{"report_id":"38565b57-c9b7-43c9-993b-b935cb81e9fc","version":6,"status":"done","tags":["suspicious"],"date":"2026-03-13T03:29:21Z","url":{"schema":"http","addr":"celoweb.com","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"celoweb.com/","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"title":"Welcome to Celo Extension - Celo Extension","dom":{"size":1982,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"b6b01de101aff57d6355d71968fea274","sha1":"cde6fc6c3a515c06ba5c758d46e09d2a245e53d0","sha256":"3ca49d65eaf7f3d43aa31aa7772a222edac2f1603f7dd5cb9c17e3cf80d38abf","sha512":"c9f8f6a1a8503ffc569cfae7cb97f87870e7a3de31c31a9f2617f62c176a6fbcf9688949e541c04de513f4575e68ab4d34ef8050f88964fa7cf7a00a9f742c24","ssdeep":"","tlshash":"2b41bd2661f515231172969ebea15a3a2fc6e603d3061a4076fe8bdd0fe2e53cd9306c","dom_hash":"domhashfadbc9bf0fe1ebe99c90aabed5f701c3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"celoweb.com","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-17T03:29:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-13","alert":"Detects file containing Telegram Bot API","trigger":"celoweb.com/assets/main-C_Fo7MhY.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"celoweb.com","ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":5,"received_data":44402,"sent_data":2200,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"celoweb.com/assets/main-C_Fo7MhY.js","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"25074d9150089f64be796cf2ab219612","sha1":"040b6d95b363c2eb80c883ff70e5b51425a77e1c","sha256":"09e04674edcacb80fc91dd142adf390ee26f79d739c0b7691725f8077d722c72","sha512":"df5f05548c0efbb1f52cd761d8f8b060b61ca05ca00a56d953f43f485d5fc6f4ae6f955134f570d8fb9c9393984bfb9f891d9af3028ea56086715f142d2e17d7","ssdeep":"192:01ZbGB8uByYcqpAEU+ohojmuk7QQ4pJcHhm6p5pDaTD5p:01ZbGrt4+0Fuk7QH2Y4DaTD5p","tlshash":"0952986131f6293200d781e7a6715f667fb0e503fa0691607cbc4bea5fd6e81c5b3298","size":13522,"data":"","first_seen":"2026-03-13T03:29:26.150236Z","last_seen":"2026-03-13T03:57:12.264757Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-13","alert":"Detects file containing Telegram Bot API","trigger":"celoweb.com/assets/main-C_Fo7MhY.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"celoweb.com/assets/celo-NOU8cM96.png","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://celoweb.com/","date":"2026-03-13T03:29:00.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"celoweb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 18:38:40 GMT","end":"Thu, 21 May 2026 18:38:39 GMT"},"fingerprint":{"sha1":"51:68:FC:03:09:E1:E8:23:E4:F1:24:04:E4:3D:B5:B9:34:2A:35:FF","sha256":"B5:D5:DA:7D:66:67:47:7E:54:E5:57:45:D6:9F:30:4D:61:81:7B:4F:3B:C2:73:90:1D:C1:E5:89:46:5E:1D:B6"}}},"request":{"raw":"GET /assets/celo-NOU8cM96.png HTTP/1.1\r\nHost: celoweb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://celoweb.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-type: image/png\r\ndate: Fri, 13 Mar 2026 03:29:00 GMT\r\netag: \"7bfc86365ff58bd121cb95abda9a91c6-ssl\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01KKJKV1V4VHWHQBFZBHY3SBG7\r\ncontent-length: 11591\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":11591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 89, 8-bit/color