{"report_id":"829af955-c021-40b7-98c7-9ab94fad0338","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-04-13T12:03:37Z","url":{"schema":"http","addr":"verifytrustwallet.com","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"verifytrustwallet.com/","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"title":"Safe Approve + Auto Send + Telegram Demo (BSC Mainnet)","dom":{"size":2745,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (798)","md5":"7f9288fe4c9e4684890a6d6af568e787","sha1":"766a7b45ee66c8c5eb66a9687c4c3c394ad5718e","sha256":"11337c3da8daf92f07f8a486a5b9a8f00e93df04df306d279fa5e3a52f9d6843","sha512":"53f764cf2a5fbbc519bf5f8c5fd79b436d25f1bc16c4b670bc3d755e4007136c2f02c2047091567ae4691c5ef1930a43bb0e8e91bfee31e35490303f93ab8057","ssdeep":"","tlshash":"7e512320e06a773d52d2cd91a4b418274ec7c5ae32c4cd24739c58d2778fe9ad5e7498","dom_hash":"domhash03b4adc2c828e0272d949303092f71e0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"verifytrustwallet.com","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-18T12:03:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-13","alert":"Detects file containing Telegram Bot API","trigger":"verifytrustwallet.com/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-13","alert":"Sinkholed","trigger":"verifytrustwallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"verifytrustwallet.com","ip":{"addr":"178.63.205.58","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-08-15","domain_rank":0,"first_seen":"2026-04-13T12:03:38.002047Z","last_seen":"2026-04-13T12:03:38.002047Z","alert_count":6,"request_count":4,"received_data":14601,"sent_data":1800,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-04-12T22:35:46.689898Z","alert_count":0,"request_count":1,"received_data":552312,"sent_data":486,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"verifytrustwallet.com/main.js","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"7df6aa7e216b5eb5fa6b9b848509e5d0","sha1":"195b78d8c20223784fe9eefff2c0dcae1d14ba8b","sha256":"38945a79019ef056d0c5274bfe875a9c037528ccab5e1d1d579664c08c1b8b5c","sha512":"2bd99277fbb9d96fc84641e2c7c92bc755624a33e008b63dc9e77d33859da6ec4fcea8d407c8275494a3d54c334789648456b1eeacf314782bdee94adfbb23c1","size":5556,"token":"8397466912:AAFKlWFlu0Fjrg3vggAI7DBgLiiHUMrdZL8","is_revoked":false,"bot":{"token":"8397466912:AAFKlWFlu0Fjrg3vggAI7DBgLiiHUMrdZL8","user_id":"8397466912","username":"Usdtsol_logs_bot","first_name":"Usdt-Sol-Logs","last_name":"","chat":{"chat_id":"5540214201","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"verifytrustwallet.com/main.js","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"7df6aa7e216b5eb5fa6b9b848509e5d0","sha1":"195b78d8c20223784fe9eefff2c0dcae1d14ba8b","sha256":"38945a79019ef056d0c5274bfe875a9c037528ccab5e1d1d579664c08c1b8b5c","sha512":"2bd99277fbb9d96fc84641e2c7c92bc755624a33e008b63dc9e77d33859da6ec4fcea8d407c8275494a3d54c334789648456b1eeacf314782bdee94adfbb23c1","ssdeep":"96:1lXqH7LJfCSrISIAb3HWg0l5Y9GfTA5WRjpReA3yCpx+AndjDyY6t/7ILfRzyHXk:76wOKD6gTRjp/3/pzu7mzA97moY7i7xe","tlshash":"17b1b8f1320e29314a3b17b0394b7162aa679637ad41c590b5edc0720b3bd6dc4e1eee","size":5556,"data":"","first_seen":"2026-04-13T12:03:40.987341Z","last_seen":"2026-04-13T12:04:03.043122Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-13","alert":"Detects file containing Telegram Bot API","trigger":"verifytrustwallet.com/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.esm.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"importedModule","is_inline":false,"md5":"1bd588df37feab9f6277f49cc3142dca","sha1":"20da0a5b55c732a287ff8b99ac0e44e0cccbc02c","sha256":"08d4e51b6e59b4547abfc03e673477396dc927783622d8783cde949ca09a62b1","sha512":"46049587b6958235a7693cc2fe0c8296a2d81550f157ff439c5fa339550d8c9eb339d0958358bae138e7912428f8a9743f8adeca6b8aa4a5a3e8f9881c68080d","ssdeep":"12288:hf6wFezkHQx78XbyzlGfseuO+PJENtga43N3mT:hf64KkeTlGfEENtgztE","tlshash":"74c43c8173a2b07687ca15e024761002f639f45a645c40acf65cfde63ebad88957fb3d","size":551520,"data":"","first_seen":"2025-10-13T18:51:14.441825Z","last_seen":"2026-04-13T12:04:03.031857Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"verifytrustwallet.com/favicon.ico","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://verifytrustwallet.com/","date":"2026-04-13T12:03:14.