03ceb6cf8525a","ssdeep":"768:9HcuHSAS/mc3SdNdKBltBIpCCDg0p3QmDrGJ4/iLT+eV4r7SUaVhqxXn+hz+q7DW:98uHSASuc3SdN1i4/U+4eD3Sz+eDFY","tlshash":"046379e477d0d40726ce1b53ff06bde9e46aa836b8c4a50786547bac28b8507c6b4df0","first_seen":"2026-05-18T21:49:00.716739Z","last_seen":"2026-05-18T21:51:10.266744Z","times_seen":2,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":62,"dns":0,"connect":0,"send":0,"wait":41,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/import-wallet.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-18T21:48:30.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=moDscC5lOY8pSACl; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg1_=MogHrtEKdgtZsLgHRmrE; Domain=.trxtransaction.info; HttpOnly; Path=/; Expires=Tue, 18-May-2027 21:48:30 GMT\r\ndate: Mon, 18 May 2026 21:48:30 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 27 Apr 2026 03:11:49 GMT\r\netag: W/\"69eed3f5-9bde\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":39902,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (652)","md5":"4ad21b3f4894e4039190dcc3de8feb19","sha1":"60c2e4ff529676c03f9f86fbb753f014aff5b9cf","sha256":"34e3d5fcdf728cf70b0e01ea84052b5926e6172fbf5556c0f6317faa16206ab5","sha512":"214ff37c326c47cac4c512bce7fdb7bd790494d879a9f8c9a18b172d9d30f5a687d7312a7488a3dbf246511fb6a541a80160bd15feb6b42c1a15d87b2d18eef7","ssdeep":"384:d8N/oWnl8r2rK2j2AwThgZHi2DyRGRWlO8yOFetFTly7itqQnA6rYx4l04Zho79Q:knK9oH6R5GH8210rSa1k","tlshash":"80036251a0ba1837914386daa216af3a7eb6d113cb3b0485b6fc07f85fa3d41bd1f149","first_seen":"2026-05-18T21:49:00.718098Z","last_seen":"2026-05-18T21:51:10.262883Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1124,"timings":{"blocked":465,"dns":406,"connect":20,"send":0,"wait":194,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/img/welcome.png","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /img/welcome.png HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=OVxjxH4b8Wak7Sdu; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 61575\r\nlast-modified: Sun, 15 Mar 2026 00:07:21 GMT\r\netag: \"69b5f839-f087\"\r\naccept-ranges: bytes\r\nage: 5\r\nddg-cache-status: HIT,MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":61575,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 452 x 752, 8-bit/color RGBA, non-interlaced","md5":"7a657be05e064dc4553979aba63d71c6","sha1":"d7b1528eecf339b31ce23a4b78b1710c4b2cc73e","sha256":"65b8be4171b11a8f98679818e8e13e6fd929d47334941b1b98a60e6f2a9714f9","sha512":"ad1fad84ef74f6e650ffc1d4d8714ecb16522a78c5b7e8b4bb7953bed3aa1111c2c2d2c9a162ed0f5051323ad47604d02bc87edad0a1b7300712619194345cad","ssdeep":"1536:+5AGP2PuDFG7cIpFZmO1z91qTU6x5sQZt4KO+xvv1VI:+T2Pws7coD59MTUkVt5OivvPI","tlshash":"545301995ab9dcfaeb8b9c663f6df9c4331a0204d0505eb9a7496c6333c4c02ad31f58","first_seen":"2026-05-18T21:49:00.719255Z","last_seen":"2026-05-18T21:51:10.264645Z","times_seen":2,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/favicon.ico","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:31.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=7bmTiafxy3ZkQndm; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE; nbo_gate=68e40bbd2b0f919e3d0fdf750bfe3d6996e2e\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=hipAXf9XnT67f95F; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:31 GMT\n__ddg10_=1779140911; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:31 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:31 GMT\r\ndate: Mon, 18 May 2026 21:48:31 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 27 Apr 2026 03:11:49 GMT\r\netag: