Report - filereviewsigndocsx.sbs

Report Overview

Visitedpublic

2026-01-07 00:37:24

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	1222	2009-02-17	2012-05-23	2026-01-04	484 B	32 kB	104.17.24.14
filereviewsigndocsx.sbs	unknown	2025-08-09	2026-01-06	2026-01-06	2.7 kB	58 kB	212.11.64.144
api.ipify.org	8166	2014-01-05	2014-10-06	2026-01-05	459 B	271 B	172.67.74.152
api.telegram.org	206724	2003-12-15	2015-06-25	2026-01-01	1.2 kB	776 B	149.154.166.110
ipapi.co	7936	2016-04-19	2017-01-31	2026-01-06	447 B	825 B	172.67.69.226
challenges.cloudflare.com	11393	2009-02-17	2021-10-20	2026-01-04	7.3 kB	573 kB	104.18.94.41
i.ibb.co	21643	2010-07-20	2018-11-25	2026-01-05	904 B	34 kB	45.43.142.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2026-01-07 00:36:58	medium	212.11.64.144	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 62
2026-01-07 00:37:07	low	Client IP	172.67.74.152	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2026-01-07 00:37:11	low	Client IP	149.154.166.110	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
2026-01-07 00:37:11	low	Client IP	149.154.166.110	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
YARAhub by abuse.ch	filereviewsigndocsx.sbs/success.php	malware	Detects file containing Telegram Bot API
YARAhub by abuse.ch	filereviewsigndocsx.sbs/	malware	Detects file containing Telegram Bot API
DNS4EU	filereviewsigndocsx.sbs	malicious	Sinkholed
DNS0 Zero	filereviewsigndocsx.sbs	malicious	Sinkholed
Quad9 DNS	filereviewsigndocsx.sbs	malicious	Sinkholed
ClamAV	filereviewsigndocsx.sbs/doc/Adobe_Acrobat_Critical_Update_2026.001.20143.zip	malicious	Win.Trojan.Downloader-83

File detected

URL

filereviewsigndocsx.sbs/doc/Adobe_Acrobat_Critical_Update_2026.001.20143.zip

IP / ASN

212.11.64.144

#200482 nexserv GmbH

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size1.1 kB (1062 bytes)

MD53769c354e0b4c8ece006612e49ea98c3

SHA1b31823683131e5f35c961dbf17e584fa22eb5c2a

SHA256b1bc7fa11c1c6d1c52b3774c4de097fab1140f67c8130d0e5e2d399715af9c6e

Archive (1)

Modified	Filename	Size	MD5	File type
2026-01-06 08:50	Adobe_Acrobat_Critical_Update_2026.001.20143.hta	1.8 kB	567376b8b005c7065ffb7c3bc87b8f35	HTML document, Non-ISO extended-ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
ClamAV	malicious	Win.Trojan.Downloader-83

Telegram Bot detected (2)

URL

filereviewsigndocsx.sbs/success.php

IP / ASN

212.11.64.144

#200482 nexserv GmbH

Token

7574503793:AAGaKu5dF8LCVRBZ_WJS4dDwE_zDQxBghzY

Bot Overview

User ID7574503793

Usernamegenbotsnewbot

First Namegenbotnew

Last NameN/A

Chat Info

Chat ID7574503793

Chat Typeprivate

TitleN/A

User Count1

Admins0

Pending Msgs1

URL

filereviewsigndocsx.sbs/

IP / ASN

212.11.64.144

#200482 nexserv GmbH

Token

7574503793:AAGaKu5dF8LCVRBZ_WJS4dDwE_zDQxBghzY

Bot Overview

User ID7574503793

Usernamegenbotsnewbot

First Namegenbotnew

Last NameN/A

Chat Info

Chat ID7574503793

Chat Typeprivate

TitleN/A

User Count1

Admins0

Pending Msgs1

JavaScript (67)

	HASH	FROM	Size	First Seen	Last Seen
	086707e4369f60afedcafb16050a7618	DocumentWrite	39 B	2023-03-07	2026-06-13
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2026-06-13 Times Seen 1014483 Size 39 B (39 bytes) MD5 086707e4369f60afedcafb16050a7618 SHA1 8216b0cc6876cbd44f01c158e7dff3833ceccd41 SHA256 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Format Code Loading...

HTTP Transactions (21)

	URL	IP	Response	Size