{"report_id":"834c97b3-130f-4cb6-baa9-24474f36ebdf","version":6,"status":"done","tags":[],"date":"2026-01-05T00:26:40Z","url":{"schema":"http","addr":"recov-trwstvvallet.com","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"ip":{"addr":"192.185.33.172","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"recov-trwstvvallet.com/","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"title":"Import a Wallet","dom":{"size":23234,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (17146)","md5":"eb961146dc3436ea805cbfd10fccc6e9","sha1":"4020384ca74153038f5d26a91df3b7355d7aac47","sha256":"fd1c9f68693d1ef42afb5d03c1f70b27f870458f805ffb33db492a12844ef5dc","sha512":"635390ae645961c4aee1253ed5897237ac95570dab64ba72ec8afe81556b1880b6203240593006079b4d334f6c11ff8e4822b708aa9a33ea80daf18cd0a94f0e","ssdeep":"384:my/ndW55TAeRltjZcCxn5X3ucIJK8EkJTQLyGo8Vx59uePOVcVYb3nqelilrA6:mug9dtjnn5Xe7K8EkJUyGo8Vx5FGViB/","tlshash":"d2a2532e561e4c3ecbde53ca38ea0e4c15ec0403b20a4559fddedaa45f5eb84b05b69c","dom_hash":"domhash211759467ce5269cd3d2e82de4317059","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"recov-trwstvvallet.com","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"ip":{"addr":"192.185.33.172","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-09T00:26:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-05","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"recov-trwstvvallet.com/images/trstgif.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"recov-trwstvvallet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"recov-trwstvvallet.com","ip":{"addr":"192.185.33.172","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"domain_registered":"2025-03-24","domain_rank":0,"first_seen":"2025-12-04T17:25:55.695872Z","last_seen":"2025-12-19T01:19:07.571184Z","alert_count":25,"request_count":4,"received_data":1396637,"sent_data":2011,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"recov-trwstvvallet.com/","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"ip":{"addr":"192.185.33.172","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ecb396dd6e0f8e21daaf355456b20af3","sha1":"e060d0084b921f8ce0bb7ebf8983f86895f340d9","sha256":"c5d66d7b4e75a8661792ffaf0abc04290faf82202b80afa617ad186064ee88c4","sha512":"a90b39b070b2cbb5c55280a6f147c4007d65916581b26da5630001b5ab44d872bfba8b4e8d95aa3e2de1964aed49347ad9d85592525ed848e645e748987aaec3","ssdeep":"384:k55TAeRltjZcCxn5X3ucIJK8EkJTQLyGo8Vx59uePOVcVYb3nqelilrAz:Q9dtjnn5Xe7K8EkJUyGo8Vx5FGViBK","tlshash":"0e82202e9a1e8c3ecbdd13da38eb0e4855ec00037205455afddedaa45b5eb84b04b69d","size":19136,"data":"","first_seen":"2025-12-04T17:25:58.05623Z","last_seen":"2026-01-21T11:36:47.903106Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"recov-trwstvvallet.com/favicon.ico","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"ip":{"addr":"192.185.33.172","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://recov-trwstvvallet.com/","date":"2026-01-05T00:26:20.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.recov-trwstvvallet.com.circlea.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 01:25:04 GMT","end":"Wed, 25 Mar 2026 01:25:03 GMT"},"fingerprint":{"sha1":"3B:EC:41:24:BB:43:FD:2F:10:D2:51:D3:60:1E:4E:33:52:95:3C:3D","sha256":"F3:80:F6:B1:4B:79:36:63:11:07:AA:BC:40:64:38:68:61:A2:65:1D:CE:14:79:06:D2:0A:96:1E:1C:A9:79:93"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: recov-trwstvvallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://recov-trwstvvallet.com/\r\nCookie: PHPSESSID=39c31b6a22bdafa2140643761fafceac\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nlast-modified: Sun, 19 Jun 2022 19:38:13 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 462\r\ncontent-type: text/html\r\ndate: Mon, 05 Jan 2026 00:26:20 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":746,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"dbf8ec3db1d4b93b848197591827939c","sha1":"2e12f671d6101f52060133c32f8d359af756f9b2","sha256":"63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666","sha512":"6be36399f1b84b3c1969a6498ff31f9cfbd3c660a6fe99ccd2a18339f9c62a68e810b93a7439de71ca33f9831cad37c43306415012541dd809928f5597acce83","ssdeep":"","tlshash":"7c01150bc480191be1334122bac2f7046315e555238b5da17ece5967dfc8f6496d77cc","first_seen":"2023-03-08T08:24:48Z","last_seen":"2026-06-08T17:08:33.18642Z","times_seen":12943,"resource_available":true,"data":null}},"time_used":616,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":616,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"recov-trwstvvallet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"recov-trwstvvallet.com/","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"ip":{"addr":"192.185.33.172","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T00:26:18.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.recov-trwstvvallet.com.circlea.