{"report_id":"68dd7a96-56c3-4331-9e96-7c10428010b6","version":6,"status":"done","tags":["suspicious"],"date":"2025-03-20T14:09:18Z","url":{"schema":"http","addr":"eastman-dispute.surge.sh","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"188.166.132.94","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"title":"eastman-dispute.surge.sh/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-29T14:09:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"eastman-dispute.surge.sh","ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"domain_registered":"2014-07-25","domain_rank":0,"first_seen":"2025-03-20T14:09:18.926762Z","last_seen":"2025-03-20T14:09:18.926762Z","alert_count":2,"request_count":7,"received_data":385673,"sent_data":3280,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"md5":"7cf3bec39adb19ba6bf252416821a42e","sha1":"c6519a5459073408ce6db9e8dbf5fcdc7eeeaf1d","sha256":"1e17072c2411412438ad9eb8ae43c5676b75fa63c799ab6a4785eff1d6a9f930","sha512":"d33452e61317e6f06a4004c6305f69c4eba822189a8fb37e208cbdabcfa0e3f62cd8b65c78bd7f753fb63c36bda1aab368f84c3526975580e744b70db4b73b79","size":1255,"token":"6757998435:AAGq5jIPM7jAj9u-M79tonAmZ3jIjhlrO7k","is_revoked":false,"bot":{"token":"6757998435:AAGq5jIPM7jAj9u-M79tonAmZ3jIjhlrO7k","user_id":"6757998435","username":"stanfordfcubot","first_name":"Vystar Credit Union","last_name":"","chat":{"chat_id":"6595653755","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":2}}],"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-20","alert":"Detects file containing Telegram Bot API","trigger":"eastman-dispute.surge.sh/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7cf3bec39adb19ba6bf252416821a42e","sha1":"c6519a5459073408ce6db9e8dbf5fcdc7eeeaf1d","sha256":"1e17072c2411412438ad9eb8ae43c5676b75fa63c799ab6a4785eff1d6a9f930","sha512":"d33452e61317e6f06a4004c6305f69c4eba822189a8fb37e208cbdabcfa0e3f62cd8b65c78bd7f753fb63c36bda1aab368f84c3526975580e744b70db4b73b79","ssdeep":"","tlshash":"bf21ab577db614601b9bf1ba13d7b104e131206b3a44d821bd4ddbe11f1566d607eb84","size":1255,"data":"","first_seen":"2025-03-20T14:09:20.637035Z","last_seen":"2025-03-20T14:09:20.637035Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/img/logo.png","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://eastman-dispute.surge.sh/","date":"2025-03-20T14:08:57.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.surge.sh","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 19 Apr 2024 00:00:00 GMT","end":"Sun, 18 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"77:C0:DA:F7:E7:30:96:2C:69:AB:5B:42:74:84:CD:C8:38:E3:3D:56","sha256":"5F:B2:4B:5B:38:A9:C5:71:81:49:F2:0B:BF:95:4B:D2:94:86:67:44:8B:38:61:B9:FF:FA:5D:7B:21:42:A9:F6"}}},"request":{"raw":"GET /img/logo.png HTTP/1.1\r\nHost: eastman-dispute.surge.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://eastman-dispute.surge.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Surge\r\nSurge-Cache: HIT\r\nSurge-Stamp: 646::1742432304341-b385f317efb2cdca4dfdbb5e25ae22e3\r\nAge: 53243\r\nDate: Thu, 20 Mar 2025 14:08:57 GMT\r\nCache-Control: public, max-age=0, must-revalidate\r\nETag: \"fbcfb8c2646e262a406fb0446e9cccbdad85e3f42e2c6f72eb27d034028eee06\"\r\nContent-Type: image/png\r\nAccept-Ranges: bytes\r\nResponse-Time: 1ms\r\nContent-Length: 13038\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13038,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 75, 8-bit/color RGB, non-interlaced","md5":"b385f317efb2cdca4dfdbb5e25ae22e3","sha1":"f13beb98182fc2ef0743082e7d8277296eb5c255","sha256":"fbcfb8c2646e262a406fb0446e9cccbdad85e3f42e2c6f72eb27d034028eee06","sha512":"d77f08b39f9fe347c5503106c094b55d837a71fb5bb1f296818e6985f2a1835e003ce2f24d551343ec861ddb662499b564373162174e1c91554854b08d416815","ssdeep":"192:74ihw/Y6SB48qqczIjGA54uNitYwpN156NOiLZO9g+sqkqHbn3gEaLMgzVLAwkG6:7QvSlczFAwN156UilO9g+Zn3zUtknBtB","tlshash":"5542c116fa4bb948db26b4c21b73533bf4a7d7404c4be069c49f9c46d7a08618529a8e","first_seen":"2025-03-20T14:09:20.628174Z","last_seen":"2025-09-03T21:53:10.430913Z","times_seen":8,"resource_available":false,"data":null}},"time_used":981,"timings":{"blocked":330,"dns":1,"connect":161,"send":0,"wait":315,"receive":1,"ssl":170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/img/custom1-bMT2rraqz0.png","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://eastman-dispute.surge.sh/","date":"2025-03-20T14:08:57.