{"report_id":"290ec2b4-828b-4496-ba89-f088cf45b975","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-10T13:02:31Z","url":{"schema":"http","addr":"unbenseleoyu.top","fqdn":"unbenseleoyu.top","domain":"unbenseleoyu.top","tld":"top"},"ip":{"addr":"104.21.26.226","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"unbenseleoyu.top/","fqdn":"unbenseleoyu.top","domain":"unbenseleoyu.top","tld":"top"},"title":"Coinbase","dom":{"size":10186,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"1c65c4e6a69e454d216d8b8f0ef143f0","sha1":"2a2163fc2150b591007bda7ceec9e3a30ae6fc29","sha256":"2953cec5b85a87223be6efcb5ed8cd4c1efaa186b8ff305f98693dbf6aa7a2eb","sha512":"12b782b2640086096a63e155638e658faf5a1018d8f1e8f808ec2d93ba4ad90f17081eacb44f8ecb2671d6b0bb8077f9f1eea0b053a28ac3ec66233274503afc","ssdeep":"192:B6pjKNawgk1h298dCduuuum6oMfWI16hw2B1u11mviaUH3bMSoG:B6pvduuuum6vpIviVr","tlshash":"2a22739b56b708125973a4b977d762542236d003d109dc153fcea3ac8fc9a80eab6fdc","dom_hash":"domhash97d487334fbbb95a1d114acb1470fe3d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"unbenseleoyu.top","fqdn":"unbenseleoyu.top","domain":"unbenseleoyu.top","tld":"top"},"ip":{"addr":"104.21.26.226","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-15T13:02:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"unbenseleoyu.top/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"unbenseleoyu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"unbenseleoyu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"unbenseleoyu.top","ip":{"addr":"172.67.139.125","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":2,"received_data":12063,"sent_data":993,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"unbenseleoyu.top/","fqdn":"unbenseleoyu.top","domain":"unbenseleoyu.top","tld":"top"},"ip":{"addr":"172.67.139.125","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"md5":"a3f159373684c7bdb925cf4e399bc995","sha1":"2ec38169368581d452883797bf80af46f1920684","sha256":"1152b00fc46cbb4e9fbdd365e21f00016c5577196cb05e4da561ae8d9b2847ec","sha512":"e3ad31b27c8bb45c142fbbc796cf9b9913462a57c66da213d077ea36d97547992bd958b48d4ef5c568f0e922f537a773c7f67b261352a6969686aacffffffc54","size":3700,"token":"8717358313:AAHuLLeSWcO31Qh9LqFrRXN-naJX5u0M6pg","is_revoked":false,"bot":{"token":"8717358313:AAHuLLeSWcO31Qh9LqFrRXN-naJX5u0M6pg","user_id":"8717358313","username":"Hzjok_bot","first_name":"Hzjokdrainer","last_name":"","chat":{"chat_id":"1824017610","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"unbenseleoyu.top/","fqdn":"unbenseleoyu.top","domain":"unbenseleoyu.top","tld":"top"},"ip":{"addr":"172.67.139.125","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a3f159373684c7bdb925cf4e399bc995","sha1":"2ec38169368581d452883797bf80af46f1920684","sha256":"1152b00fc46cbb4e9fbdd365e21f00016c5577196cb05e4da561ae8d9b2847ec","sha512":"e3ad31b27c8bb45c142fbbc796cf9b9913462a57c66da213d077ea36d97547992bd958b48d4ef5c568f0e922f537a773c7f67b261352a6969686aacffffffc54","ssdeep":"","tlshash":"50711e5525b60c2206f3a4bf73cbb16065368823a449ec017d9e87a40fc4b50e7fafe9","size":3700,"data":"","first_seen":"2026-06-10T13:02:35.287112Z","last_seen":"2026-06-10T13:02:35.287112Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"unbenseleoyu.top/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"unbenseleoyu.top/","fqdn":"unbenseleoyu.top","domain":"unbenseleoyu.top","tld":"top"},"ip":{"addr":"172.67.139.125","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T13:02:08.022Z","timestamp":1781096528022,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unbenseleoyu.