{"report_id":"dadbb6a8-3642-4937-8fc9-bbe9f8e083cd","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-24T15:17:52Z","url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":0,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"final":{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"title":"Transfer Trust Wallet","dom":{"size":18459,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (569)","md5":"d4e8270b112c2ddee19720a8577c387c","sha1":"f141c674683bb6a323357592510750c339d83bf8","sha256":"e210c002a4121727b469c3e81ffb9a92ca9476a7a90fdf1e20a1a92190f386b5","sha512":"ad5b9068e82bb43b4e5204518dcfb54c99c50538bcb791591fcea9b543c787f3c3d8b9953c1609520a2df46b1785f5abebb35aa3ffc77165df003369eb04e83a","ssdeep":"192:JmdvISqfP8Hu4Mu/Lv16Tk9o99AkXumfMvl9pDxfxYDveJYM89OdlKcUt3FfJxf+:kdvaP8HjE0vGow/L+mHHMtqb5qqJrY","tlshash":"bd82ab17fdea05a9700386a95ba7b3bd3e3de0038209cd787a8c73704f876d69563658","dom_hash":"domhash330833fd03601027e3f2a127d70f739e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":0,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-29T15:17:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-24","alert":"Detects file containing Telegram Bot API","trigger":"bnbuse.xyz/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"bnbuse.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-21T22:22:12.048317Z","alert_count":0,"request_count":1,"received_data":10792,"sent_data":526,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bnbuse.xyz","ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"domain_registered":"2026-06-11","domain_rank":0,"first_seen":"2026-06-24T15:17:17.621651Z","last_seen":"2026-06-24T15:17:17.621652Z","alert_count":7,"request_count":5,"received_data":53401,"sent_data":2256,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"cryptologos.cc","ip":{"addr":"172.67.218.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-04-13","domain_rank":572515,"first_seen":"2019-08-22T11:22:00Z","last_seen":"2026-06-23T05:02:13.879143Z","alert_count":0,"request_count":1,"received_data":105400,"sent_data":551,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-06-21T22:19:08.810882Z","alert_count":0,"request_count":3,"received_data":148035,"sent_data":1707,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-06-21T22:46:13.623663Z","alert_count":0,"request_count":1,"received_data":761326,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"bnbuse.xyz/main.js","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"md5":"addc21adeb6f1bd8fc1d7df7949856e1","sha1":"43797415d7868d793a77be5a354b78ec25a61daa","sha256":"e46cc7abcbc7963f317e09f97052a98df30d124f4aacd10b437998c091f1d21b","sha512":"f17fa872dcfb871f015952e0f21f1004c4f9946c456b3484a597a1705e176c055f1be1e3ab4156d2b9e44e0aa34348828341e3a9aaeee1d195baa7ee30fb8cf4","size":13650,"token":"8799094898:AAEfGBrFRgBh34uCdlVMWUthWzH2H_mOGdg","is_revoked":false,"bot":{"token":"8799094898:AAEfGBrFRgBh34uCdlVMWUthWzH2H_mOGdg","user_id":"8799094898","username":"Dt_wala_bot","first_name":"Sululululu","last_name":"","chat":{"chat_id":"","title":"","type":"","bot_is":"","total_users":0,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"3cdfed55dbdaf2936d279cf1031f74d7","sha1":"94bf70aa453801481f09c89979cbca394e87fb76","sha256":"90c08e967a747febf7baa6c7b684f96b64a2909cad6b8a52f2bd1a45f55193ec","sha512":"8c74803659c98db4fae91d8debe8bf86b0dd4e72fecefc86066638472a26e0209472efc5b17547c799ae6ab1c2d5822355f2349081f5366a9b0594b2144c7661","ssdeep":"","tlshash":"fec0123d10e31515c17734fd79db42483a33204260964b01bd1c86595fb19769233a8d","size":187,"data":"","first_seen":"2026-06-24T15:17:26.275016Z","last_seen":"2026-06-24T15:17:58.262374Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-06-24T15:17:58.263687Z","times_seen":674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee76fc39e6ef207881ee1f741fd9781d","sha1":"91979f4f1f8721d00454088c00d56bfbf203004e","sha256":"073174222988296565091cff931d54dbf1efea433aa7b43da73c3162e3941b9c","sha512":"59069539bc0917be4c4375a2e2edc13ca7abe18001e857651c1419e84093799634ed92452803a56c231ee2280c571625dab1c16360206b4c281199fdb00ec8d1","ssdeep":"","tlshash":"eab012bd80506a662821305b874f812e7818e933106e4e4135e91319cf04922d9a5bc9","size":106,"data":"","first_seen":"2026-06-24T15:17:26.280327Z","last_seen":"2026-06-24T15:17:58.264405Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce20f392e6758