W/\"69eed3f5-9bde\"\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":39902,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (652)","md5":"4ad21b3f4894e4039190dcc3de8feb19","sha1":"60c2e4ff529676c03f9f86fbb753f014aff5b9cf","sha256":"34e3d5fcdf728cf70b0e01ea84052b5926e6172fbf5556c0f6317faa16206ab5","sha512":"214ff37c326c47cac4c512bce7fdb7bd790494d879a9f8c9a18b172d9d30f5a687d7312a7488a3dbf246511fb6a541a80160bd15feb6b42c1a15d87b2d18eef7","ssdeep":"384:d8N/oWnl8r2rK2j2AwThgZHi2DyRGRWlO8yOFetFTly7itqQnA6rYx4l04Zho79Q:knK9oH6R5GH8210rSa1k","tlshash":"80036251a0ba1837914386daa216af3a7eb6d113cb3b0485b6fc07f85fa3d41bd1f149","first_seen":"2026-05-18T21:49:00.718098Z","last_seen":"2026-05-18T21:51:10.262883Z","times_seen":2,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/agreement-content.html","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /agreement-content.html HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=XhfsK3OQE6tfn9Ea; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE; nbo_gate=68e40bbd2b0f919e3d0fdf750bfe3d6996e2e\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=C6J7Xc2VmwcnqLl4; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:30 GMT\r\ncontent-type: text/html\r\nlast-modified: Wed, 18 Mar 2026 00:45:00 GMT\r\netag: W/\"69b9f58c-9db6\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":40374,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1062)","md5":"64a7472bee13284c4845eb52279afec3","sha1":"fd0c966fc6249db90aab387cca72367c539e1c83","sha256":"d73882a641616ba728bbbf3891f5922ae70c30e1d1a2fe44d8a88b95f236c9ae","sha512":"20eb6a8cc6104ec694aa98a1df27d823fa38f328928e4e60a2dd75275611ea5050e79eed2f413371dddf24aa50fe6cee8f5c1ad59b243309062f7f256c513cc7","ssdeep":"768:slcB6rx/o+X6KxIf89+DiBJEW7UtBXmgIRWUFWub:Oe+UE9miBJEW7UtBXmgIRWSWub","tlshash":"1403949fe3091372059203726b8a96f9e76d803c2336e1692da8c11c5395e6d737f3e9","first_seen":"2026-05-18T21:49:00.720369Z","last_seen":"2026-05-18T21:51:10.261623Z","times_seen":2,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/bip39-words.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /bip39-words.js HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=Ffxnpno6DnycmmJ5; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:26 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 19 Mar 2026 03:51:31 GMT\r\netag: W/\"69bb72c3-2cab3\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 4\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 41479\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":182963,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fa825426af7889653eb8a7804ca49680","sha1":"984984d5d6a54a0586b1270aa8f0cb696df50120","sha256":"94e69e6e313756c72b13987b32fe8ad13a3ea5f402a59cdf57e3b3511ff36354","sha512":"b79acfa723ebeb45a3793158a53e3ecf22dc9faf22789b6dda64c9134685efc68c66a08bb759ab37e33b8592caaf9975ff8112bf260498cd6dc2f077cdd16449","ssdeep":"3072:dpztVyizjUP8LfsQk6Vab13VjckDcmQioqXSAF74qp3lcyQ7mKX:v3PzjUPU/VabtVPomQioqXSC4qp3lcy2","tlshash":"60044dd4b240f84b95ce8b43ff01b9e9f02a987678c8a4978664bead5878117d1f0df1","first_seen":"2026-05-18T21:49:00.721617Z","last_seen":"2026-05-18T21:51:10.274142Z","times_seen":2,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/bip39-words.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/agreement-content.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.trxtransaction.info/agreement-content.html","date":"2026-05-18T21:48:31.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /agreement-content.js HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/agreement-content.html\r\nCookie: __ddg8_=7bmTiafxy3ZkQndm; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE; nbo_gate=68e40bbd2b0f919e3d0fdf750bfe3d6996e2e\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=a1hcluIVotsIQAmH; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:31 GMT\n__ddg10_=1779140911; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:31 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:31 GMT\r\ndate: Mon, 18 May 2026 21:48:26 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 19 Mar 2026 03:51:25 GMT\r\netag: W/\"69bb72bd-1daa\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 5\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 