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.surge.sh","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 19 Apr 2024 00:00:00 GMT","end":"Sun, 18 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"77:C0:DA:F7:E7:30:96:2C:69:AB:5B:42:74:84:CD:C8:38:E3:3D:56","sha256":"5F:B2:4B:5B:38:A9:C5:71:81:49:F2:0B:BF:95:4B:D2:94:86:67:44:8B:38:61:B9:FF:FA:5D:7B:21:42:A9:F6"}}},"request":{"raw":"GET /img/custom1-bMT2rraqz0.png HTTP/1.1\r\nHost: eastman-dispute.surge.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://eastman-dispute.surge.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Surge\r\nSurge-Cache: HIT\r\nSurge-Stamp: 646::1742432304341-6cc4f6afeadafaacf44f7779ed5d3ea6\r\nAge: 53242\r\nDate: Thu, 20 Mar 2025 14:08:57 GMT\r\nCache-Control: public, max-age=0, must-revalidate\r\nETag: \"5e70e962bf346a491cec42a37fed817251658988ae34b03498cb785f57bc08dd\"\r\nContent-Type: image/png\r\nAccept-Ranges: bytes\r\nResponse-Time: 2ms\r\nContent-Length: 4027\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4027,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 35, 8-bit/color RGBA, non-interlaced","md5":"6cc4f6afeadafaacf44f7779ed5d3ea6","sha1":"0fddf586dc45d30f32b12cc95fb3a83b818b33df","sha256":"5e70e962bf346a491cec42a37fed817251658988ae34b03498cb785f57bc08dd","sha512":"ad54c3ae6c692f04c281db590c6d835d612923fcda1dc1d0b0c45e83285b4c2b5d9d6ba0695f356d41788eb742753125cd3f1cbdb7d67ff97d7d9249967b998a","ssdeep":"","tlshash":"74815c1a9780a840e4cde9a438f790978a2c4f5334c6f44266c7e97b583d0bdc207eee","first_seen":"2025-03-11T17:38:06.39999Z","last_seen":"2026-03-25T13:56:53.759423Z","times_seen":12,"resource_available":false,"data":null}},"time_used":836,"timings":{"blocked":332,"dns":0,"connect":165,"send":0,"wait":164,"receive":0,"ssl":170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/img/ncua_icon_142x60_k_100.png","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://eastman-dispute.surge.sh/","date":"2025-03-20T14:08:57.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.surge.sh","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 19 Apr 2024 00:00:00 GMT","end":"Sun, 18 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"77:C0:DA:F7:E7:30:96:2C:69:AB:5B:42:74:84:CD:C8:38:E3:3D:56","sha256":"5F:B2:4B:5B:38:A9:C5:71:81:49:F2:0B:BF:95:4B:D2:94:86:67:44:8B:38:61:B9:FF:FA:5D:7B:21:42:A9:F6"}}},"request":{"raw":"GET /img/ncua_icon_142x60_k_100.png HTTP/1.1\r\nHost: eastman-dispute.surge.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://eastman-dispute.surge.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Surge\r\nSurge-Cache: HIT\r\nSurge-Stamp: 613::1742432304341-d2d58f14ef3740098c74179e67bf6bda\r\nAge: 53273\r\nDate: Thu, 20 Mar 2025 14:08:57 GMT\r\nCache-Control: public, max-age=0, must-revalidate\r\nETag: \"452a04333de59b9354ff6a97a970c0781e29a94fe111e66fd1f3092f16361828\"\r\nContent-Type: image/png\r\nAccept-Ranges: bytes\r\nResponse-Time: 1ms\r\nContent-Length: 4624\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4624,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 142 x 60, 8-bit/color RGBA, non-interlaced","md5":"d2d58f14ef3740098c74179e67bf6bda","sha1":"c1d1b0457f4a546dc94e41274fd7316140c83c67","sha256":"452a04333de59b9354ff6a97a970c0781e29a94fe111e66fd1f3092f16361828","sha512":"2313a98e80266790db2057c43581279a3638f8675cafd255ff8ebe9c29ccbcca3a1016c6e29311eb15b6b1da73376896c5ee11d476cb20c72b7227695ae0cb60","ssdeep":"96:Y2jhSMAqqYQmG6azBgDDSV8DuNQ/rsoKhmM8p43:XQq9QmsgDDbDu2/rlc3","tlshash":"66919d05fec37c518681adc424f3fc7ba6944e92c1788945fa4bc4ae04a41d0952eed9","first_seen":"2023-05-07T04:28:14Z","last_seen":"2026-03-25T13:56:53.756642Z","times_seen":28,"resource_available":false,"data":null}},"time_used":837,"timings":{"blocked":333,"dns":1,"connect":160,"send":0,"wait":164,"receive":0,"ssl":173},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/img/ncua_text_280x60_k_100.png","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://eastman-dispute.surge.sh/","date":"2025-03-20T14:08:57.