{"report_id":"2759d147-a8a8-4bc9-8af8-e7d928108c5f","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-03-31T14:01:30Z","url":{"schema":"http","addr":"verifyusd.online","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":0,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"verifyusd.online/","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"title":"Transfer Trust Wallet","dom":{"size":5559,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (392)","md5":"60558a682a5361bc2d27007691baabbe","sha1":"a776a2a7d7944bf18835fddf2328dfc8abee531e","sha256":"6b1343ac331aa6f0dd862dc5975e4b083e5cff2b465380ce94083aa37377c5bf","sha512":"da358563eb3e831ebde92c1eba8586ea7950a3f4786c2b2221b066290e33f70c77feaebf2bed725db1e2ad002efb5db63adab10376832398b35f02c5f3c993b6","ssdeep":"96:bdvWqO3uuau9WCWaJ9mkow/LqA36ReMLIfkgIfkmvEqVOCMP5tD8Hpv:bdvWq8uuau9WCWaJAkow/LxEL5k5tD89","tlshash":"a4b1d865f8f21f5ab00382e66eaab12fba78e117c10fd58c71dc51a50fc7d998ca3148","dom_hash":"domhash9017ed8159fc3160c6a9441e2880b2e0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"verifyusd.online","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":0,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-05T14:01:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-31","alert":"Detects file containing Telegram Bot API","trigger":"verifyusd.online/main_v4.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"verifyusd.online","ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-09-29","domain_rank":0,"first_seen":"2026-03-31T14:01:31.626616Z","last_seen":"2026-03-31T14:01:31.626616Z","alert_count":4,"request_count":5,"received_data":36755,"sent_data":2190,"comment":"","tags":null,"fingerprints":[{"name":"StackPath","description":"StackPath is a cloud computing and services provider.","website":"https://www.stackpath.com","common_platform_enumeration":"","icon":"StackPath.svg","categories":["CDN"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-03-29T22:35:00.993215Z","alert_count":0,"request_count":1,"received_data":761318,"sent_data":445,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"verifyusd.online/main_v4.js","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"md5":"2dd3c557914e356ad6158eefd2f23f4b","sha1":"414d2d228fadb1101b5d31eae0b4dea661a5e6fb","sha256":"99d6aaa1ea8ffca490f47b2af9274e5fc6c80808dc16aa55b43b32ae3e788d7b","sha512":"f6c2224adf6c8019390e90dca28b728710584b40141d56b0d753b3fe37337b7a76167599fbb7730e203355810f080d8119a794163dbee36fa8f9d99cf2517184","size":11661,"token":"8705945946:AAG-mrHB7YsTBOrfkwwUf2cFUcVDzgF6ATc","is_revoked":false,"bot":{"token":"8705945946:AAG-mrHB7YsTBOrfkwwUf2cFUcVDzgF6ATc","user_id":"8705945946","username":"Bnbchainss_verify_bot","first_name":"BN verify","last_name":"","chat":{"chat_id":"","title":"","type":"","bot_is":"","total_users":0,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"verifyusd.online/","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"4436be55e435cdb4ce98fb721a4df4b1","sha1":"80be671b3a4a1cf8a12217a5ff787935373605df","sha256":"b420646d06a9bb2ebfd720cd33e1f35f7b7fd470a7d59b08f5271183ccded372","sha512":"c31b409f5eb10c447d267733eeecaa909e0c4ed2b17a46f7d81d1105edfbed7a0e574c32627768d5c01f93bb0f5d98a9c2829aef5c949ed3530558bb845cad1f","ssdeep":"","tlshash":"06c012597020696604ce787d4ccf088ebe269412a20849c99ddcd8547fb2e6c42e484c","size":192,"data":"","first_seen":"2025-09-07T13:20:24.46413Z","last_seen":"2026-05-12T11:08:58.161425Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verifyusd.online/config_v4.js","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"3a3b63d22dcc85b72b7f110374fcbbca","sha1":"8febc9ddd65584dc5aa2506ad630b25073a2478a","sha256":"6ab29d9bb634831a3dc5c95ebb8c2507e1a1f0c29c1ec14ac7929bf15206ece7","sha512":"ce8217ab51d4900b02dae31d3fc6ad8771c7180021ec191a3604c9afa09d15519f5ace9f6f92e7279cb1155ec804b6d5afbba397e0c40c0808e88826d6cd7ffd","ssdeep":"","tlshash":"261135db67386302061200c39b4ef0a139a7c17bb50da4523129ef891eb5eb2497b0cb","size":1045,"data":"","first_seen":"2026-03-31T14:01:35.087448Z","last_seen":"2026-03-31T14:01:35.087448Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","size":760171,"data":"","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-05-12T11:16:51.973466Z","times_seen":3230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verifyusd.online/","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"afb5e97107bd082aee8813508079f614","sha1":"b3d9823c0a971dca9e5e565e865b2471f034b5aa","sha256":"e63a848a59c08a489a070f89d6463a52f4b1b515707535616cf0d29fe15adc98","sha512":"293a4d7a59c85aab48bd193aedd98c2029affb73ffff1107b2b6dad94e25a0e2f1c74f6aeda42c37407902750e8daed84a1a6c2cddf674a18a00d154fa9dc73c","ssdeep":"","tlshash":"88c02bf0a19432213e8270d7ab6c33c8f2b4043f444de9843300c11f0a03baf10d04c2","size":150,"data":"","first_seen":"2026-03-31T14:01:35.092441Z","last_seen":"2026-03-31T14:01:35.092441Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verifyusd.online/","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"ffc487423e9dabae8b1f2123e44f179d","sha1":"1e747bd2138f5d247457cb7327bd580334d04d6c","sha256":"28b3f9d9604e38d609a54548778515d3969faaad94b68ec13c47dcc9ca9c5a9a","sha512":"b4ebd499b80ab6300ad6e381d8144fcfb28a8cc42a7a0a558e406be5333f9c4e46b4404eb1dcaf49fdc91a80c17fe4cd6b59f4976711fd3915c84a18750873d3","ssdeep":"","tlshash":"d3d0a7e0f56165157e6120ca9b2da1c4f275113f481eb5d53191d13f150aa7a80e8dc3","size":233,"data":"","first_seen":"2026-03-31T14:01:35.093911Z","last_seen":"2026-03-31T14:01:35.093911Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verifyusd.online/main_v4.js","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"2dd3c557914e356ad6158eefd2f23f4b","sha1":"414d2d228fadb1101b5d31eae0b4dea661a5e6fb","sha256":"99d6aaa1ea8ffca490f47b2af9274e5fc6c80808dc16aa55b43b32ae3e788d7b","sha512":"f6c2224adf6c8019390e90dca28b728710584b40141d56b0d753b3fe37337b7a76167599fbb7730e203355810f080d8119a794163dbee36fa8f9d99cf2517184","ssdeep":"192:WydbPzgCGoCY7f4ycxmr1cHXekB3kn9DX5YwIAGQ3h838rCXp1z:W2bxraiN5J839n","tlshash":"8032c76e16bb6060095ba17b2bcb20513133505f7a08ec5137de83511f99c2a9af3bfd","size":11661,"data":"","first_seen":"2026-03-31T14:01:35.089056Z","last_seen":"2026-03-31T14:01:35.089056Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-31","alert":"Detects file containing Telegram Bot API","trigger":"verifyusd.online/main_v4.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"verifyusd.online/","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-31T14:01:09.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifyusd.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 02:48:45 GMT","end":"Mon, 22 Jun 2026 02:48:44 GMT"},"fingerprint":{"sha1":"11:30:AD:FC:85:31:89:44:23:97:4A:67:5F:76:DA:85:B9:BF:8F:E6","sha256":"87:9B:0C:1B:B4:5B:23:C2:34:8D:2C:3B:43:9E:19:28:3B:31:A3:EB:AD:56:0F:1C:13:36:8E:3E:87:30:29:40"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: verifyusd.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 31 Mar 2026 14:01:01 GMT\r\ncontent-type: text/html\r\nserver: Apache\r\nx-provided-by: StackCDN\r\nlast-modified: Sat, 21 Mar 2026 18:01:55 GMT\r\netag: W/\"1633-64d8c98d32ac0\"\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-origin-cache-status: MISS\r\ncontent-encoding: gzip\r\nx-cdn-cache-status: MISS\r\nx-via: FRA1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"StackPath","description":"StackPath is a cloud computing and services provider.","website":"https://www.stackpath.com","common_platform_enumeration":"","icon":"StackPath.svg","categories":["CDN"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":5683,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (392), with CRLF line terminators","md5":"549761c07a22dfea88688f1901e2ca70","sha1":"3cca2d017d312cee38cd7d1168020910a7743128","sha256":"f620398a52efff3a7174618be180cdaa2e5cf66d8429109c669645369f4b4334","sha512":"5f19605f4c34bcecfda66c36f663ed5107bf0210b886169c7d79e5f7d4f07227a5437a6c6e19c4b5682141e4038c7cb772cc19264163b782ae670c91d22b7940","ssdeep":"96:yqs/7MmkoR/L35Y5eVzqtUkHUkmJYy18YPUeDoH2:yqUNkoR/LXpLzjUeDoH2","tlshash":"31c19475b4c11e1a603382eaaea6b16efa25d117c30fd98c71dc62a71ff3c588da3540","first_seen":"2026-03-31T14:01:35.076129Z","last_seen":"2026-03-31T14:01:35.076129Z","times_seen":1,"resource_available":true,"data":null}},"time_used":389,"timings":{"blocked":148,"dns":90,"connect":25,"send":0,"wait":93,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"verifyusd.online/style.css","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://verifyusd.online/","date":"2026-03-31T14:01:09.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifyusd.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 02:48:45 GMT","end":"Mon, 22 Jun 2026 02:48:44 GMT"},"fingerprint":{"sha1":"11:30:AD:FC:85:31:89:44:23:97:4A:67:5F:76:DA:85:B9:BF:8F:E6","sha256":"87:9B:0C:1B:B4:5B:23:C2:34:8D:2C:3B:43:9E:19:28:3B:31:A3:EB:AD:56:0F:1C:13:36:8E:3E:87:30:29:40"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: verifyusd.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifyusd.online/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 31 Mar 2026 14:01:01 GMT\r\ncontent-type: text/css\r\nserver: Apache\r\nx-provided-by: StackCDN\r\nlast-modified: Fri, 20 Mar 2026 04:48:04 GMT\r\netag: W/\"4051-64d6d63f46900\"\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-origin-cache-status: HIT\r\ncontent-encoding: gzip\r\nx-cdn-cache-status: HIT\r\nx-via: FRA1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"StackPath","description":"StackPath is a cloud computing and services provider.","website":"https://www.stackpath.com","common_platform_enumeration":"","icon":"StackPath.svg","categories":["CDN"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":16465,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"a415aac7ffeb8678f276930aaafa57b3","sha1":"9bd4f4a252125122743053f891491663d9e4c872","sha256":"d4ce296fb2399d842b732cd930898f96004144ef16fbb061eeb56a509fc72b20","sha512":"0e539a4ec64370cc318b8640e2966c88397ed96fb7c8033b8cba4e99c53977a9f504e0e7565ca849c2fe91eb8401add1d10e7d2ad95c56792ad7acd9941c6bbf","ssdeep":"192:kAfP5BgAgAfP5BgAjBAuiDb1LKquuMU7sN1OwSHsfjkEHOlL7D/8PMeDNEWAw6qd:/BgADBgAZFOhLP/K5Nz","tlshash":"11722014960295026f338ffab3d6a60bfb2b40abcf22a17db6c451058ff557059d1e8d","first_seen":"2025-09-21T18:52:40.582545Z","last_seen":"2026-05-12T11:08:58.157591Z","times_seen":58,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://verifyusd.online/","date":"2026-03-31T14:01:09.