178a2ef9d9a32a4403b","sha1":"8ad92a0c0bb9fac4bfa1ee4bf41235a06b6fd5ba","sha256":"e307e70335aaf6a54e6499f33b79a4bc3198d0b065141f2f45e6828ac90db3ab","sha512":"9a2f0853c0c7a159f6c85f6a696ebccc412995bd395a003612a456ea1169962addf7191508c0353bba3000380429800a5febb721dd9f908c3db74f92e69b43af","ssdeep":"","tlshash":"65c012ea4114aa51a529104e5f4fe1567404a472489a9945769e52189b0c52189a87c6","size":182,"data":"","first_seen":"2026-06-24T15:17:26.283188Z","last_seen":"2026-06-24T15:17:58.265508Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"afd1066d2ceb0f569becb6f2dc3439e3","sha1":"0f741e638cf8511bd85c2dd92ce880c0ccdb0d7b","sha256":"7aff892b5a76b9aa082a63d1761579ff9a3b2e3cc7b9a13302ab13a1a9cd7b9a","sha512":"e1bbd88337cf933d392aa92b20efbadbae759eb3e2dd417db358679bac3c249e822b9bfe63c1dfead801fc5f86c05ba9bb84c4ea2455ab93c44e401ae408b2a4","ssdeep":"","tlshash":"8fe0cd1b14744938823721b356dfc1897522000bb552da9b7d1d87440f81d701bb3d58","size":335,"data":"","first_seen":"2026-06-24T15:17:26.28468Z","last_seen":"2026-06-24T15:17:58.266462Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b809a33b3fc9948b32a0db312de26b","sha1":"71f4e565f086b459ffe3c6b7e6175de96f05ced0","sha256":"e0717b1929863b6b1c6dde5ea22604217a8c94f7b7fb4f277a9c1b2d8fb294f9","sha512":"96dc995e35610ba098ea085827acf5c9c445bfcf897012c7cf4c890f93e3a5228bb2b96c6840381f07c27666e416377966445214d9e50e745128a1930818736e","ssdeep":"","tlshash":"43f04eeb357a8438866758bf66b78684383024433502961a790dc2950fb1dd084275dc","size":650,"data":"","first_seen":"2026-06-24T15:17:26.28635Z","last_seen":"2026-06-24T15:17:58.267356Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"3cdfed55dbdaf2936d279cf1031f74d7","sha1":"94bf70aa453801481f09c89979cbca394e87fb76","sha256":"90c08e967a747febf7baa6c7b684f96b64a2909cad6b8a52f2bd1a45f55193ec","sha512":"8c74803659c98db4fae91d8debe8bf86b0dd4e72fecefc86066638472a26e0209472efc5b17547c799ae6ab1c2d5822355f2349081f5366a9b0594b2144c7661","ssdeep":"","tlshash":"fec0123d10e31515c17734fd79db42483a33204260964b01bd1c86595fb19769233a8d","size":187,"data":"","first_seen":"2026-06-24T15:17:26.275016Z","last_seen":"2026-06-24T15:17:58.262374Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-06-24T15:17:58.263687Z","times_seen":674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee76fc39e6ef207881ee1f741fd9781d","sha1":"91979f4f1f8721d00454088c00d56bfbf203004e","sha256":"073174222988296565091cff931d54dbf1efea433aa7b43da73c3162e3941b9c","sha512":"59069539bc0917be4c4375a2e2edc13ca7abe18001e857651c1419e84093799634ed92452803a56c231ee2280c571625dab1c16360206b4c281199fdb00ec8d1","ssdeep":"","tlshash":"eab012bd80506a662821305b874f812e7818e933106e4e4135e91319cf04922d9a5bc9","size":106,"data":"","first_seen":"2026-06-24T15:17:26.280327Z","last_seen":"2026-06-24T15:17:58.264405Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce20f392e6758178a2ef9d9a32a4403b","sha1":"8ad92a0c0bb9fac4bfa1ee4bf41235a06b6fd5ba","sha256":"e307e70335aaf6a54e6499f33b79a4bc3198d0b065141f2f45e6828ac90db3ab","sha512":"9a2f0853c0c7a159f6c85f6a696ebccc412995bd395a003612a456ea1169962addf7191508c0353bba3000380429800a5febb721dd9f908c3db74f92e69b43af","ssdeep":"","tlshash":"65c012ea4114aa51a529104e5f4fe1567404a472489a9945769e52189b0c52189a87c6","size":182,"data":"","first_seen":"2026-06-24T15:17:26.283188Z","last_seen":"2026-06-24T15:17:58.265508Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"afd1066d2ceb0f569becb6f2dc3439e3","sha1":"0f741e638cf8511bd85c2dd92ce880c0ccdb0d7b","sha256":"7aff892b5a76b9aa082a63d1761579ff9a3b2e3cc7b9a13302ab13a1a9cd7b9a","sha512":"e1bbd88337cf933d392aa92b20efbadbae759eb3e2dd417db358679bac3c249e822b9bfe63c1dfead801fc5f86c05ba9bb84c4ea2455ab93c44e401ae408b2a4","ssdeep":"","tlshash":"8fe0cd1b14744938823721b356dfc1897522000bb552da9b7d1d87440f81d701bb3d58","size":335,"data":"","first_seen":"2026-06-24T15:17:26.28468Z","last_seen":"2026-06-24T15:17:58.266462Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b809a33b3fc9948b32a0db312de26b","sha1":"71f4e565f086b459ffe3c6b7e6175de96f05ced0","sha256":"e0717b1929863b6b1c6dde5ea22604217a8c94f7b7fb4f277a9c1b2d8fb294f9","sha512":"96dc995e35610ba098ea085827acf5c9c445bfcf897012c7cf4c890f93e3a5228bb2b96c6840381f07c27666e416377966445214d9e50e745128a1930818736e","ssdeep":"","tlshash":"43f04eeb357a8438866758bf66b78684383024433502961a790dc2950fb1dd084275dc","size":650,"data":"","first_seen":"2026-