{"report_id":"b6f4e7e8-70b4-4ea5-a106-1ba09477187b","version":0,"status":"done","tags":["phishing","suspicious","telegram_bot"],"date":"2026-06-08T12:55:30Z","url":{"schema":"http","addr":"capitana.co.il/korea.html","fqdn":"capitana.co.il","domain":"capitana.co.il","tld":"co.il"},"ip":{"addr":"185.217.97.86","port":0,"asn":61102,"as":"Interhost Communication Solutions Ltd.","country":"Israel","country_code":"IL"},"final":{"url":{"schema":"https","addr":"capitana.co.il/korea.html","fqdn":"capitana.co.il","domain":"capitana.co.il","tld":"co.il"},"title":"Email Update","dom":{"size":6469,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"14c2df526c419e923fb08b23075096a0","sha1":"c9280372f0bf92624c18a046765f2ce9549c8937","sha256":"133f83fe0bbf8e90deebd30b94b3733761e4199208e043d722d66ed0ff42a45d","sha512":"7148d802876411035fb31ece11e783d15c19a2a6cd5086fbd86ad92c0b2ce92af2238ce85599a3acc32d21fd5d0827f344d399f97fa925aaf66200775d2908f4","ssdeep":"192:Br5/+rNFMEFpF/9OAjqHDFiLi3iebUnUn2iQuriyu4/:Br2FMEFpF+jFiLi3i0UnpiQ6iyb","tlshash":"21d1459b5567089066a3e0fc37eba7053564c013ae4ac8247f5cb69c8f4ad9698b33cd","dom_hash":"domhashfbad14c8bbe4416ad4933980c48ba9a8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"capitana.co.il/korea.html","fqdn":"capitana.co.il","domain":"capitana.co.il","tld":"co.il"},"ip":{"addr":"185.217.97.86","port":0,"asn":61102,"as":"Interhost Communication Solutions Ltd.","country":"Israel","country_code":"IL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-13T12:55:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-08","alert":"Detects file containing Telegram Bot API","trigger":"capitana.co.il/korea.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"capitana.co.il","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"capitana.co.il","ip":{"addr":"185.217.97.86","port":443,"asn":61102,"as":"Interhost Communication Solutions Ltd.","country":"Israel","country_code":"IL"},"domain_registered":"unknown","domain_rank":4453662,"first_seen":"2026-06-08T02:05:39.555574Z","last_seen":"2026-06-08T02:05:39.555574Z","alert_count":5,"request_count":2,"received_data":9089,"sent_data":1007,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"capitana.co.il/korea.html","fqdn":"capitana.co.il","domain":"capitana.co.il","tld":"co.il"},"ip":{"addr":"185.217.97.86","port":443,"asn":61102,"as":"Interhost Communication Solutions Ltd.","country":"Israel","country_code":"IL"},"md5":"041cdd1a05587493c5ee53db9a4d9c65","sha1":"755b50bf4b38e60de976d21d9d47eff55afeb0e3","sha256":"1d2b2c901a262e0a411cba7f18e212dafd4090e2ea0fedabbefbaa15275b6729","sha512":"4d5ab2dc4da0b89624012590f1e5d2a1f8da524e8acae61a6ce91666ec61450daf0de364180b61d64e42870519eb290ca5cafb5467c3202002bbe413e78867d1","size":3040,"token":"8443079501:AAEo14VUmlSjYfO2mcBwyFUX9_Vc6jf18p8","is_revoked":false,"bot":{"token":"8443079501:AAEo14VUmlSjYfO2mcBwyFUX9_Vc6jf18p8","user_id":"8443079501","username":"Certified27_bot","first_name":"Certified","last_name":"","chat":{"chat_id":"8598444953","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"capitana.co.il/korea.html","fqdn":"capitana.co.il","domain":"capitana.co.il","tld":"co.il"},"ip":{"addr":"185.217.97.86","port":443,"asn":61102,"as":"Interhost Communication Solutions Ltd.","country":"Israel","country_code":"IL"},"introduction_type":"scriptElement","is_inline":true,"md5":"041cdd1a05587493c5ee53db9a4d9c65","sha1":"755b50bf4b38e60de976d21d9d47eff55afeb0e3","sha256":"1d2b2c901a262e0a411cba7f18e212dafd4090e2ea0fedabbefbaa15275b6729","sha512":"4d5ab2dc4da0b89624012590f1e5d2a1f8da524e8acae61a6ce91666ec61450daf0de364180b61d64e42870519eb290ca5cafb5467c3202002bbe413e78867d1","ssdeep":"","tlshash":"2951119b111718a007b7e2fd324bb314357191273d85d460be1c926a4f26da6f8b73ce","size":3040,"data":"","first_seen":"2026-06-08T02:05:43.83745Z","last_seen":"2026-06-18T01:26:02.002777Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-08","alert":"Detects file containing Telegram Bot API","trigger":"capitana.co.il/korea.