{"report_id":"2d925960-8a8b-4f04-bec9-c07fe71d3872","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-10T13:08:40Z","url":{"schema":"http","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"title":"Navy Federal Credit Union - Our Members are the MissionĀ®","dom":{"size":548,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"5f63b8f4e6eddd0d4f2f4a810876b9b4","sha1":"4ae6fbfa8dbc443e26e5d46d1f492251e2723416","sha256":"2685325bdfedd36fc53b7402c7af1fe0717eec03d15424a9f556a889fc1a55c6","sha512":"ee252408899fee963b0fbb5e8b86b39f7550fe5fafe4121439f1c4d9f8aa0cf32b6a28fcb9872814f6ed65b9dc1a2471bb3e7bc6573a87769d516ec59e57ba69","ssdeep":"","tlshash":"55f08b1bc792650ef079a4e56d826350731e4262f4604f75bc552a28e41c8b41976add","dom_hash":"domhashf9f5f858438901de3331405617e2abdb","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-15T13:08:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-10","alert":"Phishing Block","trigger":"cerberrtecrossmein.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"cerberrtecrossmein.wasmer.app","ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":13,"request_count":3,"received_data":11356388,"sent_data":1563,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.3.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"digitalapps.navyfederal.org","ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"1997-03-24","domain_rank":93913,"first_seen":"2020-08-13T16:50:55Z","last_seen":"2026-06-09T12:27:24.912443Z","alert_count":0,"request_count":4,"received_data":3203,"sent_data":3759,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-07T22:40:26.930816Z","alert_count":0,"request_count":1,"received_data":31982,"sent_data":547,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"l2.io","ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"domain_registered":"2012-05-12","domain_rank":151857,"first_seen":"2015-06-25T01:31:26Z","last_seen":"2026-06-06T01:30:41.764882Z","alert_count":0,"request_count":1,"received_data":193,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.65","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"3c1714f864b526baf12b928fc2260139","sha1":"b0b08bf2e5f350b63da9e8daf9d1f0760e94dd37","sha256":"892873687e8645189cf32cf23b31b4408dcb8b9665b51f3971b6afafd6e36fc3","sha512":"231c783265739f2cdb14ccfd4d08878f294ff1ee6aa41e67d7516e3da5bd5e1952c995104a75a9cf5751f5df38ebe55273c09a564a0e35640ca8a61575b769ad","size":1574,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"bc8721c3627557b256269d76be23b020","sha1":"b73b5296e4c1e586c9689d7d4ef1241d751a26f4","sha256":"c54b94781142aef1d4c7d564ab0e8db9e760446a62791bb3941d8e8ab9f6b1ed","sha512":"6a2ed575ad3599764ec20bd41fecbe902fa6bb6e418aa46d8517513894a9001a96f4c07f781eacbe00ff350444fac13e2f53f4f821758ecef46a2a010f279b4a","size":1302,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"30d92f2ad656643363b52d38bef8fd57","sha1":"97fd160b3cef673291ad1b3ee38d3275ea101a92","sha256":"43ac068f744779634b8af3445c5fa7b9aec8a89b684556480d5ebc9a129f85ac","sha512":"62ebdbc2e5c3743d84809af535531a96a8638baf478c3ccad64cd833a6f9ccd3403692ac15398f4c92731cf1f2f4cafc94dd13a1c057bd0bfbc70c5045269c6c","size":2082,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"0d54bf08deaf8ce6145bab5786c2c659","sha1":"08d2eb7e85abe671edbfd06a9adf40c24582bf43","sha256":"7fda66d190923997e0720f74be3849b4b92f4929ef41b13705f7294569d1c2b0","sha512":"63effa6d910f5aa18a60620c50ef133d3e8900c5a88424cfedbf51316815cb2e31fb6a2e14b29fe20758d155608fdd323baf509100f308387d63c5ca3e95