{
  "metadata": {
    "generator": "Bulwark Black IOC Extractor",
    "source": "https://bulwarkblack.com/physical-mail-phishing-targets-trezor-and-ledger-users-attackers-use-qr-codes-to-steal-recovery-phrases/",
    "fang": "live",
    "exported_at": "2026-07-15T22:56:43Z",
    "total": 8,
    "categories": 2
  },
  "iocs": {
    "Domains": [
      "ledger.setuptransactioncheck.com",
      "trezor.authentication-check.io"
    ],
    "URLs": [
      "authentication-check.io/",
      "authentication-check.io/black/api/send.php",
      "https://ledger.setuptransactioncheck.com/",
      "https://trezor.authentication-check.io/",
      "https://trezor.authentication-check.io/black/api/send.php",
      "setuptransactioncheck.com/"
    ]
  }
}