{"report_id":"eb4e2254-340c-4c32-b8fe-62629854f833","version":6,"status":"done","tags":[],"date":"2026-01-03T07:54:21Z","url":{"schema":"https","addr":"sd.tex-transaction.com/","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/#/","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"title":"Mercado libre","dom":{"size":328190,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (56052), with CRLF, LF line terminators","md5":"8caa1946294387eb4746826bf6018ea7","sha1":"ceecf0ba52aa7d90ad48627751157a8f17b65545","sha256":"8c3fa118224584ce2769f005b9683da90703a175a8dc8040a308afcd25f89cbd","sha512":"a6f1f6fb53d0cfc544c01389d2751618e61cfea0398ad6a04054fcb5dc8d97e6cb38e5f760e792b5b03362d96214dca9708668a050df7ed2576522bcaf58b88b","ssdeep":"6144:g7sLq3SYiLENM6HN26j6B20fi5MkXkY4E2zma8fQjUL5SbRh:ecfUL5SX","tlshash":"f364c575f2a13129f067c969a0c0baf9572b925ac7520efff41f3b6487955cb0623b08","dom_hash":"domhash24012bc677ad4e9b9a18d7c3e8e44afe","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"sd.tex-transaction.com/","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-07T07:54:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"sd.tex-transaction.com","ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"domain_registered":"2025-09-10","domain_rank":0,"first_seen":"2026-01-02T14:23:54.429842Z","last_seen":"2026-01-02T14:23:54.429843Z","alert_count":45,"request_count":9,"received_data":2083655,"sent_data":5038,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-28T22:14:05.525046Z","alert_count":0,"request_count":2,"received_data":141050,"sent_data":1104,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"118.25.42.241","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2025-12-29T10:40:39.031637Z","alert_count":0,"request_count":1,"received_data":579,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"wshzn.gepush.com","ip":{"addr":"218.205.76.91","port":5223,"asn":56041,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"domain_registered":"2012-04-29","domain_rank":0,"first_seen":"2023-02-22T01:55:04Z","last_seen":"2026-01-02T14:23:54.916658Z","alert_count":0,"request_count":1,"received_data":181,"sent_data":570,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"93368157fb131b56a45d6f60f8b40342","sha1":"ea2a25edb7b00c3e0a06650f02fded5bd87dfa20","sha256":"c48d4859bc082aa591168f7d7230bef438ecc2b3074e707c83864e11ec1a891f","sha512":"366c90d022f7fd6718d76460de51a154cf6cf8bf8e3aefa2e0e736cbba24ec53506485331abd3c3c2a7e6ae00c9a3b957a9aa675ecdd389afca7863ad8365908","ssdeep":"","tlshash":"c8e068c260a6294c02208016304ac1031bb608729ec149613c4c67a58fb9f4bc46e859","size":352,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-04-04T14:34:43.503055Z","times_seen":3367,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/js/chunk-vendors.2cc04ace.js","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f8ae8d35868d35eb57a651d166add30","sha1":"2ec6aed0de3911c23fb537a80dd997df260e2389","sha256":"360f46d650d90277b31c738d8977b93a94485d5e9afd2f9066c6b6c3c3f2b541","sha512":"d547202ecf8a1788e1f9634a3b62a81a9db2566ee23f7ee91fde18de3a12a0857979fce488f6da149a46d8d020b46ce7fbe1c901d6e13ce8e5d3b44b6dfd0bc0","ssdeep":"12288:k+oqrrrwTeAWkeYyrKNrvdzWXd2kX4Xlxz9:kKLxAWkeYQKNJzrn9","tlshash":"1b25f88cb2d2b0b507e760b5003f220bb23b6959b44a94d8f675e4d5ad7894e6237f3c","size":1032989,"data":"","first_seen":"2026-01-03T07:54:26.809791Z","last_seen":"2026-01-03T18:52:08.291668Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/js/index.95c35815.js","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9879e4c298635fe00133de66255d8344","sha1":"ae29ed57b2f7b3f70b11ba199b7a4eeeee0a5598","sha256":"85660b5c1ff91f4646a3fee2687de68c83d41981b6088eac55d26ebf9c5ebee7","sha512":"5245ba9712f091720d0469b88344a238e7c033693c05f2a5865b7c9662d6d0eb9a4899261c35b3abc21c18b86a840a7d4800964eba5e2e9004df555146b0a0ef","ssdeep":"12288:yOxk57x9WvNwYkKT2ngh0vz0cDgL5SOvXEzY:FyiUwagL5SOvUzY","tlshash":"41057e56b398313da097864970ca7e76237e40b6e34285daf82f6fec53d55d71223b08","size":828453,"data":"","first_seen":"2026-01-03T07:54:26.813707Z","last_seen":"2026-01-03T18:52:08.294085Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/js/pages-index-index.81097754.js","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b51bc18e6b484b5c3dfc7f2a90b952a","sha1":"593cc4f1ccc298ad0428a916365f73dc87ba658b","sha256":"c08ea33dc47e60d45e68ac3e3c46abf9219134e6f1f099837b037d29b5b0a419","sha512":"4a761e51a2123fc0dab2b6a5ed234468ee982170ed682b49f7029d5d3cd1d79a5c505cf209a989c412dcd8bed7b478422793f327567b4bc0103471c0567e2eec","ssdeep":"96:ppLUVIPNmVbyN3pz4XGCStXG/KcPsrWhuB/oRsodOO3W:ppLUVemVb5XGFGsihuBoRs+W","tlshash":"10c18414b487f89e0c57d469282f4a74e0365e3dd122f885a7b6c6e989b4ece0627b1c","size":5734,"data":"","first_seen":"2026-01-03T07:54:26.810908Z","last_seen":"2026-01-03T18:52:08.283132Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"3d5272693eb411e5b8b13a243f76c720","sha1":"6a586ab8e0a4bf12bbc60eea6ca9f2418625a22c","sha256":"9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8","sha512":"03fc5614f48fc9a2e3c4a30626fdbacde74c1fda09ffa9d1cde0393d31cd5fe1588e270c241f4cedb473c6e5cc224ff16c141468a29519ea6159accf3e3a18f1","ssdeep":"","tlshash":"a4c08c8350e2080c8210861b848880050b8808b04f9308a22cd85b7ecc9ae88c8f804c","size":148,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-04-04T15:56:47.569789Z","times_seen":14258,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"sd.tex-transaction.com/","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T07:53:58.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:53:58 GMT\r\ncontent-type: text/html; charset=utf-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: no-cache,must-revalidate\r\nlocation: /h5\r\nset-cookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; path=/; HttpOnly\nserver_name_session=2a35941e68b732178952c5ba06fbd621; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":796,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":1456,"timings":{"blocked":575,"dns":55,"connect":258,"send":0,"wait":300,"receive":0,"ssl":265},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T07:53:59.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /h5 HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:53:59 GMT\r\ncontent-type: text/html\r\ncontent-length: 162\r\nlocation: https://sd.tex-transaction.com/h5/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":796,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/index.2da1efab.css","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:53:59.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /h5/static/index.2da1efab.css HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/h5/\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:53:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 07 Jan 2025 03:49:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ca43e-178f9\"\r\nexpires: Sat, 03 Jan 2026 19:53:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96505,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"73ae6c583d02d78f81e3f18860a2899a","sha1":"07df9233fc11dddc34fbf519b891d40b2ac29c0f","sha256":"e97de9a247807f12d74101e9f736250b2410be4e1ed3d17ed875e4b08cf66c83","sha512":"da54ba9dbe06d8d763f3cfd64cf5babb54e761e3208c7a2f23e845290c48db8c115bb86c24262cd6c9a96ff2e51674c6d86439e1814baf2de7980f5c06349921","ssdeep":"1536:OlIApuK7hmVmb2RS1Wu3xdynGJ7eh/nKhlvbc:VApuK7hmVrS1Wu3iG41nKPI","tlshash":"1893f73719012e39e52bcd26b6c1ab5a1e61c033e15307adfba47628cbcf9c9167b345","first_seen":"2024-01-02T00:07:11Z","last_seen":"2026-04-04T15:56:47.547399Z","times_seen":5464,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":522,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/favicon.ico","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:54:01.