{"report_id":"b1371efd-5314-426f-8a12-f8e710c369bc","version":6,"status":"done","tags":["suspicious"],"date":"2026-05-20T07:40:31Z","url":{"schema":"http","addr":"trustwallet-send-bep20.com","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"trustwallet-send-bep20.com/","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"title":"Trust Wallet","dom":{"size":8871,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5c477eccc4cb97075220fd503e362b70","sha1":"0bad2545568ed4c6844cb6fe093e3d91e4c3a718","sha256":"75a5218377ecc6b0b517d66867df6a8c11d92c2a8a2920da428f5f9d0f1ac596","sha512":"05520d8632a9d7d00fc01e28ec9f4ebd0652e94081506c966bf70d0143ab4c1229008007abb80d9bf7f33914533f816ed704fba4d24402761ee5a3da98ecd0ea","ssdeep":"192:+D9Q4V47+n6G/oxsPoiNqlBU2S8bFHF+F+x/7Yb1PJgvh6coiwhKgzFmL:+pnmbfFHF+FJbg/NgzFa","tlshash":"5d02739229b71d06b407c5986fb6970a236cd043d10fc86cbbdc26d84f866cc9967f9d","dom_hash":"domhash8cd5c7ef5813bb45caab1a24f88da307","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"trustwallet-send-bep20.com","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-24T07:40:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-20","alert":"Detects file containing Telegram Bot API","trigger":"trustwallet-send-bep20.com/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"send-usdt-bep20.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"raw.githubusercontent.com","ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":22021,"first_seen":"2014-03-01T07:08:08Z","last_seen":"2026-05-13T23:33:54.694761Z","alert_count":0,"request_count":1,"received_data":16946,"sent_data":508,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"trustwallet-send-bep20.com","ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2026-05-18","domain_rank":0,"first_seen":"2026-05-20T07:40:32.71959Z","last_seen":"2026-05-20T07:40:32.71959Z","alert_count":2,"request_count":4,"received_data":20573,"sent_data":1822,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"send-usdt-bep20.online","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-20","domain_rank":0,"first_seen":"2026-05-20T07:40:32.721023Z","last_seen":"2026-05-20T07:40:32.721023Z","alert_count":1,"request_count":1,"received_data":446,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-05-17T22:41:40.561616Z","alert_count":0,"request_count":1,"received_data":760964,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"trustwallet-send-bep20.com/main.js","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b46f60ed7aeba2c26b7f8b91ea16eb6","sha1":"85f645093d9eeb6e52aef26236c43b5221a8fbfb","sha256":"88e625d84a07bd4e55a9c846d49f5e80a6f100f384ae02801b925f3b16006960","sha512":"f20c396c5ecfed511277e4ca0e708c10cc77c0dfed9b96a7bd6f265dc1976a06d6fc2fb6eef01555c3aad558ef0e0013bc7c9390252181f979ffb32823ab8ee1","ssdeep":"192:oG2MFr+SNamgNkFHSNPhyvwdjscJ4uSY7htck:ohMFrXor5hsczl","tlshash":"8a12857632bb3131027b25ba1b5f11063a21a0477505dc92b99cca821fe6f9acce76d9","size":9524,"data":"","first_seen":"2026-05-20T07:40:36.730705Z","last_seen":"2026-05-20T07:40:36.730705Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-20","alert":"Detects file containing Telegram Bot API","trigger":"trustwallet-send-bep20.com/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","size":760171,"data":"","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-05-20T07:40:36.727461Z","times_seen":3245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://trustwallet-send-bep20.com/","date":"2026-05-20T07:40:10.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/ethers@5.7.2/dist/ethers.umd.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trustwallet-send-bep20.