{"report_id":"32493dbb-ff84-4bfc-b8c4-1c75b527f7e6","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-03-23T16:29:42Z","url":{"schema":"https","addr":"transfer-usdt.shop/","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"transfer-usdt.shop/","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"title":"React App","dom":{"size":21098,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (14199)","md5":"eec741b8fd636cc287a22206d5f2b627","sha1":"ff18c81ee9c5de23ffc3250170dc07ed8b5ba4fa","sha256":"82e34bd63b07cac8c80ac737d38d599e9a3093bb44f9ce6c3fbe3875c986053b","sha512":"f64ccab6232b627e2bbd502f43b1d04ffe7c1a9e28cb01795f1ebccefa5be75d12cf4237273d21ff466a979e6ed2cb72f55353d8cc50b9bb9bab10167b859470","ssdeep":"192:4Q1fGtTTQBsDofbjK9jufaRw9/s0re2GlCre2GlpPPGCprdyJO:1CTQzbedufs0re2kCre2kpGC","tlshash":"5a924f44a8514e7a2c237d628adc9b1dd11b90d388df569d7ecf440e0bc2bd92fb274a","dom_hash":"domhashf8c27b8189d12441927f8bb00ed3139f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"transfer-usdt.shop/","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-27T16:29:42Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-23","alert":"Detects file containing Telegram Bot API","trigger":"transfer-usdt.shop/js/main.fa82578.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"transfer-usdt.shop","ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":5,"received_data":3534131,"sent_data":2262,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"transfer-usdt.shop/js/main.fa82578.js","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"md5":"3fdf3a9ca2eba8c3ef7a904bbb352ab6","sha1":"7dfb43e4719a1542942567d4be7631369346ef8c","sha256":"4c05d9c730eee70e29bbcfac349cd1fb71b95ff41ceffd22fe7886722c355847","sha512":"1924997d5f8784f12ebabab3b7ea68406adcd725b814a0973d3dde081069f25bd6639dcd6c9b0f2c1e6d364ad0c6f0703a65183cb6717b8ca3e7a43d23d48f52","size":3509874,"token":"8464470917:AAHgZd3fCzDcm-jfPoWxjpP_anmZhLpvOaw","is_revoked":false,"bot":{"token":"8464470917:AAHgZd3fCzDcm-jfPoWxjpP_anmZhLpvOaw","user_id":"8464470917","username":"Trc20notification1_bot","first_name":"Trc20notification1","last_name":"","chat":{"chat_id":"","title":"","type":"","bot_is":"","total_users":0,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"transfer-usdt.shop/","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"bcd675ecf79db8cf724112f2dd03c6ef","sha1":"b1f6af24407cf6ac40f8b4514ab6b5dc624ca423","sha256":"8a8f32fd6e6027a88550899dad5f6576759f1d57ec3151cc47dc6e90d22745f3","sha512":"836a8b3a2994d3c944431730c3ad2f3debc1b74a3bca942ce80e2308a773cace9ee071814ad3c35d0c5059267f4841c5d59214daa92327cda0dad1ff0bed02a0","ssdeep":"","tlshash":"5ed0122a25a6c52c416774291a5f6244243601072404c9c83f1c8640df6589aa8666c5","size":223,"data":"","first_seen":"2026-03-23T16:29:53.735567Z","last_seen":"2026-04-19T14:55:16.222364Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"transfer-usdt.shop/js/main.fa82578.js","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"3fdf3a9ca2eba8c3ef7a904bbb352ab6","sha1":"7dfb43e4719a1542942567d4be7631369346ef8c","sha256":"4c05d9c730eee70e29bbcfac349cd1fb71b95ff41ceffd22fe7886722c355847","sha512":"1924997d5f8784f12ebabab3b7ea68406adcd725b814a0973d3dde081069f25bd6639dcd6c9b0f2c1e6d364ad0c6f0703a65183cb6717b8ca3e7a43d23d48f52","ssdeep":"49152:RXOjVueB2nNdC2rvsfsYuElQ5I8FelwI+efoqNjodTg63bsKpBKc++o6nC5rcUmq:rbsSNZQ","tlshash":"fef5e84067c0688813475fbb732fb4e6e81e09af7998488fe148bc6469e5727fbe5530","size":3509874,"data":"","first_seen":"2026-03-23T16:29:53.737012Z","last_seen":"2026-03-23T16:31:04.746175Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-23","alert":"Detects file containing Telegram Bot API","trigger":"transfer-usdt.shop/js/main.fa82578.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"transfer-usdt.shop/","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T16:29:17.