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/h5/\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:54:02 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 11849\r\nlast-modified: Fri, 11 Oct 2024 09:37:04 GMT\r\netag: \"6708f1c0-2e49\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11849,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 89 x 101, 8-bit/color RGBA, non-interlaced","md5":"d22689c044f347076d89a6ca4feec5fe","sha1":"12c64d90cc1efcad4420de27dccae4535eefa8bc","sha256":"f1eff40ca74ef3471e7a148f564bb74d95454885320df9ad51bc441c991ab1bb","sha512":"23f66840cf4ca0787ab2e09968da1fa34ac86bf83ce0ad090d82e45f65dbf75a2228d9907bba36fc27ae36914776b727a263a37758054dbf3a90696dae493a1c","ssdeep":"192:7GAT62e7INHDzBLcdVIqXy24unSOu2tGGDrYWyBiSQ8GMnw4u48V8/sse+CQHp0G:BTDz9cLIqXvDnmwrYWyBiJnMwEk4JrN7","tlshash":"8332bf21571b2cc186e4dd317fb979e4145222ca523170482728f3a6f6b4d2e5f6bca3","first_seen":"2023-05-01T23:17:15Z","last_seen":"2026-04-04T08:06:07.883192Z","times_seen":1941,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":259,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:54:02.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"21:10:1E:48:79:6B:E7:49:AB:BB:0E:38:86:C8:4D:74:7B:42:EE:BB","sha256":"0A:58:99:06:D8:BC:1C:BD:3E:CE:EF:7D:D6:D2:50:2D:1E:DE:8F:87:97:56:72:B9:3F:21:88:AC:79:3A:75:03"}}},"request":{"raw":"GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://sd.tex-transaction.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 11028\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 29 Dec 2025 13:14:45 GMT\r\nexpires: Tue, 29 Dec 2026 13:14:45 GMT\r\ncache-control: public, max-age=31536000\r\nage: 412757\r\nlast-modified: Wed, 11 May 2022 19:24:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11028,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11028, version 1.0","md5":"1f6d3cf6d38f25d83d95f5a800b8cac3","sha1":"279f300ca2cbbdf9f5036ef2f438607fbf377daa","sha256":"796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f","sha512":"716305f4d2582683b64c61b5e2390983579ea0fb33c936dd3ea8362872176625fbcb6f5ad18d2abf85da82d14c33a9640dfc5749922cb2fc079ddf37864f361f","ssdeep":"192:4oijUxKA0B3BxJPeLrh00JWNhi5A5HWdZ6SfroKthzwbMcYfQKvwpFVX2T+:Nx4bexHAE6STltlwbMcovaET+","tlshash":"9032cf5eaa417172974b5791e296fbc0e627186438fb02fef85185bbc4045e437092be","first_seen":"2023-04-05T08:50:36Z","last_seen":"2026-04-04T15:57:11.228252Z","times_seen":73261,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":105,"dns":1,"connect":16,"send":0,"wait":17,"receive":3,"ssl":86},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/img/logo2.png","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:54:02.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /h5/static/img/logo2.png HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/h5/\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:54:02 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 07 Jan 2025 03:49:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ca43e-18b4c\"\r\nexpires: Mon, 02 Feb 2026 07:54:02 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":101196,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 484, 8-bit/color RGBA, non-interlaced","md5":"7bd70ba0c5e965c72f9f9a5f81d7c78c","sha1":"de8968f57c1a15e54245b180596e5bfd9c79b1ec","sha256":"f6129dce1cda6ef35844e890caf881de2fc0715d93462ac5cbe8d58272f3c939","sha512":"8dae0bae4b052283f25c27bd6229cab24aa6cdc58cad8815ad13513bd1c4a8a48d2e5d2ef0cc50787ebbc761f41dc62350e020aef2cb83574f7e6cd754995f13","ssdeep":"1536:WbK/EAQVDhiaQvjSeHSDXVQbSw07kUNE2zWz8ch3Aqg1428HY58GKymdnB:19QthmjSWSJQ2wc7E2pia428458bHr","tlshash":"9fa3127c9ac0b9fe732d9a6b8c529ee47c501ff23cb5a498a12335c40518e66e9b1131","first_seen":"2025-05-12T18:16:41.222051Z","last_seen":"2026-03-30T22:05:00.364065Z","times_seen":4,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"118.25.42.241","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:54:03.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:54:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Sat, 03 Jan 2026 15:54:04 GMT\r\ncache-control: max-age=28800\r\nset-cookie: __uni__uid=rBEQMWlYyxxvplrqA7m/Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-04-04T14:34:43.49932Z","times_seen":14517,"resource_available":false,"data":null}},"time_used":2111,"timings":{"blocked":713,"dns":1,"connect":301,"send":0,"wait":685,"receive":0,"ssl":409},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T07:53:59.