972a","size":1041,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"9b06c39643d9d20c3e12d951d3cfd68e","sha1":"282ad7d691ba5ddf58248edfb9f37523bbccb3ca","sha256":"2957d51d704af3d283a31fd0f220c7988d126290de8aaec044e71caa3eb9aedd","sha512":"3f95f0b02d2747d65ca83ad62c37196f68ae4293fbdf808857f43429d63a7ec7ada335ae043f8437669d0232ccd9334254802c9af256b86dbbbcfc5e89c63c07","size":1435,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"f0c004c744b691a4cc5879bbf964bed6","sha1":"1865df52f53b9c97829c474052a125370869dca9","sha256":"fb158ce9c2a43430cb0ba5512685659a9e081bcba162efe7537a630ac86f8bfa","sha512":"2406a145c7b5e1b562e15b591fee2614e7fd730113d8c8fe8e9a5e1c06f47b3f963634165e2d83bbbd38cf41ab59b591fb8751914c841edd5f3c1e2e831c127c","size":1818,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"c672e848941cd5482fea1721c19cf94f","sha1":"91ce2cc7db74fb4ad2b8f92a624b6f7620460fab","sha256":"89e1a142a28a60e357d898af7fcee1354d2aed08b286476e2fc71743dc38ee1d","sha512":"3db85936445c543588969440b871cd76ec31340aec4b987fbb64dca7af7a3e6598ebb4d1174e59e4cd73971ad5a09bbcbdec9f773804eefb71ce2e166d91a688","size":2245,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"md5":"13815b935f90172a53daf8a9f4028763","sha1":"45d7e9cf13f7fa295b4bcf4628122385e68e66d3","sha256":"5acdf06d3d7b835a90ad66a9b9e54c04a1c514fbbaeb727588375013fa012d6b","sha512":"4476ebac026ab602cda901c215fee22859676ff45fd69413cc315012d820723da07b6827e1ce3283a4669a5845cf031d959de449bd432624f18738ae5fe32fef","size":2408,"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","is_revoked":false,"bot":{"token":"8619822641:AAEBP5QWVMt4oDX_uegYfUV2HK6Mjt4o62U","user_id":"8619822641","username":"nfcuredit_bot","first_name":"REDIT","last_name":"","chat":{"chat_id":"1140634155","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd4c19df303d80244aca2c0d547967cc","sha1":"73aaae92e8e2dccbd4b1c8a217cdde9f8e625182","sha256":"b785c7ce9e77906bf7ed8c2bd4512026fd849b3c47bd9bc6c2022052d10ea86f","sha512":"50e7f8eb70a39014d3384d8fc62b4bbd855fd5e835564dede569407cca31fc805be66fd25748ce6d5a96589ca69f1e17aecd98c2acfe2305f839dbe946a81b05","ssdeep":"1536:3lgQ/Jxo1wNz8ikMO3cRwc4ek7HFcOxSEaiI5xddSvbAWOO+e+n6l6l66Hjp65rx:k","tlshash":"76069d7fa203ec3d7a6398fff96c2ed18051de4beccd5683018c845e6bd24aa7518586","size":3784945,"data":"","first_seen":"2026-06-10T13:09:07.579609Z","last_seen":"2026-06-13T14:17:20.945281Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c1714f864b526baf12b928fc2260139","sha1":"b0b08bf2e5f350b63da9e8daf9d1f0760e94dd37","sha256":"892873687e8645189cf32cf23b31b4408dcb8b9665b51f3971b6afafd6e36fc3","sha512":"231c783265739f2cdb14ccfd4d08878f294ff1ee6aa41e67d7516e3da5bd5e1952c995104a75a9cf5751f5df38ebe55273c09a564a0e35640ca8a61575b769ad","ssdeep":"","tlshash":"233110a7d9319c30437744fa4ab493c419b4508ef407d082f5bc8a986eb1f61377595f","size":1574,"data":"","first_seen":"2026-06-10T13:09:07.580871Z","last_seen":"2026-06-13T14:17:20.952603Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bc8721c3627557b256269d76be23b020","sha1":"b73b5296e4c1e586c9689d7d4ef1241d751a26f4","sha256":"c54b94781142aef1d4c7d564ab0e8db9e760446a62791bb3941d8e8ab9f6b1ed","sha512":"6a2ed575ad3599764ec20bd41fecbe902fa6bb6e418aa46d8517513894a9001a96f4c07f781eacbe00ff350444fac13e2f53f4f821758ecef46a2a010f279b4a","ssdeep":"","tlshash":"1221e0e2ca315c7003b354fa4ab497c415b4904bf407d042babc8ad4afa1f613636a5f","size":1302,"data":"","first_seen":"2026-06-10T13:09:07.582172Z","last_seen":"2026-06-13T14:17:20.952034Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"30d92f2ad656643363b52d38bef8fd57","sha1":"97fd160b3cef673291ad1b3ee38d3275ea101a92","sha256":"43ac068f744779634b8af3445c5fa7b9aec8a89b684556480d5ebc9a129f85ac","sha512":"62ebdbc2e5c3743d84809af535531a96a8638baf478c3ccad64cd833a6f9ccd3403692ac15398f4c92731cf1f2f4cafc94dd13a1c057bd0bfbc70c5045269c6c","ssdeep":"","tlshash":"b641c1e2d531dc74033748f65b74638429a4808ef907d082f5bc9a8c79b2f62376594f","size":2082,"data":"","first_seen":"2026-06-10T13:09:07.583282Z","last_seen":"2026-06-13T14:17:20.946737Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"l2.io/ip.js?var=userip","fqdn":"l2.io","domain":"l2.io","tld":"io"},"ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca994d64b7be9a9f915f9d59cae2dd20","sha1":"aa6f8731897ff69250631f958b9b6f06466d00d8","sha256":"fa40120b181878677d7f0ed99dda534f6fbf729b64ade0fce89c692223e9b38e","sha512":"f9725132be4588f0180370760fcd18fcdafa16d309f61c8b5ce60de4a76c8b6f743696593dfc200c7b2b49a994f8fae7faaba8726c574c1ca073dd7877d10498","ssdeep":"","tlshash":"078000e220300b0008c8830280a800a08c82228220c3ae8283cca3320c00aa0a2a0030","size":26,"data":"","first_seen":"2026-06-08T10:20:42.578788Z","last_seen":"2026-06-13T16:09:54.638631Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2d1703accf212e17e129002928ae954","sha1":"5e99f83f6b6aeaca77b0ae8f152f3430ae308a13","sha256":"2384255fdd2cb096d483bc8bc888e78d3af94721e4c190bd99ef70eaeaf84e9d","sha512":"3c8524b16dbf7b932b83dbb31da27c8c3990fe8aeec22d8bd1b761f0de5946c7243a02c826b48ea15982f76461cac8f489ee180d39db567dc6ba41e595606a1f","ssdeep":"","tlshash":"d3700008e80002002800b03000ec00ac0a022022c00082c2a8f0e000208008002080c0","size":21,"data":"","first_seen":"2024-08-20T08:31:22.124842Z","last_seen":"2026-06-13T14:17:20.94973Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"abc9f3c8daca67b9bd76e349311847e0","sha1":"e8013b20c5d693f22eb5d80f51c25405b6b8eee9","sha256":"d5a7a8c7a2191627b04dc2e47bebc3f3690d6e121689ddf3552a323882c3d33f","sha512":"ed35be86ccfae11cd8228f2c142cb0905e35d06d89a349145a37f979c4438496bb9d3101b7879a5792ce8c44bac5e262644df57516d1c674388cbd0f8b782f64","ssdeep":"","tlshash":"11a0223bf3c032320cba02b2a020838c2e003030c80228c3382c80208000fc28e22000","size":78,"data":"","first_seen":"2024-08-20T08:31:22.118331Z","last_seen":"2026-06-13T14:17:20.951227Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d54bf08deaf8ce6145bab5786c2c659","sha1":"08d2eb7e85abe671edbfd06a9adf40c24582bf43","sha256":"7fda66d190923997e0720f74be3849b4b92f4929ef41b13705f7294569d1c2b0","sha512":"63effa6d910f5aa18a60620c50ef133d3e8900c5a88424cfedbf51316815cb2e31fb6a2e14b29fe20758d155608fdd323baf509100f308387d63c5ca3e95972a","ssdeep":"","tlshash":"32112193c6318c7003b354fa8bb4978419b8605ef906d042b9bc8ae02e61f613a7675f","size":1041,"data":"","first_seen":"2026-06-10T13:09:07.585325Z","last_seen":"2026-06-13T14:17:20.94306Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9b06c39643d9d20c3e12d951d3cfd68e","sha1":"282ad7d691ba5ddf58248edfb9f37523bbccb3ca","sha256":"2957d51d704af3d283a31fd0f220c7988d126290de8aaec044e71caa3eb9aedd","sha512":"3f95f0b02d2747d65ca83ad62c37196f68ae4293fbdf808857f43429d63a7ec7ada335ae043f8437669d0232ccd9334254802c9af256b86dbbbcfc5e89c63c07","ssdeep":"","tlshash":"a221fca2d9319c30037744fa4ab4938419b8909af507d082b5bc8a986ea1f613626a5f","size":1435,"data":"","first_seen":"2026-06-10T13:09:07.586231Z","last_seen":"2026-06-13T14:17:20.94917Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0c004c744b691a4cc5879bbf964bed6","sha1":