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 00:01:00 GMT","end":"Tue, 25 Aug 2026 00:00:59 GMT"},"fingerprint":{"sha1":"0D:50:72:C7:83:8A:9F:5A:87:74:D8:C1:B1:AB:C7:A2:24:E6:8E:AC","sha256":"81:78:0B:85:F2:91:1C:87:9D:8C:88:22:BF:5B:9F:02:6C:89:B4:F5:29:DE:70:D0:1B:1A:77:4A:F4:A2:E1:70"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: unbenseleoyu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Wed, 10 Jun 2026 13:02:08 GMT\r\nserver: cloudflare\r\nx-powered-by: PHP/8.2.12\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TPX2irlGYPKYo6oWX1Q5xAWhxCjFoc9Enu%2BhLIRuNALJarmwjFrLVhzafv8DJwMeNeK71m4JlCZj%2BoxLcwjjlOgX6z0ylIJL2mAojCfnHOM2JqqayI1JbeG6M4qksEBfpbRq\"}]}\r\npriority: u=0,i\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\ncf-ray: a098919488c70731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":10213,"size_decoded":4044,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"f9410849970811e3bc0f33f64bc6ff87","sha1":"344464003b1e478afa38c2943852d88ebe393106","sha256":"2f8ed0a3d96a03f74eb7bfaddf3f9ac9471d4d6e52286ebc5d8737c3470314b9","sha512":"6a250171db29b23bd71dfeed4f69185bc86530a2cfd5bb39f861bf5a683e133051ca812782b6796b141f19fed85d7f7a857600893d9a557aba9f28291a743098","ssdeep":"192:cpjKNawgk1h298dCduuuuH6vxUfWI16hw2B1u11mviaUH3bMSoe:cpvduuuuH6vSpIviVv","tlshash":"1522749616b708115973a4b977d762542236c003d109dc193fcda3ac8fc9a84ebb6fdc","first_seen":"2026-06-10T13:02:35.283205Z","last_seen":"2026-06-10T13:02:35.283205Z","times_seen":1,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":36,"connect":22,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"unbenseleoyu.top/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"unbenseleoyu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"unbenseleoyu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"unbenseleoyu.top/favicon.ico","fqdn":"unbenseleoyu.top","domain":"unbenseleoyu.top","tld":"top"},"ip":{"addr":"172.67.139.125","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://unbenseleoyu.top/","date":"2026-06-10T13:02:08.625Z","timestamp":1781096528625,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unbenseleoyu.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 00:01:00 GMT","end":"Tue, 25 Aug 2026 00:00:59 GMT"},"fingerprint":{"sha1":"0D:50:72:C7:83:8A:9F:5A:87:74:D8:C1:B1:AB:C7:A2:24:E6:8E:AC","sha256":"81:78:0B:85:F2:91:1C:87:9D:8C:88:22:BF:5B:9F:02:6C:89:B4:F5:29:DE:70:D0:1B:1A:77:4A:F4:A2:E1:70"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: unbenseleoyu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://unbenseleoyu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Wed, 10 Jun 2026 13:02:08 GMT\r\nserver: cloudflare\r\nlast-modified: Sat, 06 Jun 2026 06:16:59 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WGkMpb5qwn%2F6l9NvHxL5h248MdbJVyBvQrxFLo29sx2hcyXlAUp9AE4QkNHJ%2FDooetg78bwqbEpyKG1%2FcSORy%2B4Vgir%2F87S%2BpKuTWoj1bGgppmxwWej1Y7euEXsL9RM8qHF9\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncontent-encoding: zstd\r\netag: W/\"22d-6538fb9914f28\"\r\ncontent-type: image/x-icon\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a0989197e9340731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":557,"size_decoded":1220,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"52bad1d125e93b0235a76b87996a82d0","sha1":"b2a650a251ddb79c24160958c649de3209ee2f1c","sha256":"b90cdcbe9e842bf371d9c5e7dd13359fde26879a4642ad6f752e86a65fab4fb5","sha512":"2dff26e6083fc1fa70283e407e205201d5694de361a925f4e64360cce56d2f94b690bcb075ca6f02b9b380b7e9e1f2c2d0da6f606e6a4380fc981f4ec55ef0f0","ssdeep":"","tlshash":"9df020d74e609b5c5c5e6b3e53ae882482510d9c1c14694fc442781a3c3429d05f6316","first_seen":"2023-05-01T23:35:47Z","last_seen":"2026-06-26T01:26:50.681395Z","times_seen":694,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"unbenseleoyu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"unbenseleoyu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}