{"report_id":"c6c0a9e1-cfeb-427c-938c-8ec15e94f52d","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-05-17T14:12:24Z","url":{"schema":"https","addr":"creditos-produbanc.online","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":0,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"creditos-produbanc.online/","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"title":"Crédito en línea — Solicita hasta $50,000 | Produbanco","dom":{"size":29387,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14893)","md5":"58a0ede2c708cbcb2a1d29af23d03108","sha1":"73db217bf4bd020e8c1a9e817c4d4de96f82161c","sha256":"3849dfb0d8d2dc52bc922259c0ba9fcf43865ee2f276a7b12c1a78a3162a5179","sha512":"7afdc6dddfc791dd977236dd99883103cbc7cc875a51c052296f71f240c1b17e4258f1a563b85bbc9eeaae11c0391a3cee4cbdf82a5bf6a4b2bbad2dfa313bac","ssdeep":"384:/kMOx05nrGPKJgg8T4xksc64Jysq7v/ZXd5Ch/iYUdFu:/E0rGV4xksc64Jysq7vprCh/iYou","tlshash":"37d2b6947408137d6c2b9664fac8e728c129f641de67842bf10d049bfac7fe179b2b94","dom_hash":"domhash7296e3cdcdd8f689848845ab48c0f7e3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"creditos-produbanc.online","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":0,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-21T14:12:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-17","alert":"Detects file containing Telegram Bot API","trigger":"creditos-produbanc.online/assets/index-BddcpfAC.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"creditos-produbanc.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"creditos-produbanc.online","ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2026-05-15","domain_rank":0,"first_seen":"2026-05-17T14:12:25.378718Z","last_seen":"2026-05-17T14:12:25.378718Z","alert_count":7,"request_count":5,"received_data":694487,"sent_data":2357,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"content.prd.net.ec","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":3063121,"first_seen":"2026-01-10T07:07:55.187325Z","last_seen":"2026-01-23T13:40:17.193997Z","alert_count":0,"request_count":3,"received_data":47510,"sent_data":1521,"comment":"","tags":null,"fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"creditos-produbanc.online/assets/index-BddcpfAC.js","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"md5":"d66f77026ec84a515136b2ba0aeccc7f","sha1":"806c35198793dfa65fd82b7265becb3cb7c20bfa","sha256":"7165e149c7ca905d89a231c5538bbf8109ae84d1fa545b40de96cce9cde22966","sha512":"f84febb5621ad51d8970542c5137d1f7e6cb2e2aa8bf2e8d651673d197e4f14b1b0045d4fe2eb868de68c9a9567a42c5384b1d2f6c9cb09516bf3028b007b09c","size":421519,"token":"2105633992:AAGsYatnzHUYMgL5i0EVxqUsjrGwTg4qnWU","is_revoked":false,"bot":{"token":"2105633992:AAGsYatnzHUYMgL5i0EVxqUsjrGwTg4qnWU","user_id":"2105633992","username":"bbatm_bot","first_name":"bbatmbot","last_name":"","chat":{"chat_id":"1010631973","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"creditos-produbanc.online/assets/index-BddcpfAC.js","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"d66f77026ec84a515136b2ba0aeccc7f","sha1":"806c35198793dfa65fd82b7265becb3cb7c20bfa","sha256":"7165e149c7ca905d89a231c5538bbf8109ae84d1fa545b40de96cce9cde22966","sha512":"f84febb5621ad51d8970542c5137d1f7e6cb2e2aa8bf2e8d651673d197e4f14b1b0045d4fe2eb868de68c9a9567a42c5384b1d2f6c9cb09516bf3028b007b09c","ssdeep":"12288:SX0e1Q5uQ0aZJB0TyfzFHj0U332WJQm/KAiCWzIoZTMWDjNLc9w7DHrTHSwpqFGh:4cwszF/JQm/KAiCWzIoZTMWDjNLc9w7z","tlshash":"36946dd831a9b1255bb702e110bf0107b23d3d22740c4890f169edae7bb9985a1b7fed","size":421519,"data":"","first_seen":"2026-05-17T14:12:30.644384Z","last_seen":"2026-05-17T14:14:48.360602Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-17","alert":"Detects file containing Telegram Bot API","trigger":"creditos-produbanc.online/assets/index-BddcpfAC.