RGBA, non-interlaced","md5":"7cfc3433a95acfbb08ae779e4237426e","sha1":"fe53fb5afd5d46b9890ca48bad4c71f883607415","sha256":"80624d1b1c255075b92685ced3592745d42d5342ac7c3769c58c0a98455150e8","sha512":"46c89a91270fbcc80b4a119fab5bb390bf260134019127321235888070fcc114981bc79a601d80154df5bbb48d2ced23330fb64635423f3f8bcb4966025a73b8","ssdeep":"192:nUR5dU/oZ/zsv4WZXQWhHrzPCpRXOfZX1PyJvm7BVBS+qJIp8G0N5ipw78g15uI+:n65dXVxWK2HXKkZX1im7BHiIp/z5g15G","tlshash":"6632c03930bbed76c9b76117154916f071078207aafd58796e0580af062fe80cbfbe25","first_seen":"2025-08-04T13:10:45.786965Z","last_seen":"2026-03-13T03:57:12.269482Z","times_seen":3,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"celoweb.com/assets/main-B6YRGOjj.css","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://celoweb.com/","date":"2026-03-13T03:29:00.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"celoweb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 18:38:40 GMT","end":"Thu, 21 May 2026 18:38:39 GMT"},"fingerprint":{"sha1":"51:68:FC:03:09:E1:E8:23:E4:F1:24:04:E4:3D:B5:B9:34:2A:35:FF","sha256":"B5:D5:DA:7D:66:67:47:7E:54:E5:57:45:D6:9F:30:4D:61:81:7B:4F:3B:C2:73:90:1D:C1:E5:89:46:5E:1D:B6"}}},"request":{"raw":"GET /assets/main-B6YRGOjj.css HTTP/1.1\r\nHost: celoweb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://celoweb.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Fri, 13 Mar 2026 03:29:00 GMT\r\netag: \"b09aea7e5a5ab593def4288484c095fd-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KKJKV1V140ESYSAP36C1DAKK\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":12227,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (12226)","md5":"02f8cb3b3d01b746e3c3f3a650274401","sha1":"d6a966018f9b53f43382848f5eabf19d5ff0004f","sha256":"557b19108067f065956a3086983828c9ba4635dcce4fa4353ba2a4fae75a5c04","sha512":"6c1adb129c0a5b3c77307643dd12f210a6582187485bfd18883ce9185b25875033b408aeac7de5ebd9a7a79ed4460b30d8c9b83013b88513e6bdd9db2c9b2114","ssdeep":"192:/T5fdvofXkK/DIiN7e0QcGj/BbBkZvAtXZ:j2Z/kileTj/pySj","tlshash":"12425713f6182019b05fd4a6b1d2d1ed35248a12d37b87faec97aab1cbc51f21a7274c","first_seen":"2026-03-13T03:29:26.14164Z","last_seen":"2026-03-13T03:57:12.267129Z","times_seen":2,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"celoweb.com/favicon.ico","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://celoweb.com/","date":"2026-03-13T03:29:01.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"celoweb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 18:38:40 GMT","end":"Thu, 21 May 2026 18:38:39 GMT"},"fingerprint":{"sha1":"51:68:FC:03:09:E1:E8:23:E4:F1:24:04:E4:3D:B5:B9:34:2A:35:FF","sha256":"B5:D5:DA:7D:66:67:47:7E:54:E5:57:45:D6:9F:30:4D:61:81:7B:4F:3B:C2:73:90:1D:C1:E5:89:46:5E:1D:B6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: celoweb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://celoweb.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 13 Mar 2026 03:29:01 GMT\r\netag: 1694527259-ssl-df\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KKJKV22YESW456QYH290E2E3\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"0f89e18d0abacb99149c5e59bf69b5e1","sha1":"9e1ebb10be890c5855eec444233c028270d3e65a","sha256":"8514f0009a58c6e0acb5468f88037732b59b70af5e524f452e3bef8fb33effc5","sha512":"5275d80f3f8f1f5e0d1b6b6b0745732a69d669d66dcdab418fc5a2094bffcb81ff1d34252c97c6dffe5470f0d359a3be03cfd3dfe3d729bf186917c8cf21ece0","ssdeep":"","tlshash":"1f61848dc9a7209b5c93643e27eb560a2274a247cd46da4c3fde6348cf492f214d36ac","first_seen":"2024-12-12T10:00:11.490986Z","last_seen":"2026-06-08T12:09:37.751186Z","times_seen":11777,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"celoweb.com/","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-13T03:29:00.