{"report_id":"8eb2d354-6abd-4b56-b1f4-1940bb3ed397","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-04-28T16:40:47Z","url":{"schema":"http","addr":"hedz-trading.com","fqdn":"hedz-trading.com","domain":"hedz-trading.com","tld":"com"},"ip":{"addr":"149.33.0.173","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"hedz-trading.com/","fqdn":"hedz-trading.com","domain":"hedz-trading.com","tld":"com"},"title":"Hedz Trading Side","dom":{"size":292341,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (42531)","md5":"f0ef2552416ea01feee47054298ea7c0","sha1":"02285c7ec7c8f9ea9132644378aae90e09b53a41","sha256":"c062cd728c4d6658467ab9944a2a1846a00b50109e54c2b019c3bebef6f729a9","sha512":"5a4f3cf11ea08b8690d0fc3adba37a49308c1fb58a648fde3f844b7d7cd07669c6e7f1936ae0f32e22a08d2a212dfa3d6c7fe5a7774bbd5eb255ef045ce331bf","ssdeep":"6144:Nk7cRce2yU/w0wrrC/9Jds6mPTaVm/Yj9:NTqeTUcr89o6mWVm/Yj9","tlshash":"8b5449f431a9abab6da345e350df650b713d1937dc0e88a0e224ed2a37f044511abf9d","dom_hash":"domhash442efeff8a58a8696489010952470522","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"hedz-trading.com","fqdn":"hedz-trading.com","domain":"hedz-trading.com","tld":"com"},"ip":{"addr":"149.33.0.173","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-02T16:40:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-28","alert":"Detects file containing Telegram Bot API","trigger":"hedz-trading.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-28","alert":"Detects file containing Telegram Bot API","trigger":"hedz-trading.com/favicon.ico","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"hedz-trading.com","ip":{"addr":"149.33.0.173","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":2,"received_data":522382,"sent_data":924,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"hedz-trading.com/","fqdn":"hedz-trading.com","domain":"hedz-trading.com","tld":"com"},"ip":{"addr":"149.33.0.173","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"md5":"bb5b5569a08cb50e939a1d0049d53779","sha1":"7fb4044f3b9eff4a36a14ac5e06f61eaee4ede8b","sha256":"b1dc5d48b266f63c44871f0444ff496d5ca118e3c7383685029f305967d0a4e1","sha512":"05c6099b843d1741525be743db44cf768adf686d2a9eda8083bc1de285ddb0a10e293357ee8bd012ee480922a7bd175876189b4870f5da7b148db90aaea72f8e","size":1031,"token":"8734057483:AAGttxYsXXjUR5rE-oZr7ck8iny8tCOLbcw","is_revoked":false,"bot":{"token":"8734057483:AAGttxYsXXjUR5rE-oZr7ck8iny8tCOLbcw","user_id":"8734057483","username":"SiteForwardStats_bot","first_name":"SiteForwardStats","last_name":"","chat":{"chat_id":"7482046645","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"hedz-trading.com/","fqdn":"hedz-trading.com","domain":"hedz-trading.com","tld":"com"},"ip":{"addr":"149.33.0.173","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bb5b5569a08cb50e939a1d0049d53779","sha1":"7fb4044f3b9eff4a36a14ac5e06f61eaee4ede8b","sha256":"b1dc5d48b266f63c44871f0444ff496d5ca118e3c7383685029f305967d0a4e1","sha512":"05c6099b843d1741525be743db44cf768adf686d2a9eda8083bc1de285ddb0a10e293357ee8bd012ee480922a7bd175876189b4870f5da7b148db90aaea72f8e","ssdeep":"","tlshash":"071144da10768eb0415be0db6677968015b241bf3c06b8d9706c484e2fc5c7486e238d","size":1031,"data":"","first_seen":"2026-04-28T16:40:52.40126Z","last_seen":"2026-04-28T17:01:50.057017Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-28","alert":"Detects file containing Telegram Bot API","trigger":"hedz-trading.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"hedz-trading.com/","fqdn":"hedz-trading.com","domain":"hedz-trading.com","tld":"com"},"ip":{"addr":"149.33.0.173","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-28T16:40:24.