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"creditos-produbanc.online/","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-17T14:12:02.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webdisk.creditos-produbanc.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 15 May 2026 16:26:28 GMT","end":"Thu, 13 Aug 2026 16:26:27 GMT"},"fingerprint":{"sha1":"FC:5D:10:28:EA:87:EB:71:EF:4F:74:C7:48:E1:58:09:18:B6:AF:44","sha256":"67:90:B7:BD:A5:C5:17:0C:83:3E:55:2A:17:77:E3:DF:30:FE:2E:37:2B:95:B1:74:FA:A3:B4:F1:28:AA:3F:0F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: creditos-produbanc.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Sun, 17 May 2026 07:55:42 GMT\r\naccept-ranges: bytes\r\ncontent-length: 737\r\ndate: Sun, 17 May 2026 14:12:03 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":737,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"b9700e836e7928455fcdec3150679c3c","sha1":"dc4f8e8552bbd8699f0f6ab381f0352ed8edaafd","sha256":"5082ba11e23fbc8115adb286d059a9f69ad152204b78750695cebea5d0b84fb5","sha512":"6932037fd1a0b6e60dfcb497e73e0cad4ce8494b2152fcd7a55d708771cdc3dabc998122e8315bff46ce9ab197ecbbf10bf8f7e31926bffbbcc645f6024a01a4","ssdeep":"","tlshash":"4b012c02c4b14a47022142246fc6b8055a6bc30797899948a0ae30b80fc8b81cacf168","first_seen":"2026-05-17T14:12:30.612684Z","last_seen":"2026-05-17T14:14:48.358325Z","times_seen":2,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":68,"dns":14,"connect":29,"send":0,"wait":25,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"creditos-produbanc.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creditos-produbanc.online/assets/hero-credito-C7MZ6MMi.jpg","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://creditos-produbanc.online/","date":"2026-05-17T14:12:03.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webdisk.creditos-produbanc.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 15 May 2026 16:26:28 GMT","end":"Thu, 13 Aug 2026 16:26:27 GMT"},"fingerprint":{"sha1":"FC:5D:10:28:EA:87:EB:71:EF:4F:74:C7:48:E1:58:09:18:B6:AF:44","sha256":"67:90:B7:BD:A5:C5:17:0C:83:3E:55:2A:17:77:E3:DF:30:FE:2E:37:2B:95:B1:74:FA:A3:B4:F1:28:AA:3F:0F"}}},"request":{"raw":"GET /assets/hero-credito-C7MZ6MMi.jpg HTTP/1.1\r\nHost: creditos-produbanc.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://creditos-produbanc.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000\r\nexpires: Mon, 17 May 2027 14:12:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 17 May 2026 07:55:42 GMT\r\naccept-ranges: bytes\r\ncontent-length: 158057\r\ndate: Sun, 17 May 2026 14:12:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":31724,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1536x896, components 3","md5":"e06932063cf6861cf7d85e5344641ec1","sha1":"e6b2f9eb2ad10bf06fc3aa8b0d81fe7902571fc9","sha256":"32a980999ef9b169256a2e3a5e89725a663cb1f26f989728e64d7ef8ca30bee0","sha512":"63c710e64e13cbd439e7bc82e1dd20f2fe3446f17f13f2744ec8443b3643966c5cf4dd387fcc4db226d2d738be4e892caf443ad91f7fa168a8cc58af3e679a50","ssdeep":"768:NB6Ta9cQMxjV0mQPJkCioW+byLenH+zgHa/L1GaM:NB6TlV0zJk+bhHsg6EaM","tlshash":"31e2e1ee9e8b04fb1fe0c7d41735245ea0d75f4babaab6bc8cc0ad66c040db09e51581","first_seen":"2026-05-17T14:12:30.619553Z","last_seen":"2026-05-17T14:12:30.619553Z","times_seen":1,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"creditos-produbanc.