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.7.2\r\nx-jsd-version-type: version\r\netag: W/\"b996b-tlFUVYf2JXNF3D3p3apESxDe3z4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 2168613\r\ndate: Wed, 20 May 2026 07:40:10 GMT\r\nx-served-by: cache-fra-etou8220026-FRA, cache-hel1410027-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 168432\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":760171,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-05-20T07:40:36.727461Z","times_seen":3245,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":27,"dns":1,"connect":13,"send":0,"wait":14,"receive":32,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"raw.githubusercontent.com/trustwallet/assets/master/blockchains/smartchain/info/logo.png","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trustwallet-send-bep20.com/","date":"2026-05-20T07:40:10.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 23:32:36 GMT","end":"Sun, 05 Jul 2026 23:32:35 GMT"},"fingerprint":{"sha1":"18:DE:96:E8:3D:99:B2:8A:0C:D1:0C:48:78:BD:6A:14:6A:05:25:60","sha256":"EA:69:BC:71:1C:B9:D4:56:98:D2:FD:AA:48:54:D7:DC:08:6A:CD:3A:9C:35:01:64:90:9B:68:8A:C7:C0:63:1F"}}},"request":{"raw":"GET /trustwallet/assets/master/blockchains/smartchain/info/logo.png HTTP/1.1\r\nHost: raw.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trustwallet-send-bep20.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: image/png\r\netag: W/\"52f6fec2dbf03cd1bc0fc03d7f7487a066ed9c79f3a398b20778525c12538c43\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: 2C52:21E961:5156BA:5CB76B:6A028065\r\naccept-ranges: bytes\r\ndate: Wed, 20 May 2026 07:40:10 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410028-HEL\r\nx-cache: HIT\r\nx-cache-hits: 0\r\nx-timer: S1779262811.564497,VS0,VE148\r\nvary: Authorization,Accept-Encoding\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: 66d50f811d2d942f1dbde7f6ebdba9e27b61c178\r\nexpires: Wed, 20 May 2026 07:45:10 GMT\r\nsource-age: 0\r\ncontent-length: 16072\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16072,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"b685ee1d30b1839ccad4ff935dfabb80","sha1":"5e99d70714f82050628a77ffa70e33b3e3e5a525","sha256":"1ceadd0447350643dd0828120b3768ffad23c857d3e127a730217a3a1a03dbcc","sha512":"9336a8d98d908ecc428ddf6df7f1f0ed390c363d86516dbf0cf1e495dd5a3a0ba1c1b62aff24b9c16b4ec5242d13506f96e4f7b41cc7418c47a90eb868afde8b","ssdeep":"384:Pud+rnfFHHhR0k7iJ7rE4ibIwlAnX2fuFEk9JEiL7S:G8rhHhRTSrEtbIQAX2GPLe","tlshash":"ef72d150d9f1bef0dc281763e27440b2c87b92a1a678d06a2d1b4f7c5fdb95e40ac4a5","first_seen":"2023-05-25T12:06:14Z","last_seen":"2026-05-20T07:40:36.729068Z","times_seen":178,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":52,"dns":1,"connect":26,"send":0,"wait":175,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trustwallet-send-bep20.com/main.js","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://trustwallet-send-bep20.com/","date":"2026-05-20T07:40:10.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustwallet-send-bep20.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 May 2026 15:42:40 GMT","end":"Sun, 16 Aug 2026 15:42:39 GMT"},"fingerprint":{"sha1":"64:D9:61:78:79:A5:C9:74:1C:57:52:5D:82:91:6A:FC:99:B1:39:2F","sha256":"BF:A4:22:79:C4:F8:D0:C9:F5:12:74:A6:40:65:10:A4:40:71:92:FC:98:5C:EA:48:E1:D6:34:70:2B:81:B1:18"}}},"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: trustwallet-send-bep20.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trustwallet-send-bep20.