2403\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":7594,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7594), with no line terminators","md5":"0329baa4e5e816e83f436c0129b0975e","sha1":"fdd025d7b3fe94de174775c4a9ee500997160e2f","sha256":"46bb217bb36c498662f39e77c08b96fc1e873b1dfd2801b5c0ab8be27bce8fc3","sha512":"dac99085787b6429ce920472b108b5db8e6205241d43ac645858fb03e8ae813402aa0c8790e18536751f1c2d5b803a9b3ae8c5001d6858076f4165ca178c984d","ssdeep":"192:liPmnhojtLeM9DRU5HzWr5VB/o/TIHOOSD4/UJs/u22Q76I:ijtD9DRdr5V5SDra2I","tlshash":"03f179e073a4d41722ce4f83bf027deca42ba83a69d5a50787587b9c287d907d5a0df1","first_seen":"2026-05-18T21:49:00.722837Z","last_seen":"2026-05-18T21:51:10.271484Z","times_seen":2,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/welcome.css","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /welcome.css HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=mk34yLdqsCU3bBuA; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:25 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 18 Mar 2026 23:09:47 GMT\r\netag: W/\"69bb30bb-ce81\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 5\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 8561\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":52865,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (503)","md5":"07ceb95aff45585d80ba1c2bdc7790e0","sha1":"e88bb21c68e4e91a6a751def0203ec979304e775","sha256":"1c0e883f0149fcd880a38aa490d145b46c5e48c9abde69137ea730dede195ce5","sha512":"0f5183802a267b488c8db247970112e955c46512ccc834c33883cbe439e8ff15da3435656fd92e0f20a0ef2127d4d87419cdb87fdb48bd01ee9ac8b83d7f4e5b","ssdeep":"1536:7SzCzibuUGTBgppue/EZt/fSEJ9240+x37Z5sZyfrbJilqtWDrxF:Jzi8oP/EZc","tlshash":"983364d37b7a4808b80fc9b56812af56232d8442d20fcd7d6bf031bc9e892855976f9c","first_seen":"2026-05-18T21:49:00.724074Z","last_seen":"2026-05-18T21:51:10.272594Z","times_seen":2,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/img/ledger-wordmark.png","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /img/ledger-wordmark.png HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=I5qAVssVkfRsrkdQ; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 14126\r\nlast-modified: Tue, 17 Mar 2026 23:53:04 GMT\r\netag: \"69b9e960-372e\"\r\naccept-ranges: bytes\r\nage: 5\r\nddg-cache-status: HIT,MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":14126,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80\", progressive, precision 8, 866x650, components 3","md5":"cb939404d89f0c7b10ead7c15b2f4446","sha1":"f5a22ae01133a1150b01ac3353e0dd892f9b52bb","sha256":"c9306431b0660e3a224d1cfdf8f98ae6e74b43f95b2f981b33c5928913fe1415","sha512":"d75ba66ef6779b856c7cc69bbdeb59182bc5639e90d9bdb1a27ec04d93d7bfd756001408f54fad646a75b997fefc06d8a4ea6901f14f34b54cddaaa8ea1b69d7","ssdeep":"384:iBQzseITYJ25d68cm7I3auzOizH0a9q9K7SZJKx2zA:zzseITJ5d6ZV5zmXZJ9zA","tlshash":"ae52b033f69281b3d865e83e008d35ddd760301e44a256ef78d717652aa06f329cabbd","first_seen":"2026-05-18T19:40:58.70359Z","last_seen":"2026-05-18T21:51:10.2537Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/create-wallet.js","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /create-wallet.js HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=7bmTiafxy3ZkQndm; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 19 Mar 2026 03:51:34 GMT\r\netag: W/\"69bb72c6-15c67\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 5\r\nddg-cache-status: HIT,MISS\r\ncontent-length: 22470\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":89191,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"3f60e2a5237e0deb83a98f8df3431598","sha1":"83793970e6a97d95b6f9a8591490c08e943d606e","sha256":"3fd89960c8c7ac6cd21c19e23ff6eef8fddfee8114a0674dcbf76b5669733771","sha512":"002d4373159eb46b64ec31a6e51d0ef305c44fd6436a62bf3d3ee4772c120dd22caecb370a2d391203dbb9c7823615a9e81215e2eb79d261683ff9ca1e463954","ssdeep":"1536:zgVjlSy15pipbZwmGPnMUS1Bv+xbj/xdibs0OUTBTtr/ZBBDBYkyhqT56:Ajl75QdZwmGEUS1pBTbBMkY","tlshash":"89937be473d0d40766cd0b53bf05beeca17aa876b9c4a10786647aad28bd507c2b4df0","first_seen":"2026-05-18T21:49:00.72649Z","last_seen":"2026-05-18T21:51:10.259119Z","times_seen":2,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":39,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-18","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"static.trxtransaction.info/create-wallet.