Report Overview
Visitedpublic
2025-06-27 14:11:04
Submit Tags
URL
htmlpreview.github.io/?https://gist.githubusercontent.com/buqar/601737a51bc649a10f82c503668154a6/raw/bbfce9bf5d47f88368145ff432861f388ddb4bd1/gistfile1.txt
Finishing URL
htmlpreview.github.io/?https://gist.githubusercontent.com/buqar/601737a51bc649a10f82c503668154a6/raw/bbfce9bf5d47f88368145ff432861f388ddb4bd1/gistfile1.txt
IP / ASN
185.199.108.153
Title
TikTok
Suspicious - Suspicious Javascript code
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
api.ipify.org | 3267 | 2014-01-05 | 2014-10-06 | 2025-06-25 | 1.8 kB | 1.9 kB |  104.26.13.205 | |
gist.githubusercontent.com 1 alert(s) on this Host | 36903 | 2014-02-06 | 2014-02-19 | 2025-06-22 | 553 B | 3.6 kB | 185.199.108.133 | |
htmlpreview.github.io 1 alert(s) on this Host | unknown | 2013-03-08 | 2013-12-05 | 2025-06-26 | 1.8 kB | 17 kB | 185.199.108.153 | |
api.telegram.org | 38509 | 2003-12-15 | 2015-06-25 | 2025-06-23 | 4.6 kB | 4.7 kB |  149.154.167.220 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| low | Client IP | 104.26.13.205 | ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI | |
| low | Client IP | 149.154.167.220 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) | |
| low | Client IP | 149.154.167.220 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) |
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2025-06-27 | medium | gist.githubusercontent.com/buqar/601737a51bc649a10f82c503668154a6/raw/bbfce9bf5d47f88368145ff432861f388ddb4bd1/gistfile1.txt | Detects file containing Telegram Bot API |
| 2025-06-27 | medium | javascript.write.md5:44692109255a101d88b4a6e4214308c8 | Detects file containing Telegram Bot API |
| 2025-06-27 | medium | javascript.script.md5:5997b89846cb7f5fbeeb965fed6e0045 | Detects file containing Telegram Bot API |
OpenPhish
No alerts detected
PhishTank
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Telegram Bot detected (2)
URL
htmlpreview.github.io/?https://gist.githubusercontent.com/buqar/601737a51bc649a10f82c503668154a6/raw/bbfce9bf5d47f88368145ff432861f388ddb4bd1/gistfile1.txt
IP / ASN
185.199.108.153
Token
7934173677:AAF_6vkoLTo4cr4aVGq8W8UhSVJzSce7ejs
Bot Overview
User ID7934173677
Usernameksdc1031_bot
First Namedcks
Last NameN/A
Chat Info
Chat ID7616506016
Chat Typeprivate
TitleN/A
User Count2
Admins0
Pending Msgs0
Token
7934173677:AAF_6vkoLTo4cr4aVGq8W8UhSVJzSce7ejs
Bot Overview
User ID7934173677
Usernameksdc1031_bot
First Namedcks
Last NameN/A
Chat Info
Chat ID7616506016
Chat Typeprivate
TitleN/A
User Count2
Admins0
Pending Msgs0
JavaScript (3)
| HASH | FROM | Size | First Seen | Last Seen | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| 44692109255a101d88b4a6e4214308c8 | DocumentWrite | 2.9 kB | 2025-06-27 | 2025-06-27 | |||||||
Introduced by DocumentWrite First Seen 2025-06-27 Last Seen 2025-06-27 Times Seen 1 Size 2.9 kB (2860 bytes) MD5 44692109255a101d88b4a6e4214308c8 SHA1 c9645cf13febfec8ff630d813dc32a8cd01420b2 Detections
Loading... | |||||||||||
HTTP Transactions (16)
| URL | IP | Response | Size |
|---|