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"transfer-usdt.shop","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 11:03:59 GMT","end":"Sun, 21 Jun 2026 11:03:58 GMT"},"fingerprint":{"sha1":"FF:15:FE:90:4E:1C:B2:5A:C2:E5:92:68:4C:10:CF:0C:0C:C0:2A:70","sha256":"7A:E1:FE:11:1E:7D:53:31:34:9E:C0:00:6B:A4:FB:C3:27:C5:67:B7:96:58:90:76:95:C6:D8:E0:2F:5F:94:A0"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: transfer-usdt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Mon, 06 Oct 2025 22:41:04 GMT\r\netag: \"7d6-68e44580-3032b920a2826ee8;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 673\r\ndate: Mon, 23 Mar 2026 16:29:10 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":2006,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"10da78ac5cbc923a3ea857c924f7a340","sha1":"e0610032acab665beaba9143af91c488c5d76ecd","sha256":"6855a27299f8287c38f10f3be69e16d071ae8828967625fdbe1d2e723b640456","sha512":"bf4d86c96a8fcf78dbd1236a248c490b9c403ade45fffc94448c269ba7ef2afd6082f35899cb13bd9bb351c05f19311b111b8459bc7897e91f20cefa90a9ef86","ssdeep":"","tlshash":"cc4198025ce7800da021d23a7ff178298e97aa0b5709dc7076dd14598fc17e88ca7df9","first_seen":"2026-03-23T16:29:53.729739Z","last_seen":"2026-03-23T16:31:04.737273Z","times_seen":2,"resource_available":false,"data":null}},"time_used":970,"timings":{"blocked":400,"dns":63,"connect":164,"send":0,"wait":167,"receive":0,"ssl":172},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"transfer-usdt.shop/js/main.fa82578.js","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://transfer-usdt.shop/","date":"2026-03-23T16:29:18.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"transfer-usdt.shop","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 11:03:59 GMT","end":"Sun, 21 Jun 2026 11:03:58 GMT"},"fingerprint":{"sha1":"FF:15:FE:90:4E:1C:B2:5A:C2:E5:92:68:4C:10:CF:0C:0C:C0:2A:70","sha256":"7A:E1:FE:11:1E:7D:53:31:34:9E:C0:00:6B:A4:FB:C3:27:C5:67:B7:96:58:90:76:95:C6:D8:E0:2F:5F:94:A0"}}},"request":{"raw":"GET /js/main.fa82578.js HTTP/1.1\r\nHost: transfer-usdt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://transfer-usdt.shop/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 30 Mar 2026 16:29:10 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Sat, 27 Dec 2025 05:36:58 GMT\r\netag: \"358e72-694f707a-2edd6a91b925a2bf;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 23 Mar 2026 16:29:10 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3509874,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"2506f52acb40d60a58e989130597b3b3","sha1":"341aa1c33a8df7a23b1817025a45e5583fd213eb","sha256":"7dafcf8ad09ae6ce013c6e5e1e68ec2a2b4080f0b918fab3ae9c5ee4a4d49f64","sha512":"3d011e529ff99776c32752ae7041a2e7b12a3c4fb2f041abab990182d15f7abf2bb0a717107399e7c829714527c1882463bd158cefc07009500421ff95985816","ssdeep":"24576:RXOjVueB2nNdC2rvdWfsYuElQ5I8FelcXI+efoqNjodTg63bsKpBKc++o6nC5rc0:RXOjVueB2nNdC2rvsfsYuElQ5I8Felw0","tlshash":"2c25958076c0a88413574fba771fb4e9f45e096f3958494fe208fc60ada1627fbe6934","first_seen":"2026-03-23T16:29:53.731551Z","last_seen":"2026-03-23T16:31:04.740867Z","times_seen":2,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"transfer-usdt.shop/css/main.ffee8cd6.css","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://transfer-usdt.shop/","date":"2026-03-23T16:29:18.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"transfer-usdt.shop","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 11:03:59 GMT","end":"Sun, 21 Jun 2026 11:03:58 GMT"},"fingerprint":{"sha1":"FF:15:FE:90:4E:1C:B2:5A:C2:E5:92:68:4C:10:CF:0C:0C:C0:2A:70","sha256":"7A:E1:FE:11:1E:7D:53:31:34:9E:C0:00:6B:A4:FB:C3:27:C5:67:B7:96:58:90:76:95:C6:D8:E0:2F:5F:94:A0"}}},"request":{"raw":"GET /css/main.ffee8cd6.css HTTP/1.1\r\nHost: transfer-usdt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://transfer-usdt.shop/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 30 Mar 2026 16:29:10 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 06 Oct 2025 22:23:34 GMT\r\netag: \"2903-68e44166-33d7660394936911;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2796\r\ndate: Mon, 23 Mar 2026 16:29:10 