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.surge.sh","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 19 Apr 2024 00:00:00 GMT","end":"Sun, 18 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"77:C0:DA:F7:E7:30:96:2C:69:AB:5B:42:74:84:CD:C8:38:E3:3D:56","sha256":"5F:B2:4B:5B:38:A9:C5:71:81:49:F2:0B:BF:95:4B:D2:94:86:67:44:8B:38:61:B9:FF:FA:5D:7B:21:42:A9:F6"}}},"request":{"raw":"GET /img/ncua_text_280x60_k_100.png HTTP/1.1\r\nHost: eastman-dispute.surge.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://eastman-dispute.surge.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Surge\r\nSurge-Cache: HIT\r\nSurge-Stamp: 645::1742432304341-757c67077322c98147ef26f8e5805df4\r\nAge: 53243\r\nDate: Thu, 20 Mar 2025 14:08:57 GMT\r\nCache-Control: public, max-age=0, must-revalidate\r\nETag: \"6b2858e6fbad261a27d0effd68612b0508d6d00c3af53995c1ada16d3642967f\"\r\nContent-Type: image/png\r\nAccept-Ranges: bytes\r\nResponse-Time: 1ms\r\nContent-Length: 2639\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced","md5":"757c67077322c98147ef26f8e5805df4","sha1":"aa5b80ad4c26ab3477a34ae2d27a3084f4f40970","sha256":"6b2858e6fbad261a27d0effd68612b0508d6d00c3af53995c1ada16d3642967f","sha512":"25599bf7bda8f1359216615d40de0c0897a75677889ee583b1889a25cec81091ad51ba2c6967633134a371e2424056a6607fad3a32eb885ad451b3f821d7b1e6","ssdeep":"","tlshash":"86512c5de7926450b548e482d0f9146b6f5706c0d1b1a3084dcfd8d314361b5c75e8cb","first_seen":"2024-02-04T03:55:48Z","last_seen":"2026-03-25T13:56:53.757255Z","times_seen":28,"resource_available":false,"data":null}},"time_used":837,"timings":{"blocked":332,"dns":1,"connect":167,"send":0,"wait":163,"receive":0,"ssl":171},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/favicon.ico","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://eastman-dispute.surge.sh/","date":"2025-03-20T14:08:58.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.surge.sh","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 19 Apr 2024 00:00:00 GMT","end":"Sun, 18 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"77:C0:DA:F7:E7:30:96:2C:69:AB:5B:42:74:84:CD:C8:38:E3:3D:56","sha256":"5F:B2:4B:5B:38:A9:C5:71:81:49:F2:0B:BF:95:4B:D2:94:86:67:44:8B:38:61:B9:FF:FA:5D:7B:21:42:A9:F6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: eastman-dispute.surge.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://eastman-dispute.surge.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Surge\r\nSurge-Cache: HIT\r\nSurge-Stamp: 613::1742432304341\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 8247\r\nETag: W/\"2037-Bpq88syl4OLNTwUiR08il4/lN+0\"\r\nDate: Thu, 20 Mar 2025 14:08:58 GMT\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":8247,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (8523), with no line terminators","md5":"97ae374b78c8ba732e87fa53ed6cece8","sha1":"b891116ab16e338e3d4035293558faa3d5e91bd5","sha256":"dd991b447c4a2e699aadeef1bdcadc08af602d1aec077e43f42de9d9a07d2a15","sha512":"d0db322c0472f56069bbc2cef51079efd8da55dfc9cff76754c2e13ac3ed94c35753b67a9d0a8fed63f04057fd737fa6cadd6945eaf5c84a83c493ac2ba889f6","ssdeep":"96:ENF/C6JyMoufFqjN538Q48rMCiCeLyGDGt/D2YE10U4/6IVOka0tTCf6IoOyZLN9:Ei6JnR+NOQoBgD2y9a0tTC4zvY7kpMKx","tlshash":"860252388650e3bdcd92affedfa51070a56e20dca0e1c318555ec16275874eee3887e9","first_seen":"2023-04-23T08:36:26Z","last_seen":"2025-04-06T06:04:59.351334Z","times_seen":142,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":0,"dns":1,"connect":161,"send":0,"wait":162,"receive":1,"ssl":168},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-20T14:08:56.