Report Overview
Visitedpublic
2026-02-03 11:02:28
Submit Tags
URL
assuredeti.com/
Finishing URL
assuredeti.com/
IP / ASN
104.21.89.238
Title
Unlock Finance Success with AMLTestWallet & AMLCheck 2!
Suspicious - Suspicious Javascript code
Detections
urlquery
2
Network Intrusion Detection
1
Threat Detection Systems
2
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
challenges.cloudflare.com | 11393 | 2009-02-17 | 2021-10-20 | 2026-02-01 | 5.1 kB | 502 kB | 104.18.95.41 |  |
api.web3modal.org | 433029 | 2022-11-18 | 2023-09-19 | 2026-02-02 | 485 B | 335 B | 104.18.18.237 | |
api.ceooflidare.icu 2 alert(s) on this Host | unknown | 2025-12-14 | 2026-01-19 | 2026-02-02 | 1.0 kB | 3.2 kB |  158.94.210.9 |     |
cca-lite.coinbase.com | 2742073 | 2011-07-02 | 2023-08-12 | 2026-01-29 | 997 B | 2.5 kB | 104.18.35.15 | |
assuredeti.com 1 alert(s) on this Host | unknown | 2026-01-06 | 2026-02-03 | 2026-02-03 | 14 kB | 17 MB | 104.21.89.238 | |
fonts.googleapis.com | 313 | 2005-01-25 | 2012-05-23 | 2026-02-01 | 473 B | 11 kB |  142.251.38.106 | |
fonts.gstatic.com | unknown | 2008-02-11 | 2014-04-02 | 2026-02-01 | 4.4 kB | 276 kB | 142.250.74.3 | |
pulse.walletconnect.org | 247907 | 2018-03-26 | 2023-10-09 | 2026-01-31 | 575 B | 274 B | 172.66.157.155 | |
Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Ubuntu (Operating systems)
Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.Express (Web frameworks, Web servers)
Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.Node.js (Programming languages)
Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.Nginx:1.18.0 (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| medium | Client IP | 158.94.210.9 | ET INFO Suspicious Domain (*.icu) in TLS SNI |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| YARAhub by abuse.ch | assuredeti.com/after.js | malware | Detects file containing Telegram Bot API |
| OpenDNS | api.ceooflidare.icu | phishing | Phishing Block |
Telegram Bot detected (1)
URL
assuredeti.com/after.js
IP / ASN
104.21.89.238
Token
8208090838:AAHo4ZpN32TcBv_jdN_uRQ0-ZiBb51wakdU
Bot Overview
User ID8208090838
Usernameshushxhxjdjauth_bot
First Namee auth
Last NameN/A
Chat Info
Chat ID7775364742
Chat Typeprivate
TitleN/A
User Count2
Admins0
Pending Msgs1
JavaScript (125)
| HASH | FROM | Size | First Seen | Last Seen | |
|---|---|---|---|---|---|
| 086707e4369f60afedcafb16050a7618 | DocumentWrite | 39 B | 2023-03-07 | 2026-06-06 | |
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2026-06-06 Times Seen 1010005 Size 39 B (39 bytes) MD5 086707e4369f60afedcafb16050a7618 SHA1 8216b0cc6876cbd44f01c158e7dff3833ceccd41 Loading... | |||||
HTTP Transactions (40)
| URL | IP | Response | Size |
|---|