"1865df52f53b9c97829c474052a125370869dca9","sha256":"fb158ce9c2a43430cb0ba5512685659a9e081bcba162efe7537a630ac86f8bfa","sha512":"2406a145c7b5e1b562e15b591fee2614e7fd730113d8c8fe8e9a5e1c06f47b3f963634165e2d83bbbd38cf41ab59b591fb8751914c841edd5f3c1e2e831c127c","ssdeep":"","tlshash":"3d31dea2d9319c70037748f65bb4938419a4808ef507d082f57c9a9c6eb1f62376594f","size":1818,"data":"","first_seen":"2026-06-10T13:09:07.587155Z","last_seen":"2026-06-13T14:17:20.946035Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"284099f44ff724d2a433ce157a6c4cca","sha1":"5814185a0b580e5e9e33d86615e12657c7bd4cc7","sha256":"0007db0a872b866dd9e683acf93a24816b3e4380f799e4495128a08509d05bd1","sha512":"f637ac3eca6507ea2ef9b7dbda7fa314f4c758ad7f475d01c867231c9539b139ad1278c10ffd9d954490e0d9044722f31848bcf1d1190cf99256508d7ab4750f","ssdeep":"768:zkJrcUrcYXpwlwYB1AUZiAKIovSbuS+cT/baeU2JQacQrwtSCNFdiiFjKK8FCdmp:x","tlshash":"dfb6d807868fd93c7a8baeffe35c9e5a11c3ad41fdde440706ec4a9509d658eb02c894","size":11354969,"data":"","first_seen":"2026-06-10T13:09:07.589707Z","last_seen":"2026-06-13T14:17:20.94861Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c4ecbd81b50571f7c4d9a39fb40cba8f","sha1":"c94caf8e5741f97f1164f6bff33cd1ed2fe8414a","sha256":"2694c625b741d3192495cffb1dc8b87ec1faab67a693ea999453663f8b84baef","sha512":"37ff6a3a51dc4e49b82f57cdf5e61666b2a56e031dd75762aa875a678f5019a7fec0b72e22175f56fa8a2813cb88a5fb650fe9ae2c14c5a6d1c1a0b86c6ed455","ssdeep":"768:wWUfJLZhIennK95x3nRoko+DjGNNBTnlPz2eYCqHmY6xIGv052bCSYu9E+uLqj++:wLH","tlshash":"c764b23cf323c44d99b35abbfcbc1a14a144aec7e9dda6c80c5d42462fe0d6a35186e5","size":329635,"data":"","first_seen":"2026-06-10T13:09:07.590951Z","last_seen":"2026-06-13T14:17:20.942364Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c672e848941cd5482fea1721c19cf94f","sha1":"91ce2cc7db74fb4ad2b8f92a624b6f7620460fab","sha256":"89e1a142a28a60e357d898af7fcee1354d2aed08b286476e2fc71743dc38ee1d","sha512":"3db85936445c543588969440b871cd76ec31340aec4b987fbb64dca7af7a3e6598ebb4d1174e59e4cd73971ad5a09bbcbdec9f773804eefb71ce2e166d91a688","ssdeep":"","tlshash":"1641a2a3d531dc74033748f65bb463841964818ef907d082f57c9a8c79b6f523b6594f","size":2245,"data":"","first_seen":"2026-06-10T13:09:07.592261Z","last_seen":"2026-06-13T14:17:20.941436Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"13815b935f90172a53daf8a9f4028763","sha1":"45d7e9cf13f7fa295b4bcf4628122385e68e66d3","sha256":"5acdf06d3d7b835a90ad66a9b9e54c04a1c514fbbaeb727588375013fa012d6b","sha512":"4476ebac026ab602cda901c215fee22859676ff45fd69413cc315012d820723da07b6827e1ce3283a4669a5845cf031d959de449bd432624f18738ae5fe32fef","ssdeep":"","tlshash":"ac41c0a3d931acb0033749f66b74628019a4818ee907d082f57c9a8c79b6f523b64a4f","size":2408,"data":"","first_seen":"2026-06-10T13:09:07.593198Z","last_seen":"2026-06-13T14:17:20.944367Z","times_seen":5,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-10","alert":"Detects file containing Telegram Bot API","trigger":"cerberrtecrossmein.wasmer.app/checkout","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"50871f31a170ac1ab425c9220735f560","sha1":"9006fe1d78ce0299482a86c81c18d1de41665a84","sha256":"6d0258453e000bd03cc32e457ff6d082c7f51754561504a4ccc6e7910fcd7ae3","sha512":"560f6f305b9c8d3f176a79d3145187d14c3f75928841afed1ddeebb068557747770b316e5d4eec1755ce44deb6f687b16c252ff0437ff810f9b145af5e216d26","ssdeep":"","tlshash":"81f05e9bf39a112012afa17a08b5cb8a3034800bcd0019497e2c04b06b36ea1aa5a784","size":656,"data":"","first_seen":"2026-06-09T12:38:09.458249Z","last_seen":"2026-06-13T14:17:20.943779Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/checkout","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T13:08:03.248Z","timestamp":1781096883248,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Apr 