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/img/create-success.png","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /img/create-success.png HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=62mP7Hr4brQMcmRT; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 95049\r\nlast-modified: Mon, 16 Mar 2026 00:13:12 GMT\r\netag: \"69b74b18-17349\"\r\naccept-ranges: bytes\r\nage: 4\r\nddg-cache-status: HIT,MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":95049,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 560 x 935, 8-bit/color RGBA, non-interlaced","md5":"3da02b5a05287e6b8ab9b1f7f9f2bf38","sha1":"392aca5c82ea75f0b9a97ee0596d89c58d889370","sha256":"9d9a72f7d89830008e92a56aaec086bb50d18c5155ac6b337d7a40ccb78fc46c","sha512":"3c1b1739f6f4870723eecff46aed93c6b2a83b9128415fe15bb162e2a20af069933009150675606789e7e004359f817f6ece64e742621490ea0ef47e6c4463ff","ssdeep":"1536:vcrg7WGV+XBN5BFKyfmIL5IJqlLG8v+Nz9muFYHNiMO2OnEiO5MKZEGz9KtlX:og7ZVUXje47lLSEIGr2nuvjJAX","tlshash":"bc93d0c7465ee4929337be71be98b31b55f5070a0059aa391ee7940ec053e4cb4c4efa","first_seen":"2026-05-18T21:49:00.727597Z","last_seen":"2026-05-18T21:51:10.273411Z","times_seen":2,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.trxtransaction.info/img/backup-pencil.png","fqdn":"static.trxtransaction.info","domain":"trxtransaction.info","tld":"info"},"ip":{"addr":"186.2.175.71","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.trxtransaction.info/","date":"2026-05-18T21:48:30.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.trxtransaction.info","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 23:50:55 GMT","end":"Thu, 06 Aug 2026 23:50:54 GMT"},"fingerprint":{"sha1":"3F:54:7B:CD:7A:8A:D7:CB:2D:A7:3B:84:4F:81:DB:C9:38:D7:32:C4","sha256":"31:C0:EB:7F:E5:58:35:07:02:34:25:D1:24:86:4B:79:66:B5:5A:9F:47:1D:47:52:9E:65:5C:97:E9:50:A5:1C"}}},"request":{"raw":"GET /img/backup-pencil.png HTTP/1.1\r\nHost: static.trxtransaction.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.trxtransaction.info/\r\nCookie: __ddg8_=moDscC5lOY8pSACl; __ddg10_=1779140910; __ddg9_=91.90.42.154; __ddg1_=MogHrtEKdgtZsLgHRmrE\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=bsRjzPiQpp1FBoOx; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg10_=1779140910; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\n__ddg9_=91.90.42.154; Domain=.trxtransaction.info; Path=/; Expires=Mon, 18-May-2026 22:08:30 GMT\r\ndate: Mon, 18 May 2026 21:48:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 239553\r\nlast-modified: Mon, 16 Mar 2026 01:29:57 GMT\r\netag: \"69b75d15-3a7c1\"\r\naccept-ranges: bytes\r\nage: 5\r\nddg-cache-status: HIT,MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":239553,"size_decoded":0,"mime_type":"image/png","magic":"GIF image data, version 89a, 750 x 1000","md5":"9fc27ab7623d4758298252402a19c5eb","sha1":"983c68b11f9f323edfd434cf56862ef01abcb44a","sha256":"ce7807f61e883b91e24b8f1f4e4bdf47c6db318c140e42aa4ddd79ec7fb8b954","sha512":"0062e81cccb0f4da50e6a2692ca167453eb5d729f110cee1cbffc84f7dce40625afc71387274835eba02e787e8880251696b83f3bf6af4fe6a00c460bddcdc66","ssdeep":"3072:sXIEpl0d90s6tBaTt7tu1wILnfR+j/cS+Bmun59vG9G1RoKut+8r11p7fhZDbY6G:uJplm36G9qrLwvsvurPp7fjfwpgvpIb","tlshash":"7634d12a92b947e56d161634231eb0f80c4f609de4ffbe3318a0f5bd068db5618d4a6f","first_seen":"2026-05-18T21:49:00.728754Z","last_seen":"2026-05-18T21:51:10.268352Z","times_seen":2,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"static.trxtransaction.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}