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /h5/ HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:53:59 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 07 Jan 2025 03:49:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ca43e-31c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":796,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (509)","md5":"0bee5e5107f574d1d94c130175a1a9ae","sha1":"c6d3034f045361640809dafb591246050c3c64c7","sha256":"04825ba191f4d031857c9ad3c6e639a80c30e6eb1f007f66d64f8ed3936aed05","sha512":"85af6208030f13e839c316e2e89307ef0025cc8470ba007fe9db61a8b0057534d906b1d94e4582e316264db91dfda4e66d2c316bf9a27dcb02f91f00004bcabb","ssdeep":"","tlshash":"0c0125c31c60f44d1b10855178bae61e89da4ab5ad91dd203cdc2afd5be178ede6fc10","first_seen":"2026-01-03T07:54:26.807414Z","last_seen":"2026-01-03T18:52:08.28861Z","times_seen":2,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/js/index.95c35815.js","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:53:59.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /h5/static/js/index.95c35815.js HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/h5/\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:53:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 07 Jan 2025 03:49:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ca43e-ca425\"\r\nexpires: Sat, 03 Jan 2026 19:53:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":828453,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (50893), with no line terminators","md5":"57e0c2ccdf617837ae07e90e648408e2","sha1":"7423e54a5eb44cfa4a781114d81deb1f1edc771f","sha256":"92e869a2a92bce0fab20551e5740cf71746271aabc0bc6e4c783ea12a38ae239","sha512":"333ab3344eb46d70e90a5af00d939fb073cf9cca4910f534865d35360aabd4ba101486d8a60a6ff25e277279edb8aec03da5b6a721429b80f83901624b9586c5","ssdeep":"12288:yOluXV9fNEVcGk572qrzvz0cDgL5SOvXEzY:4wagL5SOvUzY","tlshash":"1d154a19b2b523396de636847cc7fbb53f29c065c389499fe82fe72852c9dd61123a04","first_seen":"2026-01-03T07:54:26.808443Z","last_seen":"2026-01-03T07:54:26.808443Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1037,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1037,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/js/chunk-vendors.2cc04ace.js","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:53:59.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /h5/static/js/chunk-vendors.2cc04ace.js HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/h5/\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:53:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 07 Jan 2025 03:49:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ca43e-fc31d\"\r\nexpires: Sat, 03 Jan 2026 19:53:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1032989,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (29952)","md5":"5f8ae8d35868d35eb57a651d166add30","sha1":"2ec6aed0de3911c23fb537a80dd997df260e2389","sha256":"360f46d650d90277b31c738d8977b93a94485d5e9afd2f9066c6b6c3c3f2b541","sha512":"d547202ecf8a1788e1f9634a3b62a81a9db2566ee23f7ee91fde18de3a12a0857979fce488f6da149a46d8d020b46ce7fbe1c901d6e13ce8e5d3b44b6dfd0bc0","ssdeep":"12288:k+oqrrrwTeAWkeYyrKNrvdzWXd2kX4Xlxz9:kKLxAWkeYQKNJzrn9","tlshash":"1b25f88cb2d2b0b507e760b5003f220bb23b6959b44a94d8f675e4d5ad7894e6237f3c","first_seen":"2026-01-03T07:54:26.809791Z","last_seen":"2026-01-03T18:52:08.291668Z","times_seen":2,"resource_available":true,"data":null}},"time_used":522,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":522,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sd.tex-transaction.com/h5/static/js/pages-index-index.81097754.js","fqdn":"sd.tex-transaction.com","domain":"tex-transaction.com","tld":"com"},"ip":{"addr":"207.56.4.178","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:54:01.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sd.tex-transaction.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 12:09:21 GMT","end":"Thu, 02 Apr 2026 12:09:20 GMT"},"fingerprint":{"sha1":"FB:B0:37:9B:A4:DA:5F:B9:0F:71:82:95:68:FF:A1:5A:DF:5F:FD:7A","sha256":"8A:D9:08:E2:6E:F8:76:49:6E:90:EC:63:4D:23:E1:F1:65:89:0B:FA:A4:4E:0D:11:DB:3B:F6:A7:4D:D4:47:80"}}},"request":{"raw":"GET /h5/static/js/pages-index-index.81097754.js HTTP/1.1\r\nHost: sd.tex-transaction.