{"report_id":"8f13218c-ab1d-4b90-9af8-9b5bf9695e07","version":0,"status":"done","tags":["phishing","suspicious","telegram_bot"],"date":"2026-07-03T12:24:41Z","url":{"schema":"http","addr":"varimo.info/mac/korea.html","fqdn":"varimo.info","domain":"varimo.info","tld":"info"},"ip":{"addr":"213.136.93.173","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"varimo.info/mac/korea.html","fqdn":"varimo.info","domain":"varimo.info","tld":"info"},"title":"Email Update","dom":{"size":6469,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d0df9b90b2623731297e6fafa5ae4a2e","sha1":"372c7bdb59fc0072da8e4b4306af7ad9e14155e4","sha256":"a1d78d2cd627cf443d8e4e32909ecfdc476931263409a4f8c6d7d449d2ad152e","sha512":"0aadee90b3b95c50a04ea9da76ee806a45ecb3409b0ce77fc014982f816203a455dbce31d9b2e41fbcc87a69205fb40859b4d55eb1fa10774fc3b9a01d9ff122","ssdeep":"192:Br5/+rNFMEFpF/9OAjqHUFiLi3iebUnUn2iQuriyu4/:Br2FMEFpF+0FiLi3i0UnpiQ6iyb","tlshash":"95d1569b1567089066a7e0fc37eba7053560c113aa4ac8247f5cb69c8f4ad96d8b33cd","dom_hash":"domhashfbad14c8bbe4416ad4933980c48ba9a8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"varimo.info/mac/korea.html","fqdn":"varimo.info","domain":"varimo.info","tld":"info"},"ip":{"addr":"213.136.93.173","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-07T12:24:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"varimo.info/mac/korea.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"varimo.info","ip":{"addr":"213.136.93.173","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-15T01:16:37.774038Z","last_seen":"2026-06-15T01:16:37.774038Z","alert_count":9,"request_count":2,"received_data":7433,"sent_data":1006,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"varimo.info/mac/korea.html","fqdn":"varimo.info","domain":"varimo.info","tld":"info"},"ip":{"addr":"213.136.93.173","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"md5":"211f7eaedaf07f5c74fa496413893add","sha1":"e4191d3b9f9b639eaf280ddfed695f551e5818e0","sha256":"30ef362c46334e006649f56c21e3084538c5e0d0b14902a3f0688d1dbc580f13","sha512":"a481a37ab61c1a7fc58014d1de873226934222bb9dd31895bec02699c76f3411c4acf305a62ab6cf87f8a40a664eb3229138bb1ace70df45f15e15a3f937e66b","size":3040,"token":"7100440492:AAGGm34_SHc_sqZIBZjeVrvDsqT-QJFnDJA","is_revoked":false,"bot":{"token":"7100440492:AAGGm34_SHc_sqZIBZjeVrvDsqT-QJFnDJA","user_id":"7100440492","username":"freshNew009_bot","first_name":"New log","last_name":"","chat":{"chat_id":"6579880838","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"varimo.info/mac/korea.html","fqdn":"varimo.info","domain":"varimo.info","tld":"info"},"ip":{"addr":"213.136.93.173","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"211f7eaedaf07f5c74fa496413893add","sha1":"e4191d3b9f9b639eaf280ddfed695f551e5818e0","sha256":"30ef362c46334e006649f56c21e3084538c5e0d0b14902a3f0688d1dbc580f13","sha512":"a481a37ab61c1a7fc58014d1de873226934222bb9dd31895bec02699c76f3411c4acf305a62ab6cf87f8a40a664eb3229138bb1ace70df45f15e15a3f937e66b","ssdeep":"","tlshash":"7551109b111708a007b7e2ed324ba314316191273d85d460fe1ca26a4f16da6f8b73ce","size":3040,"data":"","first_seen":"2026-06-15T13:34:43.475977Z","last_seen":"2026-07-03T21:47:43.972784Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"varimo.info/mac/korea.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"varimo.info/favicon.ico","fqdn":"varimo.info","domain":"varimo.info","tld":"info"},"ip":{"addr":"213.136.93.173","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varimo.info/mac/korea.html","date":"2026-07-03T12:24:18.666Z","timestamp":1783081458666,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webdisk.varimo.info","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 02:27:05 GMT","end":"Wed, 30 Sep 2026 02:27:04 GMT"},"fingerprint":{"sha1":"51:46:1B:D4:0D:FC:70:75:0B:B2:1D:E7:1F:1D:7B:B9:25:71:02:2D","sha256":"44:66:E2:BD:7B:B4:D4:11:27:07:C4:A8:94:C0:05:29:8F:A1:E7:26:B9:83:C0:45:FE:34:FA:8B:29:D1:C6:9C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: varimo.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://varimo.info/mac/korea.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-length: 355\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Fri, 03 Jul 2026 12:24:18 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":509,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-07-05T04:37:41.15406Z","times_seen":43546,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varimo.info/mac/korea.html","fqdn":"varimo.info","domain":"varimo.info","tld":"info"},"ip":{"addr":"213.136.93.173","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-03T12:24:18.160Z","timestamp":1783081458160,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webdisk.varimo.info","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 02:27:05 GMT","end":"Wed, 30 Sep 2026 02:27:04 GMT"},"fingerprint":{"sha1":"51:46:1B:D4:0D:FC:70:75:0B:B2:1D:E7:1F:1D:7B:B9:25:71:02:2D","sha256":"44:66:E2:BD:7B:B4:D4:11:27:07:C4:A8:94:C0:05:29:8F:A1:E7:26:B9:83:C0:45:FE:34:FA:8B:29:D1:C6:9C"}}},"request":{"raw":"GET /mac/korea.html HTTP/1.1\r\nHost: varimo.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Mon, 15 Jun 2026 00:20:59 GMT\r\naccept-ranges: bytes\r\ncontent-length: 6721\r\ncontent-type: text/html\r\ndate: Fri, 03 Jul 2026 12:24:18 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":6721,"size_decoded":6924,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"d062d6a272d973a5a4051b77d607c07c","sha1":"e6db442899a9a7a7190f4bee1c06b893eed70aab","sha256":"0f49d0ce22caad84a9ba9869d846eda05af1a0f8a8a75a1f7051812beea5ae85","sha512":"629fced90eada7d00593316dda51406c8badd3e491a1ac51b94353a1182fba629aeceb4de3fd20b266fc8ba3978f3c6beaac71c8ee3d0b8a0690367132b3ccf9","ssdeep":"192:L19dFb9amgP+A4Fi6inuiaU9YnIiRwirSh:JZi6inuiaU9HiRwir2","tlshash":"16d1746a5506088056b3e3bc7be36309f65181639b424034bfacb39a4f7ad55d8b3bdc","first_seen":"2026-06-15T13:34:43.474364Z","last_seen":"2026-07-03T21:47:43.970919Z","times_seen":3,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":90,"connect":26,"send":0,"wait":54,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"varimo.info/mac/korea.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"varimo.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}}]}