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10499,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8181)","md5":"5cc83e4d83ab6152bc3d2f117841736a","sha1":"bfe1db640cb7e562d4d8dbc8e9490905418d56cb","sha256":"027ae13fc6fdfdeab31a401e4d114d84fa258540caa7d4bd78f1608633f21892","sha512":"ea58477ff3b6c4e9397deaf54f523b719b46c0ad2c5111aa5da3e9d4ddff159599cd4a388671c27bc12fc29d5e4b4f44e55e3d2ddc032c51259a88bec6965789","ssdeep":"192:Y7JXSS7JXSdiJ+eWVtDnOMwhw5Uv/lpky:GFtlMwhwatT","tlshash":"0c22551ea754082bbd6384fae9d4b659701774c1de2ad7fba8836500ebe61f328d3304","first_seen":"2026-03-23T16:29:53.733031Z","last_seen":"2026-04-19T14:55:16.220438Z","times_seen":3,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"transfer-usdt.shop/images/logo192.png","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://transfer-usdt.shop/","date":"2026-03-23T16:29:18.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"transfer-usdt.shop","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 11:03:59 GMT","end":"Sun, 21 Jun 2026 11:03:58 GMT"},"fingerprint":{"sha1":"FF:15:FE:90:4E:1C:B2:5A:C2:E5:92:68:4C:10:CF:0C:0C:C0:2A:70","sha256":"7A:E1:FE:11:1E:7D:53:31:34:9E:C0:00:6B:A4:FB:C3:27:C5:67:B7:96:58:90:76:95:C6:D8:E0:2F:5F:94:A0"}}},"request":{"raw":"GET /images/logo192.png HTTP/1.1\r\nHost: transfer-usdt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://transfer-usdt.shop/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 30 Mar 2026 16:29:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 06 Oct 2025 22:23:38 GMT\r\netag: \"14e3-68e4416a-18db99c1bd38dfb2;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 5347\r\ndate: Mon, 23 Mar 2026 16:29:11 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5347,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"33dbdd0177549353eeeb785d02c294af","sha1":"7f4f2d68782a7fafceda84554ecab9b489877500","sha256":"c386396ec70db3608075b5fbfaac4ab1ccaa86ba05a68ab393ec551eb66c3e00","sha512":"e34572cf754ff7e1d0acb12d8275252230ad1dd9adc5858e807fef0fb61aea82cb1f9ca3ebab3eeb449460373140105f8d773e7bddbf6745f9e81cc1546621f4","ssdeep":"96:gMgJkzj81lSl2dxYAYKsHHVIqApHGoKf4slNb6LQbTehYx5AtKAdmTRwy/Ik2k3:gMct0nKsUwXTbnkeAMA+Twkv","tlshash":"deb18e4e37e13c238137de00aa8ee5ddff52c6ff81226144e24933e9243839d9591916","first_seen":"2023-04-21T11:39:01Z","last_seen":"2026-06-13T17:29:22.291449Z","times_seen":10606,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"transfer-usdt.shop/images/favicon.ico","fqdn":"transfer-usdt.shop","domain":"transfer-usdt.shop","tld":"shop"},"ip":{"addr":"145.79.211.22","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://transfer-usdt.shop/","date":"2026-03-23T16:29:18.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"transfer-usdt.shop","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 11:03:59 GMT","end":"Sun, 21 Jun 2026 11:03:58 GMT"},"fingerprint":{"sha1":"FF:15:FE:90:4E:1C:B2:5A:C2:E5:92:68:4C:10:CF:0C:0C:C0:2A:70","sha256":"7A:E1:FE:11:1E:7D:53:31:34:9E:C0:00:6B:A4:FB:C3:27:C5:67:B7:96:58:90:76:95:C6:D8:E0:2F:5F:94:A0"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: transfer-usdt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://transfer-usdt.shop/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 30 Mar 2026 16:29:11 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Mon, 06 Oct 2025 22:23:38 GMT\r\netag: \"f1e-68e4416a-dda529a6ff543373;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3667\r\ndate: Mon, 23 Mar 2026 16:29:11 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":3870,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 32 bits/pixel, 24x24 with \n- PNG image data, 24 x 24, 8-bit colormap, non-interlaced, 32 bits/pixel","md5":"c92b85a5b907c70211f4ec25e29a8c4a","sha1":"1120538c77ad1f28a89243b4b53fe2ac16cc3bc6","sha256":"3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd","sha512":"d792613e3c31d3aea08ae9ce51a26498afed8b48c93290640c64d0a23edc85e524bc1d090b5ba3fa161b3f2f7d31f9d1da5db77b14189fc3f8ed81ff830fa70c","ssdeep":"","tlshash":"26815cb31b994539e5cb0317fa069036d8f1d11e09b5493e1a938c05ad2fe99c26a36e","first_seen":"2023-04-12T20:45:07Z","last_seen":"2026-06-13T17:15:59.913706Z","times_seen":10392,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}