{"report_id":"eebf64bd-917b-4227-92a9-a2be332eb5a5","version":6,"status":"done","tags":["phishing","suspicious","telegram_bot"],"date":"2026-06-03T12:19:28Z","url":{"schema":"http","addr":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","domain":"edgeone.dev","tld":"dev"},"ip":{"addr":"43.174.247.29","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","domain":"edgeone.dev","tld":"dev"},"title":"Mail","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","domain":"edgeone.dev","tld":"dev"},"ip":{"addr":"43.174.247.29","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-08T12:19:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2025-06-09","domain_rank":0,"first_seen":"2026-06-03T12:19:28.181059Z","last_seen":"2026-06-03T12:19:28.181059Z","alert_count":11,"request_count":2,"received_data":11299,"sent_data":1053,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","domain":"edgeone.dev","tld":"dev"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"md5":"a1eb5a1dcb213599ea9ce16599c9a8e3","sha1":"0396f423d2731c2c53bc3a68ce729aa67e3e1654","sha256":"a40c3e781c00ca59822e9efcec6ec8c09b9d84894f671661132529f29312e30e","sha512":"031a5b84883b6ff68986d3a221339f8c1e9702ed09b3f910ec4b5374c0561c011db0ccca6520b24806f79417df26f9c26fa5a37d10fb1d42660fd1bc14acc6d9","size":3042,"token":"8505580794:AAHGacsgtcs6jpCPGGUTimYsqmNq7g-xf9s","is_revoked":false,"bot":{"token":"8505580794:AAHGacsgtcs6jpCPGGUTimYsqmNq7g-xf9s","user_id":"8505580794","username":"HotMail2026Logs_bot","first_name":"HotMail2026Logs","last_name":"","chat":{"chat_id":"7356497365","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","domain":"edgeone.dev","tld":"dev"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"a1eb5a1dcb213599ea9ce16599c9a8e3","sha1":"0396f423d2731c2c53bc3a68ce729aa67e3e1654","sha256":"a40c3e781c00ca59822e9efcec6ec8c09b9d84894f671661132529f29312e30e","sha512":"031a5b84883b6ff68986d3a221339f8c1e9702ed09b3f910ec4b5374c0561c011db0ccca6520b24806f79417df26f9c26fa5a37d10fb1d42660fd1bc14acc6d9","ssdeep":"","tlshash":"ec510f9b211718e007b7e2ed324ba314316191273d85d460be1ca66e4f66da6f8b73ce","size":3042,"data":"","first_seen":"2026-05-28T12:17:07.424479Z","last_seen":"2026-06-06T02:36:46.629721Z","times_seen":4,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","domain":"edgeone.dev","tld":"dev"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-03T12:19:06.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.edgeone.dev","organization":"Tencent Technology (Shenzhen) Company Limited"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 20 Nov 2025 00:00:00 GMT","end":"Thu, 19 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"92:CA:B6:6A:0A:FF:05:33:79:85:57:92:0C:82:B6:ED:89:51:FA:DA","sha256":"58:DE:5B:23:BF:52:57:E4:1D:9C:E5:9C:98:94:BD:03:41:42:D5:6E:F1:20:A6:40:F4:70:0C:F8:4C:F0:61:9B"}}},"request":{"raw":"GET /english.html HTTP/1.1\r\nHost: gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 02 Jun 2026 11:21:23 GMT\r\nEtag: \"2fc753caa4bc776a0e2b8f5ba119c420\"\r\nContent-Type: text/html\r\nCache-Control: public,max-age=0,must-revalidate\r\nAge: 89720\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nEO-LOG-UUID: 6726146165645632008\r\nEO-Cache-Status: Cache Hit\r\nContent-Encoding: br\r\nX-NWS-LOG-UUID: 6726146165645632008\r\nServer: edgeone-pages\r\nDate: Wed, 03 Jun 2026 12:19:08 GMT\r\nContent-Length: 2085\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"2fc753caa4bc776a0e2b8f5ba119c420","sha1":"26313f1622e55c184c967ef4b6d06e76bbef03a1","sha256":"5b256933c84a991468baa4de309454f265d0e395d827853511d5c157c2b21929","sha512":"565bd4bb9d54b9700bed42428f1300c9ba3ac63dc07aa10b4693603936da52086d8d8600feed82ebf4c05c99cb14ee810b64ff76aae4b93faf487b985b92b028","ssdeep":"96:HJFZ9TuoFt19ayFt9q/FX+O8i6inuigsYUQm7ATYanIihHcZihhSUC:H19dFb9amg1+1i6inuiaU9YnIiRwirSh","tlshash":"4bd1735a51060840a6b3e3fc3ba36319f65180536b418034bfaca79a4f7ad55e9b3bcc","first_seen":"2026-06-03T12:19:30.364436Z","last_seen":"2026-06-06T02:36:46.627784Z","times_seen":3,"resource_available":true,"data":null}},"time_used":4283,"timings":{"blocked":2116,"dns":1289,"connect":19,"send":0,"wait":49,"receive":0,"ssl":808},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/favicon.ico","fqdn":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","domain":"edgeone.dev","tld":"dev"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html","date":"2026-06-03T12:19:08.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.edgeone.dev","organization":"Tencent Technology (Shenzhen) Company Limited"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 20 Nov 2025 00:00:00 GMT","end":"Thu, 19 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"92:CA:B6:6A:0A:FF:05:33:79:85:57:92:0C:82:B6:ED:89:51:FA:DA","sha256":"58:DE:5B:23:BF:52:57:E4:1D:9C:E5:9C:98:94:BD:03:41:42:D5:6E:F1:20:A6:40:F4:70:0C:F8:4C:F0:61:9B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev/english.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: \"0445e4fdf1e737913bb718eca592a661\"\r\nLast-Modified: Tue, 23 Sep 2025 09:32:20 GMT\r\nAge: 0\r\nConnection: keep-alive\r\nEO-LOG-UUID: 7078487578846116513\r\nEO-Cache-Status: Cache Miss\r\ncache-control: public,max-age=0,must-revalidate\r\nContent-Encoding: br\r\nX-NWS-LOG-UUID: 7078487578846116513\r\nServer: edgeone-pages\r\nDate: Wed, 03 Jun 2026 12:19:08 GMT\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":3881,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"0445e4fdf1e737913bb718eca592a661","sha1":"70a8b556ef2096f20d7c74de6ca227210e18f9bf","sha256":"00d28cc4359700e1336124d1506eacdd693eb2b196c94bbd4de4d86ed0becd9f","sha512":"994b978139358beb7e1aebc2f62fe3844a4b2e938e57082ddbf35dd78fa2fd5e55d00219682bf4fad419cf0237aafe4d66864d4bfd4581e59656fb3f5bb13b4a","ssdeep":"","tlshash":"ca81ac5765f311126953d4ac2f765b0a76e5c003c28acd2a3eed6358cf8ad829d9334c","first_seen":"2025-09-23T20:37:57.881229Z","last_seen":"2026-06-17T17:30:08.68855Z","times_seen":2320,"resource_available":true,"data":null}},"time_used":570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":569,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"gdghhfhdnhhfdgnnxcbnddddvn-dpl0cm801n86.edgeone.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}