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 01:25:04 GMT","end":"Wed, 25 Mar 2026 01:25:03 GMT"},"fingerprint":{"sha1":"3B:EC:41:24:BB:43:FD:2F:10:D2:51:D3:60:1E:4E:33:52:95:3C:3D","sha256":"F3:80:F6:B1:4B:79:36:63:11:07:AA:BC:40:64:38:68:61:A2:65:1D:CE:14:79:06:D2:0A:96:1E:1C:A9:79:93"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: recov-trwstvvallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=39c31b6a22bdafa2140643761fafceac; path=/\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 8725\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Mon, 05 Jan 2026 00:26:19 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":23399,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (17146), with CRLF line terminators","md5":"f947d8d18aee77a0f754a5c8d3b417b0","sha1":"f61e38cd5f3e5abee2d599cdb81a1844f51fcb21","sha256":"9a78db84beebfc6c1d207c23739bc143aac670b32bd1b5942debdcf384c47ebf","sha512":"77a376994ad8b9bf9785d05af3c5377e1d07f6785649b1b6019a1a45f6b6e52b4b743e51e9dea01729da2d58c8fa71562dd332a4e5218787b0038d04a2ab02f1","ssdeep":"384:5UOT0q55TAeRltjZcCxn5X3ucIJK8EkJTQLyGo8Vx59uePOVcV+Nc4i33YyO3i:5jV9dtjnn5Xe7K8EkJUyGo8Vx5FGuYDS","tlshash":"31b2552e560e4c3ecbee53da38e60e4c99ed0003b2064659fdddd6a05f6eb85b01769c","first_seen":"2026-01-05T00:26:43.765402Z","last_seen":"2026-01-21T11:36:47.900042Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1733,"timings":{"blocked":411,"dns":176,"connect":112,"send":0,"wait":910,"receive":1,"ssl":121},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"recov-trwstvvallet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"recov-trwstvvallet.com/images/trstgif.gif","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"ip":{"addr":"192.185.33.172","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://recov-trwstvvallet.com/","date":"2026-01-05T00:26:20.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.recov-trwstvvallet.com.circlea.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 01:25:04 GMT","end":"Wed, 25 Mar 2026 01:25:03 GMT"},"fingerprint":{"sha1":"3B:EC:41:24:BB:43:FD:2F:10:D2:51:D3:60:1E:4E:33:52:95:3C:3D","sha256":"F3:80:F6:B1:4B:79:36:63:11:07:AA:BC:40:64:38:68:61:A2:65:1D:CE:14:79:06:D2:0A:96:1E:1C:A9:79:93"}}},"request":{"raw":"GET /images/trstgif.gif HTTP/1.1\r\nHost: recov-trwstvvallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://recov-trwstvvallet.com/\r\nCookie: PHPSESSID=39c31b6a22bdafa2140643761fafceac\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 28 Nov 2025 15:26:16 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1358954\r\ncontent-type: image/gif\r\ndate: Mon, 05 Jan 2026 00:26:20 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1358954,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 610 x 454","md5":"9ad7ae24b115df358c8966bc2c75742e","sha1":"d153b9743de86ce10f3d7f6f3c9da6c7139f2276","sha256":"6f1019b8f4f3d1c2fd4437d1c4e5fab778fd3b322f956a162acdaddd3c840bb1","sha512":"a6716338431e7bca5711b254bafee76d20a34b73d11f8a47a8f2c128dde6a94fe1eb54cc247c461b3b3ba470092513370639a10680cde6e12146572c9aaa20b0","ssdeep":"24576:cYDBqsuaWze/k/C3iUOWpBMViNN0BWem3yyGa:/DBGheDSUOWpBQBJmBv","tlshash":"9b2523d2503dea75c3137d611652ec3211b36ce96e6d533b9047389ef92a026ee8c6ec","first_seen":"2025-12-04T17:25:58.054845Z","last_seen":"2026-02-15T08:24:52.096132Z","times_seen":8,"resource_available":false,"data":null}},"time_used":850,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":718,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-05","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"recov-trwstvvallet.com/images/trstgif.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"recov-trwstvvallet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"recov-trwstvvallet.com/images/logo.png","fqdn":"recov-trwstvvallet.com","domain":"recov-trwstvvallet.com","tld":"com"},"ip":{"addr":"192.185.33.172","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://recov-trwstvvallet.com/","date":"2026-01-05T00:26:20.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.recov-trwstvvallet.com.circlea.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 01:25:04 GMT","end":"Wed, 25 Mar 2026 01:25:03 GMT"},"fingerprint":{"sha1":"3B:EC:41:24:BB:43:FD:2F:10:D2:51:D3:60:1E:4E:33:52:95:3C:3D","sha256":"F3:80:F6:B1:4B:79:36:63:11:07:AA:BC:40:64:38:68:61:A2:65:1D:CE:14:79:06:D2:0A:96:1E:1C:A9:79:93"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: recov-trwstvvallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://recov-trwstvvallet.com/\r\nCookie: PHPSESSID=39c31b6a22bdafa2140643761fafceac\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 28 Nov 2025 15:51:00 GMT\r\naccept-ranges: bytes\r\ncontent-length: 12493\r\ncontent-type: image/png\r\ndate: Mon, 05 Jan 2026 00:26:20 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":12493,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 266 x 300, 8-bit/color RGBA, non-interlaced","md5":"00f815b0a1bee5548a432aa1d85fde9e","sha1":"a856666bf021b031ffb816a5dc37aa34c7536b27","sha256":"aee79d7d97593e095706e29277457010761c55dd13e7606b89dc64066fd08559","sha512":"ce503a086819e6f01438ed6d60518eb9c2ccfa3c3c28c2cc90633209f58bc0a386158650b047ac24f5d1beb18913fa1f647bb1361261ae3862b203dc731970a1","ssdeep":"192:BERQSnkNErBXIuNyfOJVePmSetNMUerkXKti14TYJoZzObq6GB5pqRnDd9:iRnnJrBXbC+oIMUe4XwiGgoItymRJ9","tlshash":"9a42b062fe8d7579db8b381a369519601009836b0f797a34b0e166ee408d80de1cd2db","first_seen":"2025-12-01T03:10:12.590948Z","last_seen":"2026-05-25T23:07:44.88552Z","times_seen":19,"resource_available":false,"data":null}},"time_used":853,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":851,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"recov-trwstvvallet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"recov-trwstvvallet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}