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creditos-produbanc.online/assets/hero-credito-C7MZ6MMi.jpg","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://creditos-produbanc.online/","date":"2026-05-17T14:12:03.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webdisk.creditos-produbanc.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 15 May 2026 16:26:28 GMT","end":"Thu, 13 Aug 2026 16:26:27 GMT"},"fingerprint":{"sha1":"FC:5D:10:28:EA:87:EB:71:EF:4F:74:C7:48:E1:58:09:18:B6:AF:44","sha256":"67:90:B7:BD:A5:C5:17:0C:83:3E:55:2A:17:77:E3:DF:30:FE:2E:37:2B:95:B1:74:FA:A3:B4:F1:28:AA:3F:0F"}}},"request":{"raw":"GET /assets/hero-credito-C7MZ6MMi.jpg HTTP/1.1\r\nHost: creditos-produbanc.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://creditos-produbanc.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000\r\nexpires: Mon, 17 May 2027 14:12:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 17 May 2026 07:55:42 GMT\r\naccept-ranges: bytes\r\ncontent-length: 158057\r\ndate: Sun, 17 May 2026 14:12:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":158057,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1536x896, components 3","md5":"0fa318f9ce1d79a12cda523b1eb47b70","sha1":"fad36150a6c4e70ebfd25844080c903ebaed98b3","sha256":"647e96972231106b7659d2af0a22a4388348df4875149fa6ee31ad9daea15617","sha512":"405c1f042775ceca2f6d647abe07a2aeb82b114a95073e5b044438997ec35ad36dabfacfbe26dde305bed80ef69dca5973a5c2e16363668616bfb43bef0a561a","ssdeep":"3072:KGz+shH3YvQWg1Q918xnbwDhkVY4q4k/rL3j53iJvhSXufCOGc4:7am3Cg18ow6q4k/1+hPg","tlshash":"1cf312a5798b5dd6abccd7582d371c5c24901f655c6fb2bcc9a84e23c04c5202db6be3","first_seen":"2026-05-17T14:12:30.626061Z","last_seen":"2026-05-17T14:14:48.36377Z","times_seen":2,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"creditos-produbanc.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creditos-produbanc.online/assets/index-C42ufGXK.css","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://creditos-produbanc.online/","date":"2026-05-17T14:12:03.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webdisk.creditos-produbanc.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 15 May 2026 16:26:28 GMT","end":"Thu, 13 Aug 2026 16:26:27 GMT"},"fingerprint":{"sha1":"FC:5D:10:28:EA:87:EB:71:EF:4F:74:C7:48:E1:58:09:18:B6:AF:44","sha256":"67:90:B7:BD:A5:C5:17:0C:83:3E:55:2A:17:77:E3:DF:30:FE:2E:37:2B:95:B1:74:FA:A3:B4:F1:28:AA:3F:0F"}}},"request":{"raw":"GET /assets/index-C42ufGXK.css HTTP/1.1\r\nHost: creditos-produbanc.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://creditos-produbanc.online/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000\r\nexpires: Mon, 17 May 2027 14:12:03 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 17 May 2026 07:55:42 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 12382\r\ndate: Sun, 17 May 2026 14:12:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":80788,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"236dbd6f6d33db08656382f8329ddde2","sha1":"068a12e61502326a0335a76a3a92e0cc28703b2b","sha256":"ceec8be38259f7341da50e70ca4be8b4b3d09ce15f1cac0627b61a95faf03a7d","sha512":"645ad2ebd275f85105c2ce1924211ea44a6087b779fb84b88037e3f7940a9330b47d354c1b287876bfa9473d02db607a8fa30a185221a9d5bceafd64cc74722b","ssdeep":"1536:vHG3eh+KJHywXX6pIiCHqahSsMq+WDhXX7RSLPw988R988q:/G3eh+eHyo6pIiuNMq+WDhULx","tlshash":"c583c7a4b229e53fbc33b4f5938cb85c9109b0c0dd7546edfa16a12216c3bf19da7618","first_seen":"2026-05-17T14:12:30.638534Z","last_seen":"2026-05-17T14:14:48.359484Z","times_seen":2,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"creditos-produbanc.