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.surge.sh","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 19 Apr 2024 00:00:00 GMT","end":"Sun, 18 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"77:C0:DA:F7:E7:30:96:2C:69:AB:5B:42:74:84:CD:C8:38:E3:3D:56","sha256":"5F:B2:4B:5B:38:A9:C5:71:81:49:F2:0B:BF:95:4B:D2:94:86:67:44:8B:38:61:B9:FF:FA:5D:7B:21:42:A9:F6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: eastman-dispute.surge.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Surge\r\nSurge-Cache: HIT\r\nSurge-Stamp: 646::1742432304341-cd6b50a02331c68dd2086c10a8cc6db5\r\nAge: 53273\r\nDate: Thu, 20 Mar 2025 14:08:56 GMT\r\nCache-Control: public, max-age=0, must-revalidate\r\nETag: \"facff4ca154134c7a449b919af2fac5af9983c2c4e371d9a8a95ea7ce1c258e3\"\r\nContent-Type: text/html; charset=UTF-8\r\nAccept-Ranges: bytes\r\nResponse-Time: 3ms\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3582,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (3926), with no line terminators","md5":"4db55aed63c56e1860608383cc294820","sha1":"f4a338caecd9501d6f678cd58778bcd5eae11f67","sha256":"e4df4fb29d28ca481a38c273c34388b043391b494dc7ede6a725a21bb798a08d","sha512":"de27e4d196a5285cf328343a4f780fde232890dc8512d8c647827b8aeef53c2372d5125311907f77c1fda3560b95289b5f5f51b24924ab6d3bbe03c357bd3438","ssdeep":"","tlshash":"6e81537a6d2d302c6405d2bc75c2a496f00bb41667628c68fe8cb575e3c5d68c93ee48","first_seen":"2025-03-20T14:09:20.634599Z","last_seen":"2025-03-20T14:09:20.634599Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1132,"timings":{"blocked":483,"dns":124,"connect":160,"send":0,"wait":165,"receive":1,"ssl":196},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-20","alert":"Detects file containing Telegram Bot API","trigger":"eastman-dispute.surge.sh/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"eastman-dispute.surge.sh/img/banner.jpg","fqdn":"eastman-dispute.surge.sh","domain":"surge.sh","tld":"sh"},"ip":{"addr":"138.197.235.123","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://eastman-dispute.surge.sh/","date":"2025-03-20T14:08:57.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.surge.sh","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 19 Apr 2024 00:00:00 GMT","end":"Sun, 18 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"77:C0:DA:F7:E7:30:96:2C:69:AB:5B:42:74:84:CD:C8:38:E3:3D:56","sha256":"5F:B2:4B:5B:38:A9:C5:71:81:49:F2:0B:BF:95:4B:D2:94:86:67:44:8B:38:61:B9:FF:FA:5D:7B:21:42:A9:F6"}}},"request":{"raw":"GET /img/banner.jpg HTTP/1.1\r\nHost: eastman-dispute.surge.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://eastman-dispute.surge.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Surge\r\nSurge-Cache: HIT\r\nSurge-Stamp: 646::1742432304341-4cc62ca734cf03d0f2d07e78185cdb8f\r\nAge: 53273\r\nDate: Thu, 20 Mar 2025 14:08:57 GMT\r\nCache-Control: public, max-age=0, must-revalidate\r\nETag: \"d4209e0a6f46e01104b243b088138bea5f32b5856974a981894ebe69cd702926\"\r\nContent-Type: image/jpeg\r\nAccept-Ranges: bytes\r\nResponse-Time: 1ms\r\nContent-Length: 346790\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":346790,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [\n- TIFF image data, big-endian, direntries=2], baseline, precision 8, 2118x1261, components 3","md5":"4cc62ca734cf03d0f2d07e78185cdb8f","sha1":"63d9241c59fe71ef84771de374dc349356948bf5","sha256":"d4209e0a6f46e01104b243b088138bea5f32b5856974a981894ebe69cd702926","sha512":"995a0adf1079edb5891a9b5ab577516e1dae58be582749669e697507eb5193f5bad26e94d90a18ac0c8c8960d42accd767498a893d59018b7584156dbb4c0f16","ssdeep":"6144:qMmawHfrTtVfVRtTlAamuiGGS677wLsRAsncjRIJFLaNavi:FwHHzfHtTaamwjkBzum6avi","tlshash":"6074d00748055bdae11c97f4be571ee86f482b08e9963dff305e0e863b686234d9d42e","first_seen":"2025-03-20T14:09:20.635701Z","last_seen":"2025-09-03T21:53:10.419819Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1475,"timings":{"blocked":330,"dns":0,"connect":160,"send":0,"wait":317,"receive":495,"ssl":170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}