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"main.js\"\r\ncontent-encoding: br\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Wed, 20 May 2026 07:40:10 GMT\r\netag: W/\"8b46f60ed7aeba2c26b7f8b91ea16eb6\"\r\nlast-modified: Wed, 20 May 2026 07:40:10 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::bgnpc-1779262810499-309bf9f0354d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9524,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"8b46f60ed7aeba2c26b7f8b91ea16eb6","sha1":"85f645093d9eeb6e52aef26236c43b5221a8fbfb","sha256":"88e625d84a07bd4e55a9c846d49f5e80a6f100f384ae02801b925f3b16006960","sha512":"f20c396c5ecfed511277e4ca0e708c10cc77c0dfed9b96a7bd6f265dc1976a06d6fc2fb6eef01555c3aad558ef0e0013bc7c9390252181f979ffb32823ab8ee1","ssdeep":"192:oG2MFr+SNamgNkFHSNPhyvwdjscJ4uSY7htck:ohMFrXor5hsczl","tlshash":"8a12857632bb3131027b25ba1b5f11063a21a0477505dc92b99cca821fe6f9acce76d9","first_seen":"2026-05-20T07:40:36.730705Z","last_seen":"2026-05-20T07:40:36.730705Z","times_seen":1,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-20","alert":"Detects file containing Telegram Bot API","trigger":"trustwallet-send-bep20.com/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"send-usdt-bep20.online/images/arrow-icon.png","fqdn":"send-usdt-bep20.online","domain":"send-usdt-bep20.online","tld":"online"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trustwallet-send-bep20.com/","date":"2026-05-20T07:40:10.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"send-usdt-bep20.online","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 00:29:44 GMT","end":"Mon, 20 Jul 2026 00:29:43 GMT"},"fingerprint":{"sha1":"7E:AF:EE:6D:3F:FF:DD:48:F1:36:42:30:7F:2D:8A:72:DA:D4:10:C0","sha256":"4B:04:BE:3F:19:6C:6B:79:BD:C5:88:02:99:20:A0:13:01:38:90:83:30:33:C9:7B:0E:9B:61:64:6B:36:C6:45"}}},"request":{"raw":"GET /images/arrow-icon.png HTTP/1.1\r\nHost: send-usdt-bep20.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trustwallet-send-bep20.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 522 No Reason Phrase\r\ndate: Wed, 20 May 2026 07:40:29 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 7281\r\nretry-after: 120\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nserver: cloudflare\r\ncf-ray: 9fe9b1162d105695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"522","status_text":"No Reason Phrase","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T23:50:58.05423Z","times_seen":15504075,"resource_available":true,"data":null}},"time_used":19543,"timings":{"blocked":96,"dns":80,"connect":1,"send":0,"wait":19347,"receive":1,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"send-usdt-bep20.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trustwallet-send-bep20.com/config.json","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://trustwallet-send-bep20.com/","date":"2026-05-20T07:40:10.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustwallet-send-bep20.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 May 2026 15:42:40 GMT","end":"Sun, 16 Aug 2026 15:42:39 GMT"},"fingerprint":{"sha1":"64:D9:61:78:79:A5:C9:74:1C:57:52:5D:82:91:6A:FC:99:B1:39:2F","sha256":"BF:A4:22:79:C4:F8:D0:C9:F5:12:74:A6:40:65:10:A4:40:71:92:FC:98:5C:EA:48:E1:D6:34:70:2B:81:B1:18"}}},"request":{"raw":"GET /config.json HTTP/1.1\r\nHost: trustwallet-send-bep20.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://trustwallet-send-bep20.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"config.json\"\r\ncontent-type: application/json; charset=utf-8\r\ndate: Wed, 20 May 2026 07:40:10 GMT\r\netag: \"b56d0bfcd433ac638f964143913a6f31\"\r\nlast-modified: Wed, 20 May 2026 07:40:10 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::bgnpc-1779262810813-2384a6db9445\r\ncontent-length: 