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/h5/\r\nCookie: sb06b839e=5201r9t3kiho734h68qpblt0kd; server_name_session=2a35941e68b732178952c5ba06fbd621\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 07:54:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 07 Jan 2025 03:49:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ca43e-1666\"\r\nexpires: Sat, 03 Jan 2026 19:54:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5734,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5240), with no line terminators","md5":"0b51bc18e6b484b5c3dfc7f2a90b952a","sha1":"593cc4f1ccc298ad0428a916365f73dc87ba658b","sha256":"c08ea33dc47e60d45e68ac3e3c46abf9219134e6f1f099837b037d29b5b0a419","sha512":"4a761e51a2123fc0dab2b6a5ed234468ee982170ed682b49f7029d5d3cd1d79a5c505cf209a989c412dcd8bed7b478422793f327567b4bc0103471c0567e2eec","ssdeep":"96:ppLUVIPNmVbyN3pz4XGCStXG/KcPsrWhuB/oRsodOO3W:ppLUVemVb5XGFGsihuBoRs+W","tlshash":"10c18414b487f89e0c57d469282f4a74e0365e3dd122f885a7b6c6e989b4ece0627b1c","first_seen":"2026-01-03T07:54:26.810908Z","last_seen":"2026-01-03T18:52:08.283132Z","times_seen":2,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"sd.tex-transaction.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sd.tex-transaction.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"wshzn.gepush.com:5223/nws","fqdn":"wshzn.gepush.com","domain":"gepush.com","tld":"com"},"ip":{"addr":"218.205.76.91","port":5223,"asn":56041,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:54:02.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gepush.com","organization":"每日互动股份有限公司"},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Fri, 08 Aug 2025 00:00:00 GMT","end":"Tue, 18 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BD:83:DE:4B:3B:22:40:EF:84:5C:19:7A:24:C2:CB:4C:B4:34:46:34","sha256":"9B:DE:A6:46:38:05:3A:78:AE:EB:DF:26:FE:1D:D6:0A:FA:0C:06:44:81:6C:A2:96:83:D2:49:08:9F:AD:54:77"}}},"request":{"raw":"GET /nws HTTP/1.1\r\nHost: wshzn.gepush.com:5223\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://sd.tex-transaction.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: ZkQILLb2TQx5fvMycDxa9g==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 07:54:03 GMT\r\nConnection: upgrade\r\nupgrade: websocket\r\nsec-websocket-accept: SHIRdYENTqqI2h5qry6FCYgffyw=\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":1501,"timings":{"blocked":0,"dns":1,"connect":274,"send":0,"wait":278,"receive":0,"ssl":948},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://sd.tex-transaction.com/h5/","date":"2026-01-03T07:54:02.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"21:10:1E:48:79:6B:E7:49:AB:BB:0E:38:86:C8:4D:74:7B:42:EE:BB","sha256":"0A:58:99:06:D8:BC:1C:BD:3E:CE:EF:7D:D6:D2:50:2D:1E:DE:8F:87:97:56:72:B9:3F:21:88:AC:79:3A:75:03"}}},"request":{"raw":"GET /s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://sd.tex-transaction.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sd.tex-transaction.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 128352\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 03 Jan 2026 02:54:10 GMT\r\nexpires: Sun, 03 Jan 2027 02:54:10 GMT\r\ncache-control: public, max-age=31536000\r\nage: 17992\r\nlast-modified: Thu, 25 Aug 2022 00:26:06 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":128352,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 128352, version 1.0","md5":"53436aca8627a49f4deaaa44dc9e3c05","sha1":"0bc0c675480d94ec7e8609dda6227f88c5d08d2c","sha256":"8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1","sha512":"6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8","ssdeep":"3072:b4XkN5u3RbAR2r4lJ8FBnP7fNblbKBRvqy:fGdA8FBP7fNb5y","tlshash":"91c3231efc32af9a2e1724ec288521809c1e92fbe0b3512cf565f437e76517d999ca09","first_seen":"2023-04-05T13:19:11Z","last_seen":"2026-04-04T16:07:22.257267Z","times_seen":49232,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":54,"dns":1,"connect":16,"send":0,"wait":19,"receive":41,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}