2026 15:04:39 GMT","end":"Wed, 15 Jul 2026 15:04:38 GMT"},"fingerprint":{"sha1":"FC:2E:CC:CF:17:11:62:09:49:F9:2C:CD:FA:5C:6A:56:31:D5:D6:9E","sha256":"20:90:3A:BF:BF:97:9E:DC:D3:28:D1:0E:2B:A6:C1:60:AD:76:68:57:DD:5D:26:A7:1E:58:71:E8:A8:5F:61:43"}}},"request":{"raw":"GET /checkout HTTP/1.1\r\nHost: cerberrtecrossmein.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 10 Jun 2026 13:08:03 GMT\r\nx-edge-region: us-hillsboro\r\nx-powered-by: PHP/8.3.21\r\ncontent-type: text/html; charset=UTF-8\r\nx-edge-app-version-id: dav_2OPIqtEuV968\r\nx-wasmer-request-id: 2dce5b8c-0eac-4fbe-b8b2-ab63cc5d48ac\r\nx-edge-rty: w\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"PHP:8.3.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":11354989,"size_decoded":11355271,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65527)","md5":"37a56357be9f45a3239e581b21e491eb","sha1":"afd368d3f40a51a6c1f85484a2061db624fed47a","sha256":"e82bf0b41d35e86675c52ade5d486be5ad88b277e1ac76cfb5b0fe9229b7aefc","sha512":"7f5a078725594cd324f4d05b2fedc64ec2ce0254247dccb55bb13423108a88afad6aebda4bd336c1c003cd844e2773beb17bd9c9c80e4d4fe149e62bbc3c631c","ssdeep":"768:YkJrcUrcYXpwlwYB1AUZiAKIovSbuS+cT/baeU2JQacQrwtSCNFdiiFjKK8FCdmk:5","tlshash":"14258707558fd93c7fdba9bfe35c6e2b2243fd01fc8e480b4a9c069619d658ab434894","first_seen":"2026-05-29T12:39:01.50338Z","last_seen":"2026-06-13T14:17:20.936623Z","times_seen":18,"resource_available":true,"data":null}},"time_used":695,"timings":{"blocked":0,"dns":30,"connect":164,"send":0,"wait":166,"receive":0,"ssl":334},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-10","alert":"Phishing Block","trigger":"cerberrtecrossmein.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/static/media/bubbles.9f2a1919448e1d79ac6b.svg","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.350Z","timestamp":1781096886350,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"digitalapps.navyfederal.org","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 May 2026 00:00:00 GMT","end":"Sun, 29 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"27:BE:E4:91:4D:E9:18:1E:57:1D:DC:46:05:BE:25:6B:37:B6:18:FC","sha256":"57:78:C2:89:73:4C:23:52:DB:27:90:88:63:E7:5C:40:E0:27:C2:56:51:43:BF:D8:6A:C4:86:97:8A:B2:BC:65"}}},"request":{"raw":"GET /signin/static/media/bubbles.9f2a1919448e1d79ac6b.svg HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 81\r\nx-edgeconnect-origin-mex-latency: 11\r\ncache-control: max-age=86400\r\nexpires: Thu, 11 Jun 2026 13:08:06 GMT\r\ndate: Wed, 10 Jun 2026 13:08:06 GMT\r\nset-cookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/; SameSite=None; Secure\nApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/\nakaalb_Digital_ALB=~op=~rv=80~m=~os=~id=add95cbabe48c0c023b058f1661be7fe; path=/; Secure; SameSite=None\nak_bmsc=2BDD203758343ABC56F47BA79471B573~000000000000000000000000000000~YAAQJ08kF64hmXaeAQAAz7ClsQAUEyakTwIIbK8eTy4T1WLFKi9JzxHtQn1aqamMCNBd6NlaWlEvGy+eIfK10+OA8uuYkSOnh3eO+ieff05WSdo5FARAVAvlAQUhhl0TteMWO5MIit0HrErARFHBh7ergk7oZFhLQocbHmGYx2hrTNgJByAmONeu6KR4DeoC9KNe+gJpA+lEKLIUqgbKbg38LQAofUHABPbQ5R4/f6vBN668Vzuz8q0dobKoNvUPqs6N3BN638v7utCVXXstfkoeocDZccDKmgYnh4vAsDTl+5yBNgd0XkVHOqWPYujK2CpqtvF2K4mAIMDQITRGdmH8N6DjQbiS1LDNijEpJXTM8x7Cd9T7Wf1/cFivUEOPBjhxJwjNGMKrPEskrqe5voQ=; Domain=.navyfederal.org; Path=/; Expires=Wed, 