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/ethers@5.7.2/dist/ethers.umd.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifyusd.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 31 Mar 2026 14:01:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 168432\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.7.2\r\nx-jsd-version-type: version\r\netag: W/\"b996b-tlFUVYf2JXNF3D3p3apESxDe3z4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220026-FRA, cache-bma-essb1270058-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1069002\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=flgiDrPl7JWMBPJxHOQs3XGz9yw8qJ3gMzhdEqjFZYpTgwBN3tBagzMveq7Z1Fb1gNySReyBWvVTSc%2BihEh5tDpNYqqz3Lc8K4IUYsaPLb26Jc746Yy0M4Rfyivj9lfovXM%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9e4fe26a7c64712e-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":760171,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-05-12T11:16:51.973466Z","times_seen":3230,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":5,"dns":0,"connect":1,"send":0,"wait":7,"receive":7,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verifyusd.online/config_v4.js","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://verifyusd.online/","date":"2026-03-31T14:01:09.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifyusd.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 02:48:45 GMT","end":"Mon, 22 Jun 2026 02:48:44 GMT"},"fingerprint":{"sha1":"11:30:AD:FC:85:31:89:44:23:97:4A:67:5F:76:DA:85:B9:BF:8F:E6","sha256":"87:9B:0C:1B:B4:5B:23:C2:34:8D:2C:3B:43:9E:19:28:3B:31:A3:EB:AD:56:0F:1C:13:36:8E:3E:87:30:29:40"}}},"request":{"raw":"GET /config_v4.js HTTP/1.1\r\nHost: verifyusd.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifyusd.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 31 Mar 2026 14:01:01 GMT\r\ncontent-type: text/javascript\r\nserver: Apache\r\nx-provided-by: StackCDN\r\nlast-modified: Fri, 20 Mar 2026 10:19:04 GMT\r\netag: W/\"415-64d7203b3f600\"\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-origin-cache-status: HIT\r\ncontent-encoding: gzip\r\nx-cdn-cache-status: HIT\r\nx-via: FRA1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"StackPath","description":"StackPath is a cloud computing and services provider.","website":"https://www.stackpath.com","common_platform_enumeration":"","icon":"StackPath.svg","categories":["CDN"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1045,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"3a3b63d22dcc85b72b7f110374fcbbca","sha1":"8febc9ddd65584dc5aa2506ad630b25073a2478a","sha256":"6ab29d9bb634831a3dc5c95ebb8c2507e1a1f0c29c1ec14ac7929bf15206ece7","sha512":"ce8217ab51d4900b02dae31d3fc6ad8771c7180021ec191a3604c9afa09d15519f5ace9f6f92e7279cb1155ec804b6d5afbba397e0c40c0808e88826d6cd7ffd","ssdeep":"","tlshash":"261135db67386302061200c39b4ef0a139a7c17bb50da4523129ef891eb5eb2497b0cb","first_seen":"2026-03-31T14:01:35.087448Z","last_seen":"2026-03-31T14:01:35.087448Z","times_seen":1,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"verifyusd.online/main_v4.js","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://verifyusd.online/","date":"2026-03-31T14:01:09.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifyusd.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 02:48:45 GMT","end":"Mon, 22 Jun 2026 02:48:44 GMT"},"fingerprint":{"sha1":"11:30:AD:FC:85:31:89:44:23:97:4A:67:5F:76:DA:85:B9:BF:8F:E6","sha256":"87:9B:0C:1B:B4:5B:23:C2:34:8D:2C:3B:43:9E:19:28:3B:31:A3:EB:AD:56:0F:1C:13:36:8E:3E:87:30:29:40"}}},"request":{"raw":"GET /main_v4.js HTTP/1.1\r\nHost: verifyusd.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifyusd.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 31 Mar 2026 14:01:01 GMT\r\ncontent-type: text/javascript\r\nserver: Apache\r\nx-provided-by: StackCDN\r\nlast-modified: Sat, 21 Mar 2026 18:06:50 GMT\r\netag: W/\"2d93-64d8caa688280\"\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-origin-cache-status: HIT\r\ncontent-encoding: gzip\r\nx-cdn-cache-status: HIT\r\nx-via: FRA1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"StackPath","description":"StackPath is a cloud computing and services provider.","website":"https://www.stackpath.com","common_platform_enumeration":"","icon":"StackPath.svg","categories":["CDN"]}],"data":{"size":11667,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text","md5":"2dd3c557914e356ad6158eefd2f23f4b","sha1":"414d2d228fadb1101b5d31eae0b4dea661a5e6fb","sha256":"99d6aaa1ea8ffca490f47b2af9274e5fc6c80808dc16aa55b43b32ae3e788d7b","sha512":"f6c2224adf6c8019390e90dca28b728710584b40141d56b0d753b3fe37337b7a76167599fbb7730e203355810f080d8119a794163dbee36fa8f9d99cf2517184","ssdeep":"192:WydbPzgCGoCY7f4ycxmr1cHXekB3kn9DX5YwIAGQ3h838rCXp1z:W2bxraiN5J839n","tlshash":"8032c76e16bb6060095ba17b2bcb20513133505f7a08ec5137de83511f99c2a9af3bfd","first_seen":"2026-03-31T14:01:35.089056Z","last_seen":"2026-03-31T14:01:35.089056Z","times_seen":1,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-31","alert":"Detects file containing Telegram Bot API","trigger":"verifyusd.online/main_v4.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"verifyusd.online/favicon.ico","fqdn":"verifyusd.online","domain":"verifyusd.online","tld":"online"},"ip":{"addr":"185.151.30.180","port":443,"asn":48254,"as":"20i Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://verifyusd.online/","date":"2026-03-31T14:01:09.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifyusd.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 02:48:45 GMT","end":"Mon, 22 Jun 2026 02:48:44 GMT"},"fingerprint":{"sha1":"11:30:AD:FC:85:31:89:44:23:97:4A:67:5F:76:DA:85:B9:BF:8F:E6","sha256":"87:9B:0C:1B:B4:5B:23:C2:34:8D:2C:3B:43:9E:19:28:3B:31:A3:EB:AD:56:0F:1C:13:36:8E:3E:87:30:29:40"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: verifyusd.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifyusd.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 31 Mar 2026 14:01:01 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nvary: Accept-Encoding\r\nserver: Apache\r\nx-origin-cache-status: EXPIRED\r\ncontent-encoding: gzip\r\nx-cdn-cache-status: EXPIRED\r\nx-via: FRA1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":236,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"54ddfcfcbac52ccc7451161d40934ad7","sha1":"3f9915360e96bd0c5c756209a62d99b0246a634d","sha256":"9448f8a1159c9b14e3e1b9d8eab1a6ddf88d26e1f888a34cef430c756e4e6e1e","sha512":"b5b31c06e9e8cfc08e09e90bc5ba77c970c5be644c109f14b4b430384d4cecefae4368e051ed96323cfd3fe7a0e9f4832025c2efd213aa64bf65c55625bd72e6","ssdeep":"","tlshash":"61d0a79e90939386415176907ec123d2654953ab78b143e96ec1944690086bdc0d919d","first_seen":"2025-12-07T09:00:18.523222Z","last_seen":"2026-05-16T05:42:08.918532Z","times_seen":4475,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}