06-24T15:17:26.28635Z","last_seen":"2026-06-24T15:17:58.267356Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","size":760171,"data":"","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-06-25T01:04:14.198002Z","times_seen":3653,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"3cdfed55dbdaf2936d279cf1031f74d7","sha1":"94bf70aa453801481f09c89979cbca394e87fb76","sha256":"90c08e967a747febf7baa6c7b684f96b64a2909cad6b8a52f2bd1a45f55193ec","sha512":"8c74803659c98db4fae91d8debe8bf86b0dd4e72fecefc86066638472a26e0209472efc5b17547c799ae6ab1c2d5822355f2349081f5366a9b0594b2144c7661","ssdeep":"","tlshash":"fec0123d10e31515c17734fd79db42483a33204260964b01bd1c86595fb19769233a8d","size":187,"data":"","first_seen":"2026-06-24T15:17:26.275016Z","last_seen":"2026-06-24T15:17:58.262374Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-06-24T15:17:58.263687Z","times_seen":674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee76fc39e6ef207881ee1f741fd9781d","sha1":"91979f4f1f8721d00454088c00d56bfbf203004e","sha256":"073174222988296565091cff931d54dbf1efea433aa7b43da73c3162e3941b9c","sha512":"59069539bc0917be4c4375a2e2edc13ca7abe18001e857651c1419e84093799634ed92452803a56c231ee2280c571625dab1c16360206b4c281199fdb00ec8d1","ssdeep":"","tlshash":"eab012bd80506a662821305b874f812e7818e933106e4e4135e91319cf04922d9a5bc9","size":106,"data":"","first_seen":"2026-06-24T15:17:26.280327Z","last_seen":"2026-06-24T15:17:58.264405Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce20f392e6758178a2ef9d9a32a4403b","sha1":"8ad92a0c0bb9fac4bfa1ee4bf41235a06b6fd5ba","sha256":"e307e70335aaf6a54e6499f33b79a4bc3198d0b065141f2f45e6828ac90db3ab","sha512":"9a2f0853c0c7a159f6c85f6a696ebccc412995bd395a003612a456ea1169962addf7191508c0353bba3000380429800a5febb721dd9f908c3db74f92e69b43af","ssdeep":"","tlshash":"65c012ea4114aa51a529104e5f4fe1567404a472489a9945769e52189b0c52189a87c6","size":182,"data":"","first_seen":"2026-06-24T15:17:26.283188Z","last_seen":"2026-06-24T15:17:58.265508Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"afd1066d2ceb0f569becb6f2dc3439e3","sha1":"0f741e638cf8511bd85c2dd92ce880c0ccdb0d7b","sha256":"7aff892b5a76b9aa082a63d1761579ff9a3b2e3cc7b9a13302ab13a1a9cd7b9a","sha512":"e1bbd88337cf933d392aa92b20efbadbae759eb3e2dd417db358679bac3c249e822b9bfe63c1dfead801fc5f86c05ba9bb84c4ea2455ab93c44e401ae408b2a4","ssdeep":"","tlshash":"8fe0cd1b14744938823721b356dfc1897522000bb552da9b7d1d87440f81d701bb3d58","size":335,"data":"","first_seen":"2026-06-24T15:17:26.28468Z","last_seen":"2026-06-24T15:17:58.266462Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b809a33b3fc9948b32a0db312de26b","sha1":"71f4e565f086b459ffe3c6b7e6175de96f05ced0","sha256":"e0717b1929863b6b1c6dde5ea22604217a8c94f7b7fb4f277a9c1b2d8fb294f9","sha512":"96dc995e35610ba098ea085827acf5c9c445bfcf897012c7cf4c890f93e3a5228bb2b96c6840381f07c27666e416377966445214d9e50e745128a1930818736e","ssdeep":"","tlshash":"43f04eeb357a8438866758bf66b78684383024433502961a790dc2950fb1dd084275dc","size":650,"data":"","first_seen":"2026-06-24T15:17:26.28635Z","last_seen":"2026-06-24T15:17:58.267356Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/config.js","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"e631bb1bbd341250fdb054b2bb10b7ce","sha1":"3b6df5be1c95d277642f5c62d11d2eafb932c15d","sha256":"047587cb948f9ee291eb3a5599dfda0d1e2ccdfc27aa39fedb667140c38b0697","sha512":"33a793e6f3b6d48f3bd8389a3c8fe689414333d144601a4f5685e92d50157695777778ecaf9475ed3737f9bccbf63f2ac2f2a185f5c68c2052b3ba60e95dfb55","ssdeep":"","tlshash":"9c11429b0a39630210360082ef4bf075eb97c2bb954580117519ef441f78eb14d7b9cf","size":1063,"data":"","first_seen":"2026-06-24T15:17:26.252057Z","last_seen":"2026-06-24T15:17:58.251586Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/main.js","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"addc21adeb6f1bd8fc1d7df7949856e1","sha1":"43797415d7868d793a77be5a354b78ec25a61daa","sha256":"e46cc7abcbc7963f317e09f97052a98df30d124f4aacd10b437998c091f1d21b","sha512":"f17fa872dcfb871f015952e0f21f1004c4f9946c456b3484a597a1705e176c055f1be1e3ab4156d2b9e44e0aa34348828341e3a9aaeee1d195baa7ee30fb8cf4","ssdeep":"192:TF//+C1CRkCcZVggWmhnfrg4pDkI7LhUMeJHDbZiPkMoT/J3wp/+/Vy2nt:TF/I65x57Gyko/aTt","tlshash":"4952a5be1226b060897b63766f832011f263612ba600d29636fec3111f76c55d9e7fec","size":13650,"data":"","first_seen":"2026-06-24T15:17:26.26529Z","last_seen":"2026-06-24T15:17:58.259073Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-24","alert":"Detects