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"celoweb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 18:38:40 GMT","end":"Thu, 21 May 2026 18:38:39 GMT"},"fingerprint":{"sha1":"51:68:FC:03:09:E1:E8:23:E4:F1:24:04:E4:3D:B5:B9:34:2A:35:FF","sha256":"B5:D5:DA:7D:66:67:47:7E:54:E5:57:45:D6:9F:30:4D:61:81:7B:4F:3B:C2:73:90:1D:C1:E5:89:46:5E:1D:B6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: celoweb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Fri, 13 Mar 2026 03:29:00 GMT\r\netag: \"ee8217fb73a6fdc094047b886f405316-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KKJKV1HK281G6A7PZQ7ENXKJ\r\ncontent-length: 465\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":1489,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"a62f6cd611d00b206a621902b6a6c22d","sha1":"f08280ce39abc837a62dbb118df3a80012d420a7","sha256":"4da14c8100276ba932f644802f421281bb5bcde15d79288c3c2556ef01c75814","sha512":"f9b0804deea02ebdc806a05cd6a7a01c2c6e37912b8c16fc99bb9320caf975e83e491159dadb6774ede67fab8d8462f94291f60167fd8ebf9509eefe47a88dbc","ssdeep":"","tlshash":"d831ac1264f904261270535dbee0a92a5f87e643d30a5a5072ed4aed5fc3e57ccc746c","first_seen":"2026-03-13T03:29:26.147351Z","last_seen":"2026-03-13T03:57:12.263984Z","times_seen":2,"resource_available":false,"data":null}},"time_used":567,"timings":{"blocked":215,"dns":47,"connect":23,"send":0,"wait":137,"receive":0,"ssl":142},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"celoweb.com/assets/main-C_Fo7MhY.js","fqdn":"celoweb.com","domain":"celoweb.com","tld":"com"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://celoweb.com/","date":"2026-03-13T03:29:00.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"celoweb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 18:38:40 GMT","end":"Thu, 21 May 2026 18:38:39 GMT"},"fingerprint":{"sha1":"51:68:FC:03:09:E1:E8:23:E4:F1:24:04:E4:3D:B5:B9:34:2A:35:FF","sha256":"B5:D5:DA:7D:66:67:47:7E:54:E5:57:45:D6:9F:30:4D:61:81:7B:4F:3B:C2:73:90:1D:C1:E5:89:46:5E:1D:B6"}}},"request":{"raw":"GET /assets/main-C_Fo7MhY.js HTTP/1.1\r\nHost: celoweb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://celoweb.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Fri, 13 Mar 2026 03:29:00 GMT\r\netag: \"0d4a44bcc7d1d590516f3c90dc9365cf-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KKJKV1V1E42839ZN38A0T6M4\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13522,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1738)","md5":"25074d9150089f64be796cf2ab219612","sha1":"040b6d95b363c2eb80c883ff70e5b51425a77e1c","sha256":"09e04674edcacb80fc91dd142adf390ee26f79d739c0b7691725f8077d722c72","sha512":"df5f05548c0efbb1f52cd761d8f8b060b61ca05ca00a56d953f43f485d5fc6f4ae6f955134f570d8fb9c9393984bfb9f891d9af3028ea56086715f142d2e17d7","ssdeep":"192:01ZbGB8uByYcqpAEU+ohojmuk7QQ4pJcHhm6p5pDaTD5p:01ZbGrt4+0Fuk7QH2Y4DaTD5p","tlshash":"0952986131f6293200d781e7a6715f667fb0e503fa0691607cbc4bea5fd6e81c5b3298","first_seen":"2026-03-13T03:29:26.150236Z","last_seen":"2026-03-13T03:57:12.264757Z","times_seen":2,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-13","alert":"Detects file containing Telegram Bot API","trigger":"celoweb.com/assets/main-C_Fo7MhY.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}}]}