10 Jun 2026 15:08:06 GMT; Max-Age=7200; SameSite=None; Secure; HttpOnly\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T22:33:33.544268Z","times_seen":16396986,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/apple-touch-icon.png","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.488Z","timestamp":1781096886488,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"digitalapps.navyfederal.org","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 May 2026 00:00:00 GMT","end":"Sun, 29 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"27:BE:E4:91:4D:E9:18:1E:57:1D:DC:46:05:BE:25:6B:37:B6:18:FC","sha256":"57:78:C2:89:73:4C:23:52:DB:27:90:88:63:E7:5C:40:E0:27:C2:56:51:43:BF:D8:6A:C4:86:97:8A:B2:BC:65"}}},"request":{"raw":"GET /signin/apple-touch-icon.png HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/\r\nCookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; ApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; akaalb_Digital_ALB=~op=~rv=80~m=~os=~id=add95cbabe48c0c023b058f1661be7fe; ak_bmsc=2BDD203758343ABC56F47BA79471B573~000000000000000000000000000000~YAAQJ08kF64hmXaeAQAAz7ClsQAUEyakTwIIbK8eTy4T1WLFKi9JzxHtQn1aqamMCNBd6NlaWlEvGy+eIfK10+OA8uuYkSOnh3eO+ieff05WSdo5FARAVAvlAQUhhl0TteMWO5MIit0HrErARFHBh7ergk7oZFhLQocbHmGYx2hrTNgJByAmONeu6KR4DeoC9KNe+gJpA+lEKLIUqgbKbg38LQAofUHABPbQ5R4/f6vBN668Vzuz8q0dobKoNvUPqs6N3BN638v7utCVXXstfkoeocDZccDKmgYnh4vAsDTl+5yBNgd0XkVHOqWPYujK2CpqtvF2K4mAIMDQITRGdmH8N6DjQbiS1LDNijEpJXTM8x7Cd9T7Wf1/cFivUEOPBjhxJwjNGMKrPEskrqe5voQ=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 81\r\nx-edgeconnect-origin-mex-latency: 12\r\ncache-control: max-age=86400\r\nexpires: Thu, 11 Jun 2026 13:08:06 GMT\r\ndate: Wed, 10 Jun 2026 13:08:06 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T22:33:33.544268Z","times_seen":16396986,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.248Z","timestamp":1781096886248,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Wed, 10 Jun 2026 13:08:06 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Mon, 04 May 2020 16:10:07 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 459883\r\nexpires: Mon, 31 May 2027 13:08:06 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1YLKxFitjFAJr8MOwyfg4qZejiZmwHXul%2FdKDxN27%2BzTvwwOI2ldwrzIe5%2FqjLWur%2BD9%2FT%2FKV03r2OTrsrM28riVQIVo1SWH3O2r3DFGVzGUNXop1Z4MPJGtJtg%2Ba6Q7zkzxotci\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a0989a533abe783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":6613,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-06-13T22:30:06.114695Z","times_seen":285729,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":3,"connect":19,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/.11ty/reload-client.js","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.265Z","timestamp":1781096886265,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Apr 2026 15:04:39 GMT","end":"Wed, 15 Jul 2026 15:04:38 GMT"},"fingerprint":{"sha1":"FC:2E:CC:CF:17:11:62:09:49:F9:2C:CD:FA:5C:6A:56:31:D5:D6:9E","sha256":"20:90:3A:BF:BF:97:9E:DC:D3:28:D1:0E:2B:A6:C1:60:AD:76:68:57:DD:5D:26:A7:1E:58:71:E8:A8:5F:61:43"}}},"request":{"raw":"GET /.11ty/reload-client.js HTTP/1.1\r\nHost: cerberrtecrossmein.