file containing Telegram Bot API","trigger":"bnbuse.xyz/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"3cdfed55dbdaf2936d279cf1031f74d7","sha1":"94bf70aa453801481f09c89979cbca394e87fb76","sha256":"90c08e967a747febf7baa6c7b684f96b64a2909cad6b8a52f2bd1a45f55193ec","sha512":"8c74803659c98db4fae91d8debe8bf86b0dd4e72fecefc86066638472a26e0209472efc5b17547c799ae6ab1c2d5822355f2349081f5366a9b0594b2144c7661","ssdeep":"","tlshash":"fec0123d10e31515c17734fd79db42483a33204260964b01bd1c86595fb19769233a8d","size":187,"data":"","first_seen":"2026-06-24T15:17:26.275016Z","last_seen":"2026-06-24T15:17:58.262374Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-06-24T15:17:58.263687Z","times_seen":674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee76fc39e6ef207881ee1f741fd9781d","sha1":"91979f4f1f8721d00454088c00d56bfbf203004e","sha256":"073174222988296565091cff931d54dbf1efea433aa7b43da73c3162e3941b9c","sha512":"59069539bc0917be4c4375a2e2edc13ca7abe18001e857651c1419e84093799634ed92452803a56c231ee2280c571625dab1c16360206b4c281199fdb00ec8d1","ssdeep":"","tlshash":"eab012bd80506a662821305b874f812e7818e933106e4e4135e91319cf04922d9a5bc9","size":106,"data":"","first_seen":"2026-06-24T15:17:26.280327Z","last_seen":"2026-06-24T15:17:58.264405Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce20f392e6758178a2ef9d9a32a4403b","sha1":"8ad92a0c0bb9fac4bfa1ee4bf41235a06b6fd5ba","sha256":"e307e70335aaf6a54e6499f33b79a4bc3198d0b065141f2f45e6828ac90db3ab","sha512":"9a2f0853c0c7a159f6c85f6a696ebccc412995bd395a003612a456ea1169962addf7191508c0353bba3000380429800a5febb721dd9f908c3db74f92e69b43af","ssdeep":"","tlshash":"65c012ea4114aa51a529104e5f4fe1567404a472489a9945769e52189b0c52189a87c6","size":182,"data":"","first_seen":"2026-06-24T15:17:26.283188Z","last_seen":"2026-06-24T15:17:58.265508Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"afd1066d2ceb0f569becb6f2dc3439e3","sha1":"0f741e638cf8511bd85c2dd92ce880c0ccdb0d7b","sha256":"7aff892b5a76b9aa082a63d1761579ff9a3b2e3cc7b9a13302ab13a1a9cd7b9a","sha512":"e1bbd88337cf933d392aa92b20efbadbae759eb3e2dd417db358679bac3c249e822b9bfe63c1dfead801fc5f86c05ba9bb84c4ea2455ab93c44e401ae408b2a4","ssdeep":"","tlshash":"8fe0cd1b14744938823721b356dfc1897522000bb552da9b7d1d87440f81d701bb3d58","size":335,"data":"","first_seen":"2026-06-24T15:17:26.28468Z","last_seen":"2026-06-24T15:17:58.266462Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b809a33b3fc9948b32a0db312de26b","sha1":"71f4e565f086b459ffe3c6b7e6175de96f05ced0","sha256":"e0717b1929863b6b1c6dde5ea22604217a8c94f7b7fb4f277a9c1b2d8fb294f9","sha512":"96dc995e35610ba098ea085827acf5c9c445bfcf897012c7cf4c890f93e3a5228bb2b96c6840381f07c27666e416377966445214d9e50e745128a1930818736e","ssdeep":"","tlshash":"43f04eeb357a8438866758bf66b78684383024433502961a790dc2950fb1dd084275dc","size":650,"data":"","first_seen":"2026-06-24T15:17:26.28635Z","last_seen":"2026-06-24T15:17:58.267356Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"3cdfed55dbdaf2936d279cf1031f74d7","sha1":"94bf70aa453801481f09c89979cbca394e87fb76","sha256":"90c08e967a747febf7baa6c7b684f96b64a2909cad6b8a52f2bd1a45f55193ec","sha512":"8c74803659c98db4fae91d8debe8bf86b0dd4e72fecefc86066638472a26e0209472efc5b17547c799ae6ab1c2d5822355f2349081f5366a9b0594b2144c7661","ssdeep":"","tlshash":"fec0123d10e31515c17734fd79db42483a33204260964b01bd1c86595fb19769233a8d","size":187,"data":"","first_seen":"2026-06-24T15:17:26.275016Z","last_seen":"2026-06-24T15:17:58.262374Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-06-24T15:17:58.263687Z","times_seen":674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee76fc39e6ef207881ee1f741fd9781d","sha1":"91979f4f1f8721d00454088c00d56bfbf203004e","sha256":"073174222988296565091cff931d54dbf1efea433aa7b43da73c3162e3941b9c","sha512":"59069539bc0917be4c4375a2e2edc13ca7abe18001e857651c1419e84093799634ed92452803a56c231ee2280c571625dab1c16360206b4c281199fdb00ec8d1","ssdeep":"","tlshash":"eab012bd80506a662821305b874f812e7818e933106e4e4135e91319cf04922d9a5bc9","size":106,"data":"","first_seen":"2026-06-24T15:17:26.280327Z","last_seen":"2026-06-24T15:17:58.264405Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce20f392e6758178a2ef9d9a32a4403b","sha1":"8ad92a0c0bb9fac4bfa1ee4bf41235a06b6fd5ba","sha256":"e307e70335aaf6a54