{"report_id":"58a96763-46ab-43b0-81db-89dda3333676","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-07-03T00:23:46Z","url":{"schema":"http","addr":"kvw-bgdxc.wasmer.app","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"title":"Navy Federal Credit Union - Our Members are the Mission®","dom":{"size":5126321,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"e569bb45645d75d5248e0900110d5127","sha1":"db45715405bdf10b0cb1360eedc37af269d46dc0","sha256":"614c6577f9b4ae93ba3b032f169b3c3c2a2033cf4becc152b02231877d7bd976","sha512":"d30000c953d4fe6530127be0260880a8d82825bc1432a38071ff04edceb3168c195ccae916d1ff58c2c874baa2f8a703ec9e199b2a007d7d42a9eea1d453fe04","ssdeep":"12288:D0SZthg6wLMLHej3ez2b27iPQ23CtDoW8jqCyYdTUD4W8jb8iK:HZng7w+j8OR/jqHil/jQiK","tlshash":"4336443fa203ec3d7a2398fff9ac2ed14451de4beccd9683055c845d2bd28aa7518586","dom_hash":"domhashdf68f7b9fb4ee95955b99f5855dd19c3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kvw-bgdxc.wasmer.app","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-07T00:23:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"kvw-bgdxc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-03","alert":"Phishing Block","trigger":"kvw-bgdxc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"l2.io","ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"domain_registered":"2012-05-12","domain_rank":151857,"first_seen":"2015-06-25T01:31:26Z","last_seen":"2026-06-29T00:57:17.180496Z","alert_count":0,"request_count":1,"received_data":193,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.65","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"digitalapps.navyfederal.org","ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"1997-03-24","domain_rank":93913,"first_seen":"2020-08-13T16:50:55Z","last_seen":"2026-07-03T00:20:41.285296Z","alert_count":0,"request_count":4,"received_data":3204,"sent_data":3723,"comment":"","tags":null,"fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-28T22:41:44.776353Z","alert_count":0,"request_count":1,"received_data":31979,"sent_data":538,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"kvw-bgdxc.wasmer.app","ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2018-10-16","domain_rank":0,"first_seen":"2026-07-03T00:23:48.411264Z","last_seen":"2026-07-03T00:23:48.411264Z","alert_count":7,"request_count":3,"received_data":3783043,"sent_data":1494,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.3.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"35709b97595af24324d7c0910ea273db","sha1":"b2e06d5c3059104eab5a44fb36427d09aac74b6b","sha256":"327a4b786abd1dc1a7d637bf4c96bc5702692e8cf08ffb678f27ebf335279d70","sha512":"9297ff2a94bee30885f7c99a43ff382aa977e8802072f64147f80d1141955f9614177bae8b5c00fc6d8e366c90567fe4ff4ad84dee4ca0a4c7234d1eed16c0c8","size":2243,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"b299dec3e2eb452df46f47b136a1a8df","sha1":"f21952a05a29f6003b6461fb59bf81f522c698fc","sha256":"e2ab85908a4fcffda64ebcefab8b44aa7905345f60ac5d737604e833bd33475d","sha512":"de383cbf11dfbb414de50a0a1697d5613777547a03203bd5c544415d03af1a3b45e9fef37fdcb7ea6de545f6e1008f8c17f15eb9380a67334943578775032a9f","size":1039,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"974fedb1151f165d4ed2f9516cf3f0e7","sha1":"5e815e6b5c5792b2ef54c288ca4f1fe125a44f69","sha256":"959b1cbff5046e5a8bbcdf72392ad1b082d3637b29638a8e040b6b4702145087","sha512":"5729b0ba5f59660d4e9d05b308f5eb5085f48b66e10d19ef86158a8fbe590cc50b89b378bf26027eb5c51496d18bd65c748d6ed362683e0fb64e35c24fc2d88d","size":1300,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"ca939d7d935249fbc30a2ba0a1c952c5","sha1":"771594eec547d8e7e0071c7a83e964fa4d02095c","sha256":"c14aed31659014ccebea6211101c62943763816bfafa9abcf5ebabc646ee5088","sha512":"5fb7260faf8ff0dbcc7edd7c805019138a35087899376bfb266a35226c311f56cf63bdf25b87e1171b5d8b0b2fe9a9b1a3178e412b0b791ef9def72819211591","size":2406,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"59389381ecc4f9540d557443409f4017","sha1":"d4cde16bd6686b3d0f955803cfb1d185f91cb66c","sha256":"417141921ed8515d84ee26aef1b2e8f71a7bf178a4ee1a0bdc56f689de43840f","sha512":"627a485ef21417d8859b90b915ee5217cca91c081c0a6da835fe9844a75744cdf1c4adfcea026883a3972c5f42b8777b795d056632cb1e57ea9f4692e33dc364","size":1433,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"a1b596498701c7e3c338b64028a911bd","sha1":"8a3037f8f4dbb615b63349aae8d98b7215c456ce","sha256":"a67498faba09ba54dd641c2d0b46d39e05269c57f0f2c17477aa8f17b77e448e","sha512":"e8076f990a330ff6612d0e223765431a3d6a86a4c7feee1c0e4e565fabd46dd6e0f72f5c20e59ec6960473b63a1d49334c629c1ac640b2092569d5a781cf0625","size":1572,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"bdae24c44bb83d056804183981894982","sha1":"a022bab64bc2e4ee2e0fa7a8eb65d0591ca18c98","sha256":"9948886bcf7397f9dcd3d8435248ce7ec3974d3a15878ed39387614e53cf8e09","sha512":"bea517e7d9b64808dd64d1867c99d18101ed66026a6123d630629195ca59c150bdb2d18227dbd9e6ac3e2a46129ca167eda88e63943a6d0c04189e3c0824dcfa","size":1816,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"3ae6f201d9ccaaa9edb15ea0dcb2f998","sha1":"b39d829f80d1ba191be4d3ca66779d9014e02e70","sha256":"273398b91f118dbba741d696b9b7f818f65831f6908bef7707f820cd9a871e97","sha512":"5bf2209035d75bb7e9dd70d58e4f9e44f3c4754e4eee7d0fb420680626afaf05e80ed54aa6612499471a0440000cf6e13237312ed7cb3b950c94af1697b08dfd","size":2080,"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","is_revoked":false,"bot":{"token":"8627951712:AAG2TKwyuC2weD4XQLXZcb1SgU1pqdFZ_jU","user_id":"8627951712","username":"FIFA2031_bot","first_name":"FIFA26","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"35709b97595af24324d7c0910ea273db","sha1":"b2e06d5c3059104eab5a44fb36427d09aac74b6b","sha256":"327a4b786abd1dc1a7d637bf4c96bc5702692e8cf08ffb678f27ebf335279d70","sha512":"9297ff2a94bee30885f7c99a43ff382aa977e8802072f64147f80d1141955f9614177bae8b5c00fc6d8e366c90567fe4ff4ad84dee4ca0a4c7234d1eed16c0c8","ssdeep":"","tlshash":"1141a2a2d931dc70433649f62b74a2c01564808ff907d082f57c9a8c79b6f52376594f","size":2243,"data":"","first_seen":"2026-07-03T00:21:12.000925Z","last_seen":"2026-07-03T00:24:04.291424Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ef6adc94ff2c4aaeeafab5f0af4ca93","sha1":"6101fdeb92e85296f878f40d28730658379fc29f","sha256":"38c4e9aa8bfe664bd5516518616c11f7a02d030d879aa3ba33e2ac983b87260d","sha512":"bd955326ec2587e5c198f134859578f8ba66399d465ddc5a020cc768e2acbaa7cae16d83fc73a8cee5a4cd102181ea4d8346d3732ec40005f45e1e04e1dc64ae","ssdeep":"1536:/lgQ/Jxo1wNz8ikMO3cRwc4ek7HFcOxSEaiI5xddSvbAWOO+e+n6l6l66Hjp65re:X","tlshash":"25069d7fa203ec3d7a6398fff96c2ed18051de4beccd5683018c845e6bd24aa7518586","size":3781600,"data":"","first_seen":"2026-07-03T00:21:11.994723Z","last_seen":"2026-07-03T00:24:04.293569Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"4808dba29c91d7fb50ad3c74f208970b","sha1":"fe2a2395fc9367b980aeb71e077fcb19d9171756","sha256":"122447db490f641aa53c32c2c8b5f1044815783f2d230f0e82fad0960b3d8275","sha512":"436076ba62140ce72899c4302abf83f47b328a651f1ca92c90933859337d4a0d4e3b5f398e5512ca9a7e7b9b8c5ea6afe78f0014b50889ad919702bd1385c34a","ssdeep":"","tlshash":"2c700008a80002002800b02000ec00ac0a022022800082c2a8f0e000208008002080c0","size