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hedz-trading.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 18:16:09 GMT","end":"Tue, 23 Jun 2026 18:16:08 GMT"},"fingerprint":{"sha1":"A7:B1:FB:5A:52:62:AB:4C:1A:78:91:9E:D5:50:9A:76:7B:59:61:27","sha256":"8D:E2:58:9E:45:AB:DC:41:92:FD:32:66:DC:BA:8A:20:0B:0B:FF:E8:7F:15:76:D9:5D:6E:08:94:5F:04:33:0E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: hedz-trading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Tue, 28 Apr 2026 16:40:25 GMT\r\nContent-Type: text/html\r\nLast-Modified: Sun, 22 Mar 2026 19:52:12 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69c0486c-3fb43\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":260931,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (42511)","md5":"26601ccab8db3cfb8dd8c9baba70a8b9","sha1":"5f7a951c4c51ca91f1787cc69a194c0566ab1550","sha256":"e8221c9c041fcd15d3a7873953afc6ef54fe6941ea66369ebf98b3777c793b57","sha512":"f4bcdfc0d6cebb94b7b5d38cf2d171104511ecd04875fc922d134156f0d4157983d93011a997501f7b93287e6af98daa1222be6ec1c09026e24f2867dbff7fbb","ssdeep":"3072:R11mEWOciJyRcDlsVl2943U/w0wzdWnMrrC/9JSWjs6mMT0sY:8k7cRce2yU/w0wrrC/9Jds6mMT9Y","tlshash":"88443bf871b9abab6da355e3509f640b712d29379c0d4ca0f220ed1937f408521abf9d","first_seen":"2026-04-28T16:40:52.398028Z","last_seen":"2026-04-28T17:01:50.056216Z","times_seen":2,"resource_available":true,"data":null}},"time_used":756,"timings":{"blocked":227,"dns":24,"connect":97,"send":0,"wait":193,"receive":106,"ssl":106},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-28","alert":"Detects file containing Telegram Bot API","trigger":"hedz-trading.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"hedz-trading.com/favicon.ico","fqdn":"hedz-trading.com","domain":"hedz-trading.com","tld":"com"},"ip":{"addr":"149.33.0.173","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hedz-trading.com/","date":"2026-04-28T16:40:25.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hedz-trading.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 18:16:09 GMT","end":"Tue, 23 Jun 2026 18:16:08 GMT"},"fingerprint":{"sha1":"A7:B1:FB:5A:52:62:AB:4C:1A:78:91:9E:D5:50:9A:76:7B:59:61:27","sha256":"8D:E2:58:9E:45:AB:DC:41:92:FD:32:66:DC:BA:8A:20:0B:0B:FF:E8:7F:15:76:D9:5D:6E:08:94:5F:04:33:0E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: hedz-trading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hedz-trading.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Tue, 28 Apr 2026 16:40:25 GMT\r\nContent-Type: text/html\r\nLast-Modified: Sun, 22 Mar 2026 19:52:12 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69c0486c-3fb43\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":260931,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (42511)","md5":"26601ccab8db3cfb8dd8c9baba70a8b9","sha1":"5f7a951c4c51ca91f1787cc69a194c0566ab1550","sha256":"e8221c9c041fcd15d3a7873953afc6ef54fe6941ea66369ebf98b3777c793b57","sha512":"f4bcdfc0d6cebb94b7b5d38cf2d171104511ecd04875fc922d134156f0d4157983d93011a997501f7b93287e6af98daa1222be6ec1c09026e24f2867dbff7fbb","ssdeep":"3072:R11mEWOciJyRcDlsVl2943U/w0wzdWnMrrC/9JSWjs6mMT0sY:8k7cRce2yU/w0wrrC/9Jds6mMT9Y","tlshash":"88443bf871b9abab6da355e3509f640b712d29379c0d4ca0f220ed1937f408521abf9d","first_seen":"2026-04-28T16:40:52.398028Z","last_seen":"2026-04-28T17:01:50.056216Z","times_seen":2,"resource_available":true,"data":null}},"time_used":201,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":99,"receive":102,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-28","alert":"Detects file containing Telegram Bot API","trigger":"hedz-trading.com/favicon.ico","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}]}