230\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":230,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b56d0bfcd433ac638f964143913a6f31","sha1":"d9c18e1d52ab5f1645099c148a1f16b89b8ed562","sha256":"ed67fdb03363593602ddb1d304f2f48d8d8406541a933c00e7698105207bf029","sha512":"060f8cf3fd101605f336c836889148510150c1d4e5b4b2176b47d500805dbae354d04d72c951d81e3e0e24d5d690d6e4e0bd4964d1ba1b3fd109cac4e0340361","ssdeep":"","tlshash":"37d0237940367f06bcd1924d1cc1051514143b3bfc70b054fb9f7917542dc2a60b714d","first_seen":"2026-05-20T07:40:36.736228Z","last_seen":"2026-05-20T07:40:36.736228Z","times_seen":1,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trustwallet-send-bep20.com/favicon.ico","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trustwallet-send-bep20.com/","date":"2026-05-20T07:40:11.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustwallet-send-bep20.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 May 2026 15:42:40 GMT","end":"Sun, 16 Aug 2026 15:42:39 GMT"},"fingerprint":{"sha1":"64:D9:61:78:79:A5:C9:74:1C:57:52:5D:82:91:6A:FC:99:B1:39:2F","sha256":"BF:A4:22:79:C4:F8:D0:C9:F5:12:74:A6:40:65:10:A4:40:71:92:FC:98:5C:EA:48:E1:D6:34:70:2B:81:B1:18"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: trustwallet-send-bep20.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trustwallet-send-bep20.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Wed, 20 May 2026 07:40:11 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-error: NOT_FOUND\r\nx-vercel-id: arn1::nrrw4-1779262811080-0eb6f30c9f2c\r\ncontent-length: 79\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"3f42a68f44bc73829f8c32e92f1f2176","sha1":"02e47d1790294ad203df7b92cc09bbb73ff7d36b","sha256":"ba219f4e3128ad92a01967ff862b8a445285a808a01df3054764e18a55dec18f","sha512":"b03c12e56b0ad7f471448680c2ca972588b59dd80e36f510b6352218723f68ed95d4ea9a77d3c9a20856de712a4359ec75c43ed0bb7281e5463ca971b1833fb9","ssdeep":"","tlshash":"cca0110e80c8aa0e338808202002223808080322fea8a200a0882b0ae000b8ea3280a2","first_seen":"2026-05-20T07:40:36.739072Z","last_seen":"2026-05-20T07:40:36.739072Z","times_seen":1,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trustwallet-send-bep20.com/","fqdn":"trustwallet-send-bep20.com","domain":"trustwallet-send-bep20.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-20T07:40:10.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustwallet-send-bep20.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 May 2026 15:42:40 GMT","end":"Sun, 16 Aug 2026 15:42:39 GMT"},"fingerprint":{"sha1":"64:D9:61:78:79:A5:C9:74:1C:57:52:5D:82:91:6A:FC:99:B1:39:2F","sha256":"BF:A4:22:79:C4:F8:D0:C9:F5:12:74:A6:40:65:10:A4:40:71:92:FC:98:5C:EA:48:E1:D6:34:70:2B:81:B1:18"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: trustwallet-send-bep20.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nage: 16394\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Wed, 20 May 2026 07:40:10 GMT\r\netag: W/\"755dc762c892a61fbbff1f705040f76c\"\r\nlast-modified: Wed, 20 May 2026 03:06:56 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::nrrw4-1779262810319-78adbb3215ed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":8876,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"755dc762c892a61fbbff1f705040f76c","sha1":"9e817129568a55fc1f7e76636c403e00c2c2a0fc","sha256":"dbb5a56f50972ec44e204c660d68403f30f4bf5ffc6f689f8401b555c8acd42f","sha512":"cb9db0a18739b20d1a2900ee37354997d23b4cdd1bbef99d1222c99dee5adb53dcfcf210fe7cbf50e82aa50f2923ccbe7eda300aa14f44175e9036c890313e45","ssdeep":"192:MD9Q4V47+n6G/oxsPoiNqlBU2S8bFHF+F+x/7Yb1PJgvh6coiwhKgzFmC:MpnmbfFHF+FJbg/NgzFj","tlshash":"dc02839229b71d06b007c5986fb69709236c9043d14fc86cbbdc26d84f866cc9967f9d","first_seen":"2026-05-20T07:40:36.741817Z","last_seen":"2026-05-20T07:40:36.741817Z","times_seen":1,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":78,"dns":46,"connect":1,"send":0,"wait":10,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}