":19,"data":"","first_seen":"2023-04-14T06:56:18Z","last_seen":"2026-07-03T00:24:04.295333Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b299dec3e2eb452df46f47b136a1a8df","sha1":"f21952a05a29f6003b6461fb59bf81f522c698fc","sha256":"e2ab85908a4fcffda64ebcefab8b44aa7905345f60ac5d737604e833bd33475d","sha512":"de383cbf11dfbb414de50a0a1697d5613777547a03203bd5c544415d03af1a3b45e9fef37fdcb7ea6de545f6e1008f8c17f15eb9380a67334943578775032a9f","ssdeep":"","tlshash":"7d112197d6718c7043b344fa5a70d3c415b8605ef906d002b93ccae01e61fa17672a4f","size":1039,"data":"","first_seen":"2026-07-03T00:21:12.003639Z","last_seen":"2026-07-03T00:24:04.296289Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"974fedb1151f165d4ed2f9516cf3f0e7","sha1":"5e815e6b5c5792b2ef54c288ca4f1fe125a44f69","sha256":"959b1cbff5046e5a8bbcdf72392ad1b082d3637b29638a8e040b6b4702145087","sha512":"5729b0ba5f59660d4e9d05b308f5eb5085f48b66e10d19ef86158a8fbe590cc50b89b378bf26027eb5c51496d18bd65c748d6ed362683e0fb64e35c24fc2d88d","ssdeep":"","tlshash":"2b21ede6ca328c70037344fa4a70d3c425a8904bf907d042ba7c8ad4aaa1f613666a4f","size":1300,"data":"","first_seen":"2026-07-03T00:21:11.996448Z","last_seen":"2026-07-03T00:24:04.297903Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca939d7d935249fbc30a2ba0a1c952c5","sha1":"771594eec547d8e7e0071c7a83e964fa4d02095c","sha256":"c14aed31659014ccebea6211101c62943763816bfafa9abcf5ebabc646ee5088","sha512":"5fb7260faf8ff0dbcc7edd7c805019138a35087899376bfb266a35226c311f56cf63bdf25b87e1171b5d8b0b2fe9a9b1a3178e412b0b791ef9def72819211591","ssdeep":"","tlshash":"0041b1a2d931ecb003374df62b74a2c015a4818fe907d482f57c9a8c79b5f523b6194f","size":2406,"data":"","first_seen":"2026-07-03T00:21:11.991791Z","last_seen":"2026-07-03T00:24:04.299588Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"15974b765a8117f4196ea5704b438839","sha1":"d7de278003a2cd2df8aa7d2d8d42016d0289e318","sha256":"f4ad28efd4479c1817faaa647151dcbcfbd3f3f6c8d978acda4a23b00c46bbcc","sha512":"0985dcba9ac5bf86d4430ec3a82dda8fc4175068e73b32ff563aabcb11cf73b695051acebf823af763a7cdedff14b71ff5c198ea60b13f065a932b927988aa04","ssdeep":"","tlshash":"17f05e9bf39a112012afa17a08b5cb8a3034800bcd0019497e2c04b06b36ea1aa5a784","size":654,"data":"","first_seen":"2026-06-09T12:27:31.382703Z","last_seen":"2026-07-03T00:24:04.301175Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"fba3009599be5963c0cf131e8b2285df","sha1":"0db3db19f71d0168d7490b832ba9354c1a3289a9","sha256":"b4703c5913c9b5735babe5ae6a869fd31f48dabf8e8f5f4d9c742576eb637818","sha512":"f55f17a34e4b81b89ca2891d45fe105759b62762f71ab4d17d6a9ad851610326602c0edc9e27683bb05ba2fffd5d76a2c2e8692a0532da3f5f7d6cf8854e2396","ssdeep":"768:gWUfJLQeYPdJxIPdHoHoaDjGNNBTMPz2eYCqHmY6xIGv052bCSYu9E+uLqj+Ctj/:LLh","tlshash":"0364b23cf323c44d99b35abbfcbc1a14a144aec7e9dda6c80c5d42462fe0d6a35186e5","size":328178,"data":"","first_seen":"2026-07-03T00:21:12.001882Z","last_seen":"2026-07-03T00:24:04.302172Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l2.io/ip.js?var=userip","fqdn":"l2.io","domain":"l2.io","tld":"io"},"ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca994d64b7be9a9f915f9d59cae2dd20","sha1":"aa6f8731897ff69250631f958b9b6f06466d00d8","sha256":"fa40120b181878677d7f0ed99dda534f6fbf729b64ade0fce89c692223e9b38e","sha512":"f9725132be4588f0180370760fcd18fcdafa16d309f61c8b5ce60de4a76c8b6f743696593dfc200c7b2b49a994f8fae7faaba8726c574c1ca073dd7877d10498","ssdeep":"","tlshash":"078000e220300b0008c8830280a800a08c82228220c3ae8283cca3320c00aa0a2a0030","size":26,"data":"","first_seen":"2026-06-08T10:20:42.578788Z","last_seen":"2026-07-03T00:24:04.288663