Report Overview
Visitedpublic
2026-03-18 15:21:16
Submit Tags
URL
helpkozhnomu.com/
Finishing URL
helpkozhnomu.com/
IP / ASN
172.67.220.107
Title
Help UA — Соціальна допомога для кожного українця
Suspicious - Suspicious Javascript code
Detections
urlquery
2
Network Intrusion Detection
3
Threat Detection Systems
1
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
fonts.gstatic.com | unknown | 2008-02-11 | 2014-04-02 | 2026-03-15 | 3.3 kB | 207 kB |  172.217.19.227 | |
api.telegram.org | 206724 | 2003-12-15 | 2015-06-25 | 2026-03-13 | 1.1 kB | 762 B |  149.154.166.110 |  |
helpkozhnomu.com 2 alert(s) on this Host | unknown | unknown | No data | No data | 2.2 kB | 431 kB | 104.21.62.55 |  |
fonts.googleapis.com | 313 | 2005-01-25 | 2012-05-23 | 2026-03-15 | 528 B | 11 kB | 142.251.38.106 | |
ipapi.co | 7936 | 2016-04-19 | 2017-01-31 | 2026-03-11 | 433 B | 2.5 kB | 104.26.9.44 | |
ip-api.com | 696 | 2012-04-24 | 2014-10-06 | 2026-03-18 | 469 B | 184 B | 208.95.112.1 |
Nginx:1.18.0 (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| medium | Client IP | 208.95.112.1 | ET INFO Observed External IP Lookup Domain (ip-api .com) in TLS SNI | |
| low | Client IP | 149.154.166.110 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) | |
| low | Client IP | 149.154.166.110 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| YARAhub by abuse.ch | helpkozhnomu.com/static/js/main.e7af9dad.js | malware | Detects file containing Telegram Bot API |
Telegram Bot detected (1)
URL
helpkozhnomu.com/static/js/main.e7af9dad.js
IP / ASN
104.21.62.55
Token
8639029485:AAEdZkifQnCbMNHW5oaPbuRrwFYN7js0W0s
Bot Overview
User ID8639029485
UsernameUaBank777_bot
First NameUa Bank
Last NameN/A
Chat Info
Chat IDN/A
Chat TypeN/A
TitleN/A
User Count0
Admins0
Pending Msgs0
JavaScript (3)
No JavaScripts
HTTP Transactions (16)
| URL | IP | Response | Size |
|---|