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/checkout\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Wed, 10 Jun 2026 13:08:06 GMT\r\nx-edge-app-version-id: dav_2OPIqtEuV968\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 555\r\nx-wasmer-request-id: 021ac36e-439b-423c-842b-e30628f64398\r\nx-edge-rty: w\r\nx-edge-region: us-hillsboro\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T22:33:33.544268Z","times_seen":16396986,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-10","alert":"Phishing Block","trigger":"cerberrtecrossmein.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cerberrtecrossmein.wasmer.app/navy_files/saved_resource.html","fqdn":"cerberrtecrossmein.wasmer.app","domain":"cerberrtecrossmein.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"5.78.28.161","port":443,"asn":212317,"as":"Hetzner Online GmbH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.268Z","timestamp":1781096886268,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Apr 2026 15:04:39 GMT","end":"Wed, 15 Jul 2026 15:04:38 GMT"},"fingerprint":{"sha1":"FC:2E:CC:CF:17:11:62:09:49:F9:2C:CD:FA:5C:6A:56:31:D5:D6:9E","sha256":"20:90:3A:BF:BF:97:9E:DC:D3:28:D1:0E:2B:A6:C1:60:AD:76:68:57:DD:5D:26:A7:1E:58:71:E8:A8:5F:61:43"}}},"request":{"raw":"GET /navy_files/saved_resource.html HTTP/1.1\r\nHost: cerberrtecrossmein.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/checkout\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Wed, 10 Jun 2026 13:08:06 GMT\r\nx-edge-app-version-id: dav_2OPIqtEuV968\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 563\r\nx-wasmer-request-id: 913d6b0b-65b8-4604-aa54-2362f576eb6f\r\nx-edge-rty: w\r\nx-edge-region: us-hillsboro\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":563,"size_decoded":840,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"6fb93d93e03f47ab0462de916115ea4c","sha1":"455c85d6a73fc28069a6b57eb89c7b1118b6170c","sha256":"424f19fb6203f21d253ea011890be5fd70e4193d88f26cc6aa65bd6f323d1512","sha512":"d1f48099c8e60d649785f30d9d9faf448b5196bdaef6fb7291e573278393758c111010349c666da96bc2547658160973ac2746139939e84ecd98505d01494acf","ssdeep":"","tlshash":"d9f0eb1bc3a2210ef079a4e42dc36350731e0262f4204f38bc562e38e05c8b4287bbcd","first_seen":"2026-04-03T00:11:13.691079Z","last_seen":"2026-06-13T13:28:30.364108Z","times_seen":135,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"cerberrtecrossmein.wasmer.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-10","alert":"Phishing Block","trigger":"cerberrtecrossmein.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l2.io/ip.js?var=userip","fqdn":"l2.io","domain":"l2.io","tld":"io"},"ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.274Z","timestamp":1781096886274,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"l2.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 00:03:54 GMT","end":"Mon, 27 Jul 2026 00:03:53 GMT"},"fingerprint":{"sha1":"79:59:65:9E:27:4B:8B:53:9B:B8:E6:B4:4B:DF:72:42:BF:8A:B0:59","sha256":"D3:F4:3B:BA:3B:31:D1:14:80:2D:B3:C7:53:C1:69:11:3D:6F:CD:9A:12:3B:FF:F8:BF:D2:0F:47:41:A0:60:CA"}}},"request":{"raw":"GET /ip.js?var=userip HTTP/1.1\r\nHost: l2.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 10 Jun 2026 13:08:06 GMT\r\nServer: Apache/2.4.65 (Debian)\r\nContent-Length: 