e6499f33b79a4bc3198d0b065141f2f45e6828ac90db3ab","sha512":"9a2f0853c0c7a159f6c85f6a696ebccc412995bd395a003612a456ea1169962addf7191508c0353bba3000380429800a5febb721dd9f908c3db74f92e69b43af","ssdeep":"","tlshash":"65c012ea4114aa51a529104e5f4fe1567404a472489a9945769e52189b0c52189a87c6","size":182,"data":"","first_seen":"2026-06-24T15:17:26.283188Z","last_seen":"2026-06-24T15:17:58.265508Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"afd1066d2ceb0f569becb6f2dc3439e3","sha1":"0f741e638cf8511bd85c2dd92ce880c0ccdb0d7b","sha256":"7aff892b5a76b9aa082a63d1761579ff9a3b2e3cc7b9a13302ab13a1a9cd7b9a","sha512":"e1bbd88337cf933d392aa92b20efbadbae759eb3e2dd417db358679bac3c249e822b9bfe63c1dfead801fc5f86c05ba9bb84c4ea2455ab93c44e401ae408b2a4","ssdeep":"","tlshash":"8fe0cd1b14744938823721b356dfc1897522000bb552da9b7d1d87440f81d701bb3d58","size":335,"data":"","first_seen":"2026-06-24T15:17:26.28468Z","last_seen":"2026-06-24T15:17:58.266462Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b809a33b3fc9948b32a0db312de26b","sha1":"71f4e565f086b459ffe3c6b7e6175de96f05ced0","sha256":"e0717b1929863b6b1c6dde5ea22604217a8c94f7b7fb4f277a9c1b2d8fb294f9","sha512":"96dc995e35610ba098ea085827acf5c9c445bfcf897012c7cf4c890f93e3a5228bb2b96c6840381f07c27666e416377966445214d9e50e745128a1930818736e","ssdeep":"","tlshash":"43f04eeb357a8438866758bf66b78684383024433502961a790dc2950fb1dd084275dc","size":650,"data":"","first_seen":"2026-06-24T15:17:26.28635Z","last_seen":"2026-06-24T15:17:58.267356Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"3cdfed55dbdaf2936d279cf1031f74d7","sha1":"94bf70aa453801481f09c89979cbca394e87fb76","sha256":"90c08e967a747febf7baa6c7b684f96b64a2909cad6b8a52f2bd1a45f55193ec","sha512":"8c74803659c98db4fae91d8debe8bf86b0dd4e72fecefc86066638472a26e0209472efc5b17547c799ae6ab1c2d5822355f2349081f5366a9b0594b2144c7661","ssdeep":"","tlshash":"fec0123d10e31515c17734fd79db42483a33204260964b01bd1c86595fb19769233a8d","size":187,"data":"","first_seen":"2026-06-24T15:17:26.275016Z","last_seen":"2026-06-24T15:17:58.262374Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-06-24T15:17:58.263687Z","times_seen":674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee76fc39e6ef207881ee1f741fd9781d","sha1":"91979f4f1f8721d00454088c00d56bfbf203004e","sha256":"073174222988296565091cff931d54dbf1efea433aa7b43da73c3162e3941b9c","sha512":"59069539bc0917be4c4375a2e2edc13ca7abe18001e857651c1419e84093799634ed92452803a56c231ee2280c571625dab1c16360206b4c281199fdb00ec8d1","ssdeep":"","tlshash":"eab012bd80506a662821305b874f812e7818e933106e4e4135e91319cf04922d9a5bc9","size":106,"data":"","first_seen":"2026-06-24T15:17:26.280327Z","last_seen":"2026-06-24T15:17:58.264405Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce20f392e6758178a2ef9d9a32a4403b","sha1":"8ad92a0c0bb9fac4bfa1ee4bf41235a06b6fd5ba","sha256":"e307e70335aaf6a54e6499f33b79a4bc3198d0b065141f2f45e6828ac90db3ab","sha512":"9a2f0853c0c7a159f6c85f6a696ebccc412995bd395a003612a456ea1169962addf7191508c0353bba3000380429800a5febb721dd9f908c3db74f92e69b43af","ssdeep":"","tlshash":"65c012ea4114aa51a529104e5f4fe1567404a472489a9945769e52189b0c52189a87c6","size":182,"data":"","first_seen":"2026-06-24T15:17:26.283188Z","last_seen":"2026-06-24T15:17:58.265508Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"afd1066d2ceb0f569becb6f2dc3439e3","sha1":"0f741e638cf8511bd85c2dd92ce880c0ccdb0d7b","sha256":"7aff892b5a76b9aa082a63d1761579ff9a3b2e3cc7b9a13302ab13a1a9cd7b9a","sha512":"e1bbd88337cf933d392aa92b20efbadbae759eb3e2dd417db358679bac3c249e822b9bfe63c1dfead801fc5f86c05ba9bb84c4ea2455ab93c44e401ae408b2a4","ssdeep":"","tlshash":"8fe0cd1b14744938823721b356dfc1897522000bb552da9b7d1d87440f81d701bb3d58","size":335,"data":"","first_seen":"2026-06-24T15:17:26.28468Z","last_seen":"2026-06-24T15:17:58.266462Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b809a33b3fc9948b32a0db312de26b","sha1":"71f4e565f086b459ffe3c6b7e6175de96f05ced0","sha256":"e0717b1929863b6b1c6dde5ea22604217a8c94f7b7fb4f277a9c1b2d8fb294f9","sha512":"96dc995e35610ba098ea085827acf5c9c445bfcf897012c7cf4c890f93e3a5228bb2b96c6840381f07c27666e416377966445214d9e50e745128a1930818736e","ssdeep":"","tlshash":"43f04eeb357a8438866758bf66b78684383024433502961a790dc2950fb1dd084275dc","size":650,"data":"","first_seen":"2026-06-24T15:17:26.28635Z","last_seen":"2026-06-24T15:17:58.267356Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bnbuse.xyz/config.js","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.606Z","timestamp":1782314249606,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbuse.xyz","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 11:07:49 GMT","end":"Wed, 09 Sep 2026 11:07:48 GMT"},"fingerprint":{"sha1":"66:84:9A:E0:29:E6:BA:D5:B3:46:91:98:EB:1C:4F:B6:70:A6:69:46","sha256":"B0:93:CC:8A:DB:3C:92:0D:34:80:2F:00:74:22:34:75:0A:39:5A:A1:48:67:C0:1C:18:6A:FE:BA:DA:CA:85:52"}}},"request":{"raw":"GET /config.js HTTP/1.1\r\nHost: bnbuse.