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifytrustwallet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Feb 2026 12:36:09 GMT","end":"Sat, 16 May 2026 12:36:08 GMT"},"fingerprint":{"sha1":"37:86:D4:18:2C:5D:15:56:4B:5E:A9:06:CC:5E:B7:43:D1:2A:CD:57","sha256":"95:D9:7D:1B:D7:48:A0:AE:3E:0D:D9:6E:11:E6:65:F2:D4:72:22:CF:90:06:B2:40:CE:41:9A:F1:E8:D8:B7:45"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: verifytrustwallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifytrustwallet.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Mon, 13 Apr 2026 12:03:14 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-04-13T19:16:21.134111Z","times_seen":118129,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-13","alert":"Sinkholed","trigger":"verifytrustwallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"verifytrustwallet.com/","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-13T12:03:14.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifytrustwallet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Feb 2026 12:36:09 GMT","end":"Sat, 16 May 2026 12:36:08 GMT"},"fingerprint":{"sha1":"37:86:D4:18:2C:5D:15:56:4B:5E:A9:06:CC:5E:B7:43:D1:2A:CD:57","sha256":"95:D9:7D:1B:D7:48:A0:AE:3E:0D:D9:6E:11:E6:65:F2:D4:72:22:CF:90:06:B2:40:CE:41:9A:F1:E8:D8:B7:45"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: verifytrustwallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Sun, 24 Aug 2025 15:50:26 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 939\r\ndate: Mon, 13 Apr 2026 12:03:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2669,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (792), with CRLF line terminators","md5":"b151ceb66dc9ddf1223734a0df33cf3f","sha1":"41d11f5802185e2b92602cdc29097fd623ebd9e1","sha256":"9db20b7e99117ab7e488593cdda70a3feedc4929da4748bd54a914c321b4d6eb","sha512":"b283c3ea9dcddcb4f51bc125cfbd7a24e3e644b524e59a1f03326e0b6b51ab91db3e3cf3f93c8496f14ec53cee4d6983a25221fc9446a15be10af93873971222","ssdeep":"","tlshash":"c8511e3060867a3d02f2c9a1a8741925dfcbc29e32c4cd20729c56d33befe499ae3459","first_seen":"2026-04-13T12:03:40.981957Z","last_seen":"2026-04-13T12:04:03.040589Z","times_seen":2,"resource_available":true,"data":null}},"time_used":429,"timings":{"blocked":194,"dns":121,"connect":33,"send":0,"wait":40,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-13","alert":"Sinkholed","trigger":"verifytrustwallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"verifytrustwallet.com/style.css","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://verifytrustwallet.com/","date":"2026-04-13T12:03:14.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifytrustwallet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Feb 2026 12:36:09 GMT","end":"Sat, 16 May 2026 12:36:08 GMT"},"fingerprint":{"sha1":"37:86:D4:18:2C:5D:15:56:4B:5E:A9:06:CC:5E:B7:43:D1:2A:CD:57","sha256":"95:D9:7D:1B:D7:48:A0:AE:3E:0D:D9:6E:11:E6:65:F2:D4:72:22:CF:90:06:B2:40:CE:41:9A:F1:E8:D8:B7:45"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: verifytrustwallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifytrustwallet.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 20 Apr 2026 12:03:14 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 24 Aug 2025 15:45:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1003\r\ndate: Mon, 13 Apr 2026 12:03:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3750,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"148c19446a87cd79bedc397bfcae7a2d","sha1":"a61669f9349762e57236adf728b6a04d953f28a3","sha256":"fc40fc2796f70b64de5a7bdc2ef431c7806bf1855c5c5aaeb1b8f7ba9aa878fb","sha512":"621a52adc13d7887510169104311db5c9179c6840c2d7ba548d7f70d917a55996fc29d52259ed57062a40ee34ad8cbdb83a06688b90d53fc1926db05db1d5c5e","ssdeep":"","tlshash":"93712105db462206f233cf703b62a915d73670ba87c262ed7ed0c1246eb40a99a3dfd4","first_seen":"2026-04-13T12:03:40.984672Z","last_seen":"2026-04-13T12:04:03.029201Z","times_seen":2,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-13","alert":"Sinkholed","trigger":"verifytrustwallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"verifytrustwallet.com/main.js","fqdn":"verifytrustwallet.com","domain":"verifytrustwallet.com","tld":"com"},"ip":{"addr":"178.63.205.58","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://verifytrustwallet.com/","date":"2026-04-13T12:03:14.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verifytrustwallet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Feb 2026 12:36:09 GMT","end":"Sat, 16 May 2026 12:36:08 GMT"},"fingerprint":{"sha1":"37:86:D4:18:2C:5D:15:56:4B:5E:A9:06:CC:5E:B7:43:D1:2A:CD:57","sha256":"95:D9:7D:1B:D7:48:A0:AE:3E:0D:D9:6E:11:E6:65:F2:D4:72:22:CF:90:06:B2:40:CE:41:9A:F1:E8:D8:B7:45"}}},"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: verifytrustwallet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifytrustwallet.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 09 Sep 2025 17:34:30 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1797\r\ndate: Mon, 13 Apr 2026 12:03:14 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5556,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"7df6aa7e216b5eb5fa6b9b848509e5d0","sha1":"195b78d8c20223784fe9eefff2c0dcae1d14ba8b","sha256":"38945a79019ef056d0c5274bfe875a9c037528ccab5e1d1d579664c08c1b8b5c","sha512":"2bd99277fbb9d96fc84641e2c7c92bc755624a33e008b63dc9e77d33859da6ec4fcea8d407c8275494a3d54c334789648456b1eeacf314782bdee94adfbb23c1","ssdeep":"96:1lXqH7LJfCSrISIAb3HWg0l5Y9GfTA5WRjpReA3yCpx+AndjDyY6t/7ILfRzyHXk:76wOKD6gTRjp/3/pzu7mzA97moY7i7xe","tlshash":"17b1b8f1320e29314a3b17b0394b7162aa679637ad41c590b5edc0720b3bd6dc4e1eee","first_seen":"2026-04-13T12:03:40.987341Z","last_seen":"2026-04-13T12:04:03.043122Z","times_seen":2,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-13","alert":"Detects file containing Telegram Bot API","trigger":"verifytrustwallet.com/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-13","alert":"Sinkholed","trigger":"verifytrustwallet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.esm.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://verifytrustwallet.com/","date":"2026-04-13T12:03:14.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/ethers@5.7.2/dist/ethers.esm.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://verifytrustwallet.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://verifytrustwallet.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.7.2\r\nx-jsd-version-type: version\r\netag: W/\"86a60-INoKW1XHMqKH/4uZrA5E4MzLwCw\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 123413\r\ndate: Mon, 13 Apr 2026 12:03:14 GMT\r\nx-served-by: cache-fra-eddf8230125-FRA, cache-hel1410032-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 152293\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":551520,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1bd588df37feab9f6277f49cc3142dca","sha1":"20da0a5b55c732a287ff8b99ac0e44e0cccbc02c","sha256":"08d4e51b6e59b4547abfc03e673477396dc927783622d8783cde949ca09a62b1","sha512":"46049587b6958235a7693cc2fe0c8296a2d81550f157ff439c5fa339550d8c9eb339d0958358bae138e7912428f8a9743f8adeca6b8aa4a5a3e8f9881c68080d","ssdeep":"12288:hf6wFezkHQx78XbyzlGfseuO+PJENtga43N3mT:hf64KkeTlGfEENtgztE","tlshash":"74c43c8173a2b07687ca15e024761002f639f45a645c40acf65cfde63ebad88957fb3d","first_seen":"2025-10-13T18:51:14.441825Z","last_seen":"2026-04-13T12:04:03.031857Z","times_seen":8,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":136,"dns":75,"connect":27,"send":0,"wait":28,"receive":61,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}