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"capitana.co.il/korea.html","fqdn":"capitana.co.il","domain":"capitana.co.il","tld":"co.il"},"ip":{"addr":"185.217.97.86","port":443,"asn":61102,"as":"Interhost Communication Solutions Ltd.","country":"Israel","country_code":"IL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-08T12:55:07.471Z","timestamp":1780923307471,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"capitana.co.il","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Apr 2026 06:06:01 GMT","end":"Sat, 11 Jul 2026 06:06:00 GMT"},"fingerprint":{"sha1":"60:4A:F8:59:90:F3:65:AE:63:CA:D1:2C:14:D8:3C:CB:23:4C:73:B9","sha256":"B0:94:6B:50:00:3F:39:70:3B:81:2A:79:AD:D2:39:A3:7C:09:02:AC:01:7C:48:B9:46:D3:B3:31:BD:11:9B:75"}}},"request":{"raw":"GET /korea.html HTTP/1.1\r\nHost: capitana.co.il\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 08 Jun 2026 12:55:07 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 07 Jun 2026 11:42:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a25593d-1a41\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6721,"size_decoded":2805,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"3e21a4f4cb928ff912c76427be094063","sha1":"d7fa10926129e3187880dbaa54d5589664dbe06e","sha256":"92df47cb6788a7559708d5121eb0afb85dfdc205966f43d4edafab9b5d406ed8","sha512":"e034929ba9658cfdb1ed1dadee2e78636c5e0cb876a6a119638199f7509fc8e5989daca76a491b78705a28dee80db563df713ba5f37b9a31cc5cbc71615e96e2","ssdeep":"192:L19dFb9amgP+A4Ki6inuiaU9YnIiRwirSh:JOi6inuiaU9HiRwir2","tlshash":"47d1725a5546088056b3e3bc7be2630df6518063ab424024bfacb3964f7ad55d8b3bdc","first_seen":"2026-06-08T02:05:43.832423Z","last_seen":"2026-06-18T01:26:01.999399Z","times_seen":3,"resource_available":true,"data":null}},"time_used":474,"timings":{"blocked":-1,"dns":145,"connect":78,"send":0,"wait":84,"receive":0,"ssl":167},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-08","alert":"Detects file containing Telegram Bot API","trigger":"capitana.co.il/korea.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"capitana.co.il","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"capitana.co.il/favicon.ico","fqdn":"capitana.co.il","domain":"capitana.co.il","tld":"co.il"},"ip":{"addr":"185.217.97.86","port":443,"asn":61102,"as":"Interhost Communication Solutions Ltd.","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://capitana.co.il/korea.html","date":"2026-06-08T12:55:08.265Z","timestamp":1780923308265,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"capitana.co.il","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Apr 2026 06:06:01 GMT","end":"Sat, 11 Jul 2026 06:06:00 GMT"},"fingerprint":{"sha1":"60:4A:F8:59:90:F3:65:AE:63:CA:D1:2C:14:D8:3C:CB:23:4C:73:B9","sha256":"B0:94:6B:50:00:3F:39:70:3B:81:2A:79:AD:D2:39:A3:7C:09:02:AC:01:7C:48:B9:46:D3:B3:31:BD:11:9B:75"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: capitana.co.il\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://capitana.co.il/korea.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 503 \r\nserver: nginx\r\ndate: Mon, 08 Jun 2026 12:55:08 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 937\r\nretry-after: 3600\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1820,"size_decoded":1255,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"2867c3b334074e849b4a727df9fab2b9","sha1":"709fdeb5e1643d4bf80b949a09c5642c0796b99e","sha256":"6e9ff554f3815775e54c4aabd5db0ec373b98312da57f810f73f3efba6e27472","sha512":"721a3f224c2e7f41aa6198eda25f4b1a60c9bbd198f425cdd65d84a8e5b07bb705271af94320d44271fbeec1f0411a1973af74213f1c222cad95618c90cebeb6","ssdeep":"","tlshash":"13317227968508077467d8386bd7164835c85827911bc4e4bfceb78cdfc2a8ac6a1f0c","first_seen":"2026-06-08T02:05:43.835169Z","last_seen":"2026-06-08T13:01:58.306543Z","times_seen":3,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"capitana.co.il","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}