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bnbuse.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: max-age=2678400, private\r\nexpires: Fri, 24 Jul 2026 15:17:29 GMT\r\ncontent-type: text/javascript\r\nlast-modified: Thu, 11 Jun 2026 13:12:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 648\r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1063,"size_decoded":985,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"e631bb1bbd341250fdb054b2bb10b7ce","sha1":"3b6df5be1c95d277642f5c62d11d2eafb932c15d","sha256":"047587cb948f9ee291eb3a5599dfda0d1e2ccdfc27aa39fedb667140c38b0697","sha512":"33a793e6f3b6d48f3bd8389a3c8fe689414333d144601a4f5685e92d50157695777778ecaf9475ed3737f9bccbf63f2ac2f2a185f5c68c2052b3ba60e95dfb55","ssdeep":"","tlshash":"9c11429b0a39630210360082ef4bf075eb97c2bb954580117519ef441f78eb14d7b9cf","first_seen":"2026-06-24T15:17:26.252057Z","last_seen":"2026-06-24T15:17:58.251586Z","times_seen":2,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"bnbuse.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cryptologos.cc/logos/bnb-bnb-logo.png?v=040","fqdn":"cryptologos.cc","domain":"cryptologos.cc","tld":"cc"},"ip":{"addr":"172.67.218.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.614Z","timestamp":1782314249614,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cryptologos.cc","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Jun 2026 11:19:04 GMT","end":"Thu, 17 Sep 2026 11:19:03 GMT"},"fingerprint":{"sha1":"87:47:5A:D8:F8:A1:93:29:07:38:14:F1:21:57:82:BE:E9:AD:5A:AB","sha256":"0B:19:C1:9C:93:8C:4D:22:1F:36:26:C2:CE:1F:31:A3:44:1D:AF:60:C8:70:14:01:76:3F:12:44:C9:05:9D:28"}}},"request":{"raw":"GET /logos/bnb-bnb-logo.png?v=040 HTTP/1.1\r\nHost: cryptologos.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bnbuse.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 104712\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 10 Jun 2026 13:56:29 GMT\r\netag: \"19908-653e69c462d34\"\r\naccept-ranges: bytes\r\nage: 43\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aGg2M98FJ6zpL%2BSIXVse%2BeYpxNvInN0VTewgPIGXJ1Z1tc56eksp5BYQyI%2BmqZT6JcCqUkpJG0cfpk4fmw%2FENdN1BURQTfC9uGizVZgt23XU6Y04UevOkebYY%2F7nHFZs0w%3D%3D\"}]}\r\ncf-ray: a10cb31c88d90b45-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":104712,"size_decoded":105400,"mime_type":"image/png","magic":"PNG image data, 2000 x 2000, 8-bit/color RGBA, non-interlaced","md5":"9faf561e1bbd427d5d739b539249357f","sha1":"fbfac48e3c8c1caa9d17b8a38281eeef0d996d43","sha256":"86d65436ed9470ff4447f0ffd6426fe2622577421866e49933d2615bdb2a1a18","sha512":"aff23cde575e2cc346d303da8f1b432981bbbdeacbc02cd64f8808add90933033b8f0121cdb48b406e24fbc47234cccbcea1ba8b90b83ebfb0165f76087e04ba","ssdeep":"1536:FdYeBHIGj69qzWK89JQJV+04SoKLSc/viVXad7CL2gKpjc4f5XdG6YJhonwT/sv:zYnW64z03Q2pKrd7CKlac0JGwDsv","tlshash":"3ca302b6a3a5ec45e9939e3cec3e2ee2d774837fca4c5dd07ad09201121463aba154dc","first_seen":"2023-05-31T01:01:46Z","last_seen":"2026-06-24T23:04:09.139552Z","times_seen":309,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":61,"dns":0,"connect":1,"send":0,"wait":14,"receive":3,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.731Z","timestamp":1782314249731,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://bnbuse.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 566976\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-25T02:12:58.589273Z","times_seen":218375,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":29,"send":0,"wait":16,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.736Z","timestamp":1782314249736,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://bnbuse.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 566976\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-25T02:12:58.589273Z","times_seen":218375,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":27,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-24T15:17:29.058Z","timestamp":1782314249058,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbuse.xyz","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 11:07:49 GMT","end":"Wed, 09 Sep 2026 11:07:48 GMT"},"fingerprint":{"sha1":"66:84:9A:E0:29:E6:BA:D5:B3:46:91:98:EB:1C:4F:B6:70:A6:69:46","sha256":"B0:93:CC:8A:DB:3C:92:0D:34:80:2F:00:74:22:34:75:0A:39:5A:A1:48:67:C0:1C:18:6A:FE:BA:DA:CA:85:52"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bnbuse.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: max-age=7200, private, must-revalidate\r\nexpires: Wed, 24 Jun 2026 15:17:29 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 11 Jun 2026 13:12:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4230\r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":19206,"size_decoded":4754,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (560), with CRLF line terminators","md5":"3bb14d0efc9dbf613a1d8f8e0cc6146b","sha1":"767d29e6bdc98a93add933fc81a3f34451ddbdd9","sha256":"070488a03d95e9c9c38da313038d1daa89f35f98b2ccebb0ee0b34a7f6db5f4d","sha512":"e31c609a9e42fb0ef75fcf33554a88f8da48b75072cc0ca1a1f7fb244b16e149cb8571654af3764a2f0031504ac2565dc01f99d49bd658a4c54ea0b83b677d6f","ssdeep":"192:lQqZht9pcEtnQ79CFksdmtqSkxEoGasfmPa0eYXYs9asEPxHIktftki4koR/LT/t:V4C30oR/LDmlFjecC6q+U4E","tlshash":"e782b836f5c4445b503386a9aba7a77fff3e9053830549783a8c73720f764968d23a58","first_seen":"2026-06-24T15:17:26.260304Z","last_seen":"2026-06-24T15:17:58.257218Z","times_seen":2,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":6,"connect":24,"send":0,"wait":26,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"bnbuse.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.599Z","timestamp":1782314249599,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/ethers@5.7.2/dist/ethers.umd.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bnbuse.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 168432\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.7.2\r\nx-jsd-version-type: version\r\netag: W/\"b996b-tlFUVYf2JXNF3D3p3apESxDe3z4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220026-FRA, cache-bma-essb1270058-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 3388901\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TWnDNjw95DjZB8kQr4qYQYXA%2BLSZXQh%2Fn0gqqujWzi3hh1Zrtw27j42s7%2FmQNwZTdGF%2FLhqXeWE5iUL%2B8wdaCAorCBC2Vlbi07eqkQ6X8%2BfivKQ0J6sKpotPWh0c4D4zWhQ%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a10cb31c1dfd23eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":760171,"size_decoded":169587,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-06-25T01:04:14.198002Z","times_seen":3653,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":2,"connect":3,"send":0,"wait":8,"receive":5,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/main.js","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.608Z","timestamp":1782314249608,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbuse.xyz","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 11:07:49 GMT","end":"Wed, 09 Sep 2026 11:07:48 GMT"},"fingerprint":{"sha1":"66:84:9A:E0:29:E6:BA:D5:B3:46:91:98:EB:1C:4F:B6:70:A6:69:46","sha256":"B0:93:CC:8A:DB:3C:92:0D:34:80:2F:00:74:22:34:75:0A:39:5A:A1:48:67:C0:1C:18:6A:FE:BA:DA:CA:85:52"}}},"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: bnbuse.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bnbuse.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: max-age=2678400, private\r\nexpires: Fri, 24 Jul 2026 15:17:29 GMT\r\ncontent-type: text/javascript\r\nlast-modified: Thu, 11 Jun 2026 13:12:29 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3688\r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13654,"size_decoded":4026,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text, with very long lines (393), with CRLF line terminators","md5":"addc21adeb6f1bd8fc1d7df7949856e1","sha1":"43797415d7868d793a77be5a354b78ec25a61daa","sha256":"e46cc7abcbc7963f317e09f97052a98df30d124f4aacd10b437998c091f1d21b","sha512":"f17fa872dcfb871f015952e0f21f1004c4f9946c456b3484a597a1705e176c055f1be1e3ab4156d2b9e44e0aa34348828341e3a9aaeee1d195baa7ee30fb8cf4","ssdeep":"192:TF//+C1CRkCcZVggWmhnfrg4pDkI7LhUMeJHDbZiPkMoT/J3wp/+/Vy2nt:TF/I65x57Gyko/aTt","tlshash":"4952a5be1226b060897b63766f832011f263612ba600d29636fec3111f76c55d9e7fec","first_seen":"2026-06-24T15:17:26.26529Z","last_seen":"2026-06-24T15:17:58.259073Z","times_seen":2,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-24","alert":"Detects file containing Telegram Bot API","trigger":"bnbuse.xyz/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"bnbuse.