26\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.65","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":26,"size_decoded":193,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"ca994d64b7be9a9f915f9d59cae2dd20","sha1":"aa6f8731897ff69250631f958b9b6f06466d00d8","sha256":"fa40120b181878677d7f0ed99dda534f6fbf729b64ade0fce89c692223e9b38e","sha512":"f9725132be4588f0180370760fcd18fcdafa16d309f61c8b5ce60de4a76c8b6f743696593dfc200c7b2b49a994f8fae7faaba8726c574c1ca073dd7877d10498","ssdeep":"","tlshash":"078000e220300b0008c8830280a800a08c82228220c3ae8283cca3320c00aa0a2a0030","first_seen":"2026-06-08T10:20:42.578788Z","last_seen":"2026-06-13T16:09:54.638631Z","times_seen":22,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":38,"connect":32,"send":0,"wait":26,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.280Z","timestamp":1781096886280,"http_version":"HTTP/2","security_state":"","security_info":null,"request":{"raw":"GET /signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 82\r\nx-edgeconnect-origin-mex-latency: 11\r\ncache-control: max-age=86400\r\nexpires: Thu, 11 Jun 2026 13:08:06 GMT\r\ndate: Wed, 10 Jun 2026 13:08:06 GMT\r\nset-cookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/; SameSite=None; Secure\nApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/\nakaalb_Digital_ALB=~op=~rv=3~m=~os=~id=0418e2fa318878058ff51a5e8f11b854; path=/; Secure; SameSite=None\nak_bmsc=105FDF781AB669823548F07E2A8A73AD~000000000000000000000000000000~YAAQJ08kF6YhmXaeAQAAqLClsQDK3SgM9AuLCzoJOrPfP7cmEB9Wx02Ikg83ZzY5ItXy/QaolF5NGtPTrx2WMlORRtml2GBcZ6FQgMNoNnZrBr2rOh5QXBUFkE5ZHPQn+qecP58dYIfwuuGClMisYzAKNrNjGvrtul8BY2A0H5YpiNqn0bv59322e7RgD/ke91jOWmkTy3TgsjobeHjVyfe70oxUM7jW/lnK1Ebxvm5S6AgrpxRWvulC5nYYIp7/XS2q6rY9JnSk/y8QuKxVjZF9KvTxAuR3fEvLbYWd1gj5eohopYQowE5VVOgwwxT1C+EAuV6YRiICTHg4vCvrCOKJ/8wupcMpMZAaNtDokIY3FG3NlJMW9VSc5NZoYgMAaqNOPpG0p/8OoThOfMQj05Y=; Domain=.navyfederal.org; Path=/; Expires=Wed, 10 Jun 2026 15:08:06 GMT; Max-Age=7200; SameSite=None; Secure; HttpOnly\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T22:33:33.544268Z","times_seen":16396986,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/favicon-16x16.png","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cerberrtecrossmein.wasmer.app/checkout","date":"2026-06-10T13:08:06.490Z","timestamp":1781096886490,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"digitalapps.navyfederal.org","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 May 2026 00:00:00 GMT","end":"Sun, 29 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"27:BE:E4:91:4D:E9:18:1E:57:1D:DC:46:05:BE:25:6B:37:B6:18:FC","sha256":"57:78:C2:89:73:4C:23:52:DB:27:90:88:63:E7:5C:40:E0:27:C2:56:51:43:BF:D8:6A:C4:86:97:8A:B2:BC:65"}}},"request":{"raw":"GET /signin/favicon-16x16.png HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cerberrtecrossmein.wasmer.app/\r\nCookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; ApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; akaalb_Digital_ALB=~op=~rv=80~m=~os=~id=add95cbabe48c0c023b058f1661be7fe; ak_bmsc=2BDD203758343ABC56F47BA79471B573~000000000000000000000000000000~YAAQJ08kF64hmXaeAQAAz7ClsQAUEyakTwIIbK8eTy4T1WLFKi9JzxHtQn1aqamMCNBd6NlaWlEvGy+eIfK10+OA8uuYkSOnh3eO+ieff05WSdo5FARAVAvlAQUhhl0TteMWO5MIit0HrErARFHBh7ergk7oZFhLQocbHmGYx2hrTNgJByAmONeu6KR4DeoC9KNe+gJpA+lEKLIUqgbKbg38LQAofUHABPbQ5R4/f6vBN668Vzuz8q0dobKoNvUPqs6N3BN638v7utCVXXstfkoeocDZccDKmgYnh4vAsDTl+5yBNgd0XkVHOqWPYujK2CpqtvF2K4mAIMDQITRGdmH8N6DjQbiS1LDNijEpJXTM8x7Cd9T7Wf1/cFivUEOPBjhxJwjNGMKrPEskrqe5voQ=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 81\r\nx-edgeconnect-origin-mex-latency: 12\r\ncache-control: max-age=86400\r\nexpires: Thu, 11 Jun 2026 13:08:06 GMT\r\ndate: Wed, 10 Jun 2026 13:08:06 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T22:33:33.544268Z","times_seen":16396986,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}