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creditos-produbanc.online/assets/index-BddcpfAC.js","fqdn":"creditos-produbanc.online","domain":"creditos-produbanc.online","tld":"online"},"ip":{"addr":"159.100.6.19","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://creditos-produbanc.online/","date":"2026-05-17T14:12:03.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webdisk.creditos-produbanc.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 15 May 2026 16:26:28 GMT","end":"Thu, 13 Aug 2026 16:26:27 GMT"},"fingerprint":{"sha1":"FC:5D:10:28:EA:87:EB:71:EF:4F:74:C7:48:E1:58:09:18:B6:AF:44","sha256":"67:90:B7:BD:A5:C5:17:0C:83:3E:55:2A:17:77:E3:DF:30:FE:2E:37:2B:95:B1:74:FA:A3:B4:F1:28:AA:3F:0F"}}},"request":{"raw":"GET /assets/index-BddcpfAC.js HTTP/1.1\r\nHost: creditos-produbanc.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://creditos-produbanc.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 17 May 2026 07:55:42 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 122563\r\ndate: Sun, 17 May 2026 14:12:03 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":421519,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (42313)","md5":"d66f77026ec84a515136b2ba0aeccc7f","sha1":"806c35198793dfa65fd82b7265becb3cb7c20bfa","sha256":"7165e149c7ca905d89a231c5538bbf8109ae84d1fa545b40de96cce9cde22966","sha512":"f84febb5621ad51d8970542c5137d1f7e6cb2e2aa8bf2e8d651673d197e4f14b1b0045d4fe2eb868de68c9a9567a42c5384b1d2f6c9cb09516bf3028b007b09c","ssdeep":"12288:SX0e1Q5uQ0aZJB0TyfzFHj0U332WJQm/KAiCWzIoZTMWDjNLc9w7DHrTHSwpqFGh:4cwszF/JQm/KAiCWzIoZTMWDjNLc9w7z","tlshash":"36946dd831a9b1255bb702e110bf0107b23d3d22740c4890f169edae7bb9985a1b7fed","first_seen":"2026-05-17T14:12:30.644384Z","last_seen":"2026-05-17T14:14:48.360602Z","times_seen":2,"resource_available":true,"data":null}},"time_used":143,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":122,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-17","alert":"Detects file containing Telegram Bot API","trigger":"creditos-produbanc.online/assets/index-BddcpfAC.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"creditos-produbanc.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"content.prd.net.ec/bancaelectronica/produnet/imagen/3c4653ebdb6257664e357d893d5e9db6.svg","fqdn":"content.prd.net.ec","domain":"prd.net.ec","tld":"net.ec"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://creditos-produbanc.online/","date":"2026-05-17T14:12:03.428Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bancaelectronica/produnet/imagen/3c4653ebdb6257664e357d893d5e9db6.svg HTTP/1.1\r\nHost: content.prd.net.ec\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://creditos-produbanc.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-18T05:40:50.377788Z","times_seen":15370036,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"content.prd.net.ec/bancaelectronica/produnet/imagen/3c4653ebdb6257664e357d893d5e9db6.svg","fqdn":"content.prd.net.ec","domain":"prd.net.ec","tld":"net.ec"},"ip":{"addr":"150.171.109.200","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://creditos-produbanc.online/","date":"2026-05-17T14:12:03.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"content.prd.net.ec","organization":"BANCO DE LA PRODUCCION S.A. PRODUBANCO"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 10 Apr 2026 14:51:10 GMT","end":"Mon, 26 Oct 2026 14:51:10 GMT"},"fingerprint":{"sha1":"9E:E7:EA:47:30:64:7C:FF:1D:F1:56:25:43:39:58:3D:D7:49:2F:7B","sha256":"DE:C1:EF:6A:FD:78:56:6A:A4:42:5F:36:17:A3:EE:A2:29:66:A5:A9:3A:F6:CE:70:E7:46:95:E0:0F:5C:D3:69"}}},"request":{"raw":"GET /bancaelectronica/produnet/imagen/3c4653ebdb6257664e357d893d5e9db6.svg HTTP/1.1\r\nHost: content.prd.net.ec\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://creditos-produbanc.