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.733Z","timestamp":1782314249733,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://bnbuse.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 566976\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-25T02:12:58.589273Z","times_seen":218375,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":29,"dns":0,"connect":0,"send":0,"wait":21,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/favicon.ico","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.824Z","timestamp":1782314249824,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbuse.xyz","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 11:07:49 GMT","end":"Wed, 09 Sep 2026 11:07:48 GMT"},"fingerprint":{"sha1":"66:84:9A:E0:29:E6:BA:D5:B3:46:91:98:EB:1C:4F:B6:70:A6:69:46","sha256":"B0:93:CC:8A:DB:3C:92:0D:34:80:2F:00:74:22:34:75:0A:39:5A:A1:48:67:C0:1C:18:6A:FE:BA:DA:CA:85:52"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bnbuse.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bnbuse.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0,public\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":1486,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-25T02:03:44.631681Z","times_seen":135588,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"bnbuse.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.594Z","timestamp":1782314249594,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:19 GMT","end":"Mon, 17 Aug 2026 08:38:18 GMT"},"fingerprint":{"sha1":"4D:E0:8E:62:2F:B2:3D:28:5D:7D:B5:8D:C5:3A:72:E4:EE:AB:7D:93","sha256":"AE:0B:4F:B5:B7:41:E5:0C:70:C0:E1:2A:F9:DB:AD:A8:64:94:F3:70:6D:38:1C:8A:8A:CA:52:96:5C:D8:5C:87"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bnbuse.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 24 Jun 2026 15:17:29 GMT\r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":1447,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-06-25T02:20:40.27129Z","times_seen":31663,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":16,"send":0,"wait":33,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbuse.xyz/style.css?v=475453346","fqdn":"bnbuse.xyz","domain":"bnbuse.xyz","tld":"xyz"},"ip":{"addr":"92.204.162.165","port":443,"asn":20773,"as":"Host Europe GmbH","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bnbuse.xyz/","date":"2026-06-24T15:17:29.597Z","timestamp":1782314249597,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbuse.xyz","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 11:07:49 GMT","end":"Wed, 09 Sep 2026 11:07:48 GMT"},"fingerprint":{"sha1":"66:84:9A:E0:29:E6:BA:D5:B3:46:91:98:EB:1C:4F:B6:70:A6:69:46","sha256":"B0:93:CC:8A:DB:3C:92:0D:34:80:2F:00:74:22:34:75:0A:39:5A:A1:48:67:C0:1C:18:6A:FE:BA:DA:CA:85:52"}}},"request":{"raw":"GET /style.css?v=475453346 HTTP/1.1\r\nHost: bnbuse.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bnbuse.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: max-age=2678400, public\r\nexpires: Fri, 24 Jul 2026 15:17:29 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 11 Jun 2026 13:12:29 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3491\r\ndate: Wed, 24 Jun 2026 15:17:29 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":16463,"size_decoded":3821,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"9a69c8b53aeb92446d0ce4b7fa67a73c","sha1":"d8b99ca5ef8fdf6d2315f7827da40d66f75a532a","sha256":"e615cabc5003def3f2d5b255c0c0910710f8fb784efaa8d9fd6583721c215977","sha512":"7f6297d34896c8fa98df071fe99dad39b37e2ab38108acf2066dcc5c6e210cba001f20f64131272bd81f2dbc77b9f0cbebfa8eea4e94a555516dc41f1f95d866","ssdeep":"192:kAfP5BgAgAfP5BgAjBAuiDb1LKquuMU7sN1OwSHsfjkEHOlL7D/8PMeDNEWAw6qg:/BgADBgAZFOhLP/K5N6","tlshash":"80722014960295026f338ffab3d6a60bfb2b40abcf22a1bdb6c451058ff557059d1e8d","first_seen":"2026-04-28T14:06:19.925989Z","last_seen":"2026-06-24T15:17:58.261728Z","times_seen":13,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"bnbuse.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}