{"report_id":"e19dbf72-b26e-4ebb-8a1b-d03a4d4b3e9a","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-05-17T03:35:03Z","url":{"schema":"http","addr":"bnbsendusdt.live","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"bnbsendusdt.live/","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"title":"Transfer Trust Wallet","dom":{"size":6121,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (392)","md5":"f6a501b436be7cf51fb56e5c26b5f8f9","sha1":"0a6a288a8b5550ad71e3eb4295f6cf4b573e3b96","sha256":"2719b12240ba40e33fc0351cd6ae5210c102f526f3b689586ca253e2cda9531b","sha512":"4114a0a00040f8d1fb98f445c3ac9ed8b15a19a23ba38c856a8761a9bdfae99d2cd81a05c648b1767b4f377797608fec63ab552f9a11ac6b133520afa6257bd8","ssdeep":"96:3dvWqO3uuau9WCWaJ9mkow/LqA36ReDLIfkgIfkmvEqVOCMP59mUm5KS:3dvWq8uuau9WCWaJAkow/LWEL5k59mUM","tlshash":"dac1e771f8e11ea9a003c2a76eaab03eb978d507d10f994c70dc41b61fc3d988ea3108","dom_hash":"domhash5ccd28599fc7c78962099574004acc5a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bnbsendusdt.live","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-21T03:35:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-17","alert":"Detects file containing Telegram Bot API","trigger":"bnbsendusdt.live/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"bnbsendusdt.live","ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-17T03:35:04.940867Z","last_seen":"2026-05-17T03:35:04.940867Z","alert_count":3,"request_count":6,"received_data":801610,"sent_data":2632,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"bnbsendusdt.live/main.js","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"md5":"87cd9dc2440b0372e8cca225791ed32d","sha1":"1288362d9984b3f3b9c0a8bf375de6d753a2c848","sha256":"464abd962e2329f3eeb20fa6cca911fa4911c5f6473c4df901c5b993d7707676","sha512":"89d5e8544ecf5f44fc81cfe8a9f83f0fa53486991ff69b31ed860c041ef15bd874c96eca41e77471b1e937e0af3cc98cd79efae69decdd796d57c032cd4cf81a","size":11645,"token":"8707196099:AAEJWmqgiy6xK9k-nlRnA-GzkK6Lf-nsGBk","is_revoked":false,"bot":{"token":"8707196099:AAEJWmqgiy6xK9k-nlRnA-GzkK6Lf-nsGBk","user_id":"8707196099","username":"usdtwalahunbot","first_name":"usdt leke farar","last_name":"","chat":{"chat_id":"-1003994007454","title":"Usdt logs","type":"supergroup","bot_is":"administrator","total_users":4,"active_members":null,"admins":[{"user_id":8311874927,"username":"fyndradevofficial","first_name":"Fyndra","last_name":"Dev","is_bot":false},{"user_id":8707196099,"username":"usdtwalahunbot","first_name":"usdt leke farar","last_name":"","is_bot":true}]},"pending_messages":1}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"bnbsendusdt.live/","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"4436be55e435cdb4ce98fb721a4df4b1","sha1":"80be671b3a4a1cf8a12217a5ff787935373605df","sha256":"b420646d06a9bb2ebfd720cd33e1f35f7b7fd470a7d59b08f5271183ccded372","sha512":"c31b409f5eb10c447d267733eeecaa909e0c4ed2b17a46f7d81d1105edfbed7a0e574c32627768d5c01f93bb0f5d98a9c2829aef5c949ed3530558bb845cad1f","ssdeep":"","tlshash":"06c012597020696604ce787d4ccf088ebe269412a20849c99ddcd8547fb2e6c42e484c","size":192,"data":"","first_seen":"2025-09-07T13:20:24.46413Z","last_seen":"2026-05-17T03:36:15.358898Z","times_seen":72,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"e4be95ad49f60776b58de6d5b6af56af","sha1":"2bac6e69388a83e3ae3c0f437aa42bbe64d125c1","sha256":"c9bb5472b83e63c2e58205e3f55b4f95d8cbf5ab99ed5ca8d39c51e09a11d54d","sha512":"b77a3cc716be835d7e6d65756cf73480c4b04de174ab033fcf4138bade99ae4767f18b3dc001ab4cf9cc4dd2ec2e36c45234d1addbe531358a81cca29c7cf69f","ssdeep":"","tlshash":"74b09b64d45465683f94e4556f4d7398f068492d584558907150412b458255a41d45ee","size":123,"data":"","first_seen":"2026-04-17T04:07:45.836367Z","last_seen":"2026-05-17T03:35:54.708381Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"818e4420b025ae3db203cbb086570368","sha1":"4bb7dfe3c986f117cb11b32d1a1cec71e7d1220f","sha256":"60f6e2f1e6c5734209488ef2833203c6103b26b8563d75081058f9122b83edbe","sha512":"dcef0223c324af50ffd484d42199c624e23b2bf4134a0b3ead4b254bdcfba4c085242af20d4c51c1db1b93af0725744938bb10440c7a06d50c5d930f1b033097","ssdeep":"","tlshash":"e5d022a4c15869e43f51e00a2f2cb2acf02601aa6c6a7490b030513f12c966681f9acf","size":205,"data":"","first_seen":"2026-05-17T03:35:53.653618Z","last_seen":"2026-05-17T03:35:54.711711Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"da16f7873bdde7999d48773d88f3bb99","sha1":"09b90a03d76369278696e802a2fbe8b56309e46e","sha256":"3ffce626c447a635739d93a13de0674fc1a9f52c16c14a098a65a8c767a84dd6","sha512":"78f2dec91e0bfc4008ceb09f28d404853b3c8df65504458d09c2ad141ac28786c1285187b14042817c20f258e2159208edf8eb1a74b4497023458119c183bc98","ssdeep":"","tlshash":"2bf027b6b4f098b0055fb06b1539e8142d3b088af089ab9070c50d2e9ee513c6766c63","size":472,"data":"","first_seen":"2025-11-14T15:51:27.757994Z","last_seen":"2026-05-17T03:35:54.713609Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/config.js","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"eec37a40b923cb2c52f1b9ba8a204034","sha1":"2ac796bf728aabfa09c9a1926c1de698d7277a30","sha256":"cb4cd5e0d91a6752e2452eb1468acdffbd622ef55ba161312716b0e948ae81e4","sha512":"12dcfa27fb0ed3867db3cc07c2c4619d1994142088a78014e415d87ddcb80552d54ea452d6e8ea1e0737c51d9331119612bab1e1a1f9fb89ac098cbba7b2b172","ssdeep":"","tlshash":"c611055757347246055200827f4ff065b9a7c17ba509a45230799f451fe1d710a7b1cf","size":1018,"data":"","first_seen":"2026-05-17T03:35:53.639864Z","last_seen":"2026-05-17T03:35:54.70669Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/main.js","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"87cd9dc2440b0372e8cca225791ed32d","sha1":"1288362d9984b3f3b9c0a8bf375de6d753a2c848","sha256":"464abd962e2329f3eeb20fa6cca911fa4911c5f6473c4df901c5b993d7707676","sha512":"89d5e8544ecf5f44fc81cfe8a9f83f0fa53486991ff69b31ed860c041ef15bd874c96eca41e77471b1e937e0af3cc98cd79efae69decdd796d57c032cd4cf81a","ssdeep":"192:39M5bP0gCGoCY7f4ycxmr1cHXekB3kn9DX1jwTAGQ3h8F8rCXp1z:NM5bwraiN1Z8F93","tlshash":"7c32b66e167ba060055ba17b2bcb20513133505f3a08ec6077de83521f99c699af7bfd","size":11645,"data":"","first_seen":"2026-05-17T03:35:53.63425Z","last_seen":"2026-05-17T03:35:54.699033Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-17","alert":"Detects file containing Telegram Bot API","trigger":"bnbsendusdt.live/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/npm/ethers%405.7.2/dist/ethers.umd.min.js","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","size":760171,"data":"","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-05-20T07:40:36.727461Z","times_seen":3245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bnbsendusdt.live/npm/ethers%405.7.2/dist/ethers.umd.min.js","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bnbsendusdt.live/","date":"2026-05-17T03:34:42.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbsendusdt.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 20:56:30 GMT","end":"Tue, 30 Jun 2026 20:56:29 GMT"},"fingerprint":{"sha1":"3E:9E:9F:0B:90:AB:CA:31:63:81:F6:F0:D3:A4:36:72:00:C1:13:EA","sha256":"87:86:AD:94:6A:23:A0:00:2D:0F:4D:22:C9:F3:25:53:D0:52:C6:F2:A3:B8:B4:68:9F:E5:10:97:5C:82:DB:E8"}}},"request":{"raw":"GET /npm/ethers%405.7.2/dist/ethers.umd.min.js HTTP/1.1\r\nHost: bnbsendusdt.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bnbsendusdt.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 17 May 2026 03:34:42 GMT\r\netag: \"d0e58f590100e168d93dd4ec24d09d03-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KRT006T6MMEDX11REJW89TSZ\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":760171,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-05-20T07:40:36.727461Z","times_seen":3245,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/main.js","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bnbsendusdt.live/","date":"2026-05-17T03:34:42.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbsendusdt.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 20:56:30 GMT","end":"Tue, 30 Jun 2026 20:56:29 GMT"},"fingerprint":{"sha1":"3E:9E:9F:0B:90:AB:CA:31:63:81:F6:F0:D3:A4:36:72:00:C1:13:EA","sha256":"87:86:AD:94:6A:23:A0:00:2D:0F:4D:22:C9:F3:25:53:D0:52:C6:F2:A3:B8:B4:68:9F:E5:10:97:5C:82:DB:E8"}}},"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: bnbsendusdt.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bnbsendusdt.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 17 May 2026 03:34:42 GMT\r\netag: \"f8d4132da0a423dc4efe8eaf05a1a990-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KRT006T9R7FQP0MM39DHWPZB\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":11651,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text","md5":"87cd9dc2440b0372e8cca225791ed32d","sha1":"1288362d9984b3f3b9c0a8bf375de6d753a2c848","sha256":"464abd962e2329f3eeb20fa6cca911fa4911c5f6473c4df901c5b993d7707676","sha512":"89d5e8544ecf5f44fc81cfe8a9f83f0fa53486991ff69b31ed860c041ef15bd874c96eca41e77471b1e937e0af3cc98cd79efae69decdd796d57c032cd4cf81a","ssdeep":"192:39M5bP0gCGoCY7f4ycxmr1cHXekB3kn9DX1jwTAGQ3h8F8rCXp1z:NM5bwraiN1Z8F93","tlshash":"7c32b66e167ba060055ba17b2bcb20513133505f3a08ec6077de83521f99c699af7bfd","first_seen":"2026-05-17T03:35:53.63425Z","last_seen":"2026-05-17T03:35:54.699033Z","times_seen":2,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-17","alert":"Detects file containing Telegram Bot API","trigger":"bnbsendusdt.live/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"bnbsendusdt.live/config.js","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bnbsendusdt.live/","date":"2026-05-17T03:34:42.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbsendusdt.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 20:56:30 GMT","end":"Tue, 30 Jun 2026 20:56:29 GMT"},"fingerprint":{"sha1":"3E:9E:9F:0B:90:AB:CA:31:63:81:F6:F0:D3:A4:36:72:00:C1:13:EA","sha256":"87:86:AD:94:6A:23:A0:00:2D:0F:4D:22:C9:F3:25:53:D0:52:C6:F2:A3:B8:B4:68:9F:E5:10:97:5C:82:DB:E8"}}},"request":{"raw":"GET /config.js HTTP/1.1\r\nHost: bnbsendusdt.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bnbsendusdt.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 17 May 2026 03:34:42 GMT\r\netag: \"9cf012a6fb7fe3acc209eb8d6b51f946-ssl\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01KRT006T8A0DDWFXA0HB0444C\r\ncontent-length: 1018\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1018,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"eec37a40b923cb2c52f1b9ba8a204034","sha1":"2ac796bf728aabfa09c9a1926c1de698d7277a30","sha256":"cb4cd5e0d91a6752e2452eb1468acdffbd622ef55ba161312716b0e948ae81e4","sha512":"12dcfa27fb0ed3867db3cc07c2c4619d1994142088a78014e415d87ddcb80552d54ea452d6e8ea1e0737c51d9331119612bab1e1a1f9fb89ac098cbba7b2b172","ssdeep":"","tlshash":"c611055757347246055200827f4ff065b9a7c17ba509a45230799f451fe1d710a7b1cf","first_seen":"2026-05-17T03:35:53.639864Z","last_seen":"2026-05-17T03:35:54.70669Z","times_seen":2,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"bnbsendusdt.live/favicon.ico","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bnbsendusdt.live/","date":"2026-05-17T03:34:43.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbsendusdt.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 20:56:30 GMT","end":"Tue, 30 Jun 2026 20:56:29 GMT"},"fingerprint":{"sha1":"3E:9E:9F:0B:90:AB:CA:31:63:81:F6:F0:D3:A4:36:72:00:C1:13:EA","sha256":"87:86:AD:94:6A:23:A0:00:2D:0F:4D:22:C9:F3:25:53:D0:52:C6:F2:A3:B8:B4:68:9F:E5:10:97:5C:82:DB:E8"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bnbsendusdt.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bnbsendusdt.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sun, 17 May 2026 03:34:43 GMT\r\netag: 1772890132-ssl-df\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KRT007WNVEH9FAE0TQXPXXNN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":3449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"0f89e18d0abacb99149c5e59bf69b5e1","sha1":"9e1ebb10be890c5855eec444233c028270d3e65a","sha256":"8514f0009a58c6e0acb5468f88037732b59b70af5e524f452e3bef8fb33effc5","sha512":"5275d80f3f8f1f5e0d1b6b6b0745732a69d669d66dcdab418fc5a2094bffcb81ff1d34252c97c6dffe5470f0d359a3be03cfd3dfe3d729bf186917c8cf21ece0","ssdeep":"","tlshash":"1f61848dc9a7209b5c93643e27eb560a2274a247cd46da4c3fde6348cf492f214d36ac","first_seen":"2024-12-12T10:00:11.490986Z","last_seen":"2026-05-20T12:52:28.172428Z","times_seen":10971,"resource_available":true,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-17T03:34:42.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbsendusdt.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 20:56:30 GMT","end":"Tue, 30 Jun 2026 20:56:29 GMT"},"fingerprint":{"sha1":"3E:9E:9F:0B:90:AB:CA:31:63:81:F6:F0:D3:A4:36:72:00:C1:13:EA","sha256":"87:86:AD:94:6A:23:A0:00:2D:0F:4D:22:C9:F3:25:53:D0:52:C6:F2:A3:B8:B4:68:9F:E5:10:97:5C:82:DB:E8"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bnbsendusdt.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sun, 17 May 2026 03:34:42 GMT\r\netag: \"67108de5e0c29d139521f2e547defa36-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KRT006F2JRB7S8Q6FMA0ZH6T\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":6279,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (392), with CRLF line terminators","md5":"78d8f4b4779c4dafd2224cafd5cf5963","sha1":"933ef17776c934d62e15649212bd7c8920bc77c0","sha256":"77f4a27ce67de554bf3541a48bcea63e989c01730052b683123689ff160a4c95","sha512":"5b09b3d1071d5348c69b09c9124a67b6b2433f691b2235d83a5d758a93f9b612f8d3109afbaaa12a5cffe537bd963a917f765c40345fb69c6ebfc2dd6e45d449","ssdeep":"96:Wqs/7MmkoR/L35Y5eAqtUEHUEmJYy18LPU+qAM6MK:WqUNkoR/LYJrzYU+q0","tlshash":"8ed19375b8c01e695033c3b6aea6b52ef929d117c20f994c70dc656b1fe3c688e63944","first_seen":"2026-05-17T03:35:53.645201Z","last_seen":"2026-05-17T03:35:54.702726Z","times_seen":2,"resource_available":true,"data":null}},"time_used":496,"timings":{"blocked":181,"dns":3,"connect":25,"send":0,"wait":134,"receive":0,"ssl":148},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bnbsendusdt.live/style.css","fqdn":"bnbsendusdt.live","domain":"bnbsendusdt.live","tld":"live"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bnbsendusdt.live/","date":"2026-05-17T03:34:42.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bnbsendusdt.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 20:56:30 GMT","end":"Tue, 30 Jun 2026 20:56:29 GMT"},"fingerprint":{"sha1":"3E:9E:9F:0B:90:AB:CA:31:63:81:F6:F0:D3:A4:36:72:00:C1:13:EA","sha256":"87:86:AD:94:6A:23:A0:00:2D:0F:4D:22:C9:F3:25:53:D0:52:C6:F2:A3:B8:B4:68:9F:E5:10:97:5C:82:DB:E8"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: bnbsendusdt.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bnbsendusdt.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Sun, 17 May 2026 03:34:42 GMT\r\netag: \"f111a479019e7fa090b7b088e3bb9f2a-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KRT006T2YZ8WGSNJ2JS1VE2M\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16465,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"a415aac7ffeb8678f276930aaafa57b3","sha1":"9bd4f4a252125122743053f891491663d9e4c872","sha256":"d4ce296fb2399d842b732cd930898f96004144ef16fbb061eeb56a509fc72b20","sha512":"0e539a4ec64370cc318b8640e2966c88397ed96fb7c8033b8cba4e99c53977a9f504e0e7565ca849c2fe91eb8401add1d10e7d2ad95c56792ad7acd9941c6bbf","ssdeep":"192:kAfP5BgAgAfP5BgAjBAuiDb1LKquuMU7sN1OwSHsfjkEHOlL7D/8PMeDNEWAw6qd:/BgADBgAZFOhLP/K5Nz","tlshash":"11722014960295026f338ffab3d6a60bfb2b40abcf22a17db6c451058ff557059d1e8d","first_seen":"2025-09-21T18:52:40.582545Z","last_seen":"2026-05-17T03:35:54.70478Z","times_seen":62,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}