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 17 May 2026 14:12:03 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 12 May 2026 03:34:00 GMT\r\nvary: Accept-Encoding, Origin\r\nx-ms-request-id: 86b35454-d01e-0016-34b2-e5d268000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\nx-azure-ref: 20260517T141203Z-15477df7756g48bshC1SVGdryc0000000cc0000000004b6d\r\nx-fd-int-roxy-purgeid: 80191342\r\nx-cache-info: L2_T2\r\nx-cache: TCP_REMOTE_HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":23257,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3c4653ebdb6257664e357d893d5e9db6","sha1":"5ddb38462991adc897bf8bbd79671f4c2f5cc7f7","sha256":"b81e8f78d04590574bbafd5f1d3ee38d82f6b126163a5d82d4db3f9e2b5e72a8","sha512":"c4827203a71107a1b7941ef5fc35d61defc721354e79cf67a560bfc92f2cd40cc0dc2c99428951b951c19ea47c1ab43b4fcfb07b6346dce6a6a0ef1488ca774a","ssdeep":"384:CM9YtBw/+ucccn0tgRxjx9ZM9YtBw/+ucccn0tgRxjx96:CDAOXjx9ZDAOXjx96","tlshash":"5ca283c8276497fdb802f7fd833528b03e6a28d97931c5a8c3b52f15a51601d4e69ce7","first_seen":"2024-08-20T08:35:59.835722Z","last_seen":"2026-05-17T14:14:48.362956Z","times_seen":5,"resource_available":false,"data":null}},"time_used":944,"timings":{"blocked":446,"dns":131,"connect":20,"send":0,"wait":50,"receive":0,"ssl":294},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"content.prd.net.ec/bancaelectronica/produnet/imagen/3c4653ebdb6257664e357d893d5e9db6.svg","fqdn":"content.prd.net.ec","domain":"prd.net.ec","tld":"net.ec"},"ip":{"addr":"150.171.109.200","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://creditos-produbanc.online/","date":"2026-05-17T14:12:03.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"content.prd.net.ec","organization":"BANCO DE LA PRODUCCION S.A. PRODUBANCO"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 10 Apr 2026 14:51:10 GMT","end":"Mon, 26 Oct 2026 14:51:10 GMT"},"fingerprint":{"sha1":"9E:E7:EA:47:30:64:7C:FF:1D:F1:56:25:43:39:58:3D:D7:49:2F:7B","sha256":"DE:C1:EF:6A:FD:78:56:6A:A4:42:5F:36:17:A3:EE:A2:29:66:A5:A9:3A:F6:CE:70:E7:46:95:E0:0F:5C:D3:69"}}},"request":{"raw":"GET /bancaelectronica/produnet/imagen/3c4653ebdb6257664e357d893d5e9db6.svg HTTP/1.1\r\nHost: content.prd.net.ec\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://creditos-produbanc.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 17 May 2026 14:12:03 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 12 May 2026 03:34:00 GMT\r\nvary: Accept-Encoding, Origin\r\nx-ms-request-id: 86b35454-d01e-0016-34b2-e5d268000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\nx-azure-ref: 20260517T141203Z-15477df7756g48bshC1SVGdryc0000000cc0000000004b6e\r\nx-fd-int-roxy-purgeid: 80191342\r\nx-cache-info: L2_T2\r\nx-cache: TCP_REMOTE_HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]}],"data":{"size":23257,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3c4653ebdb6257664e357d893d5e9db6","sha1":"5ddb38462991adc897bf8bbd79671f4c2f5cc7f7","sha256":"b81e8f78d04590574bbafd5f1d3ee38d82f6b126163a5d82d4db3f9e2b5e72a8","sha512":"c4827203a71107a1b7941ef5fc35d61defc721354e79cf67a560bfc92f2cd40cc0dc2c99428951b951c19ea47c1ab43b4fcfb07b6346dce6a6a0ef1488ca774a","ssdeep":"384:CM9YtBw/+ucccn0tgRxjx9ZM9YtBw/+ucccn0tgRxjx96:CDAOXjx9ZDAOXjx96","tlshash":"5ca283c8276497fdb802f7fd833528b03e6a28d97931c5a8c3b52f15a51601d4e69ce7","first_seen":"2024-08-20T08:35:59.835722Z","last_seen":"2026-05-17T14:14:48.362956Z","times_seen":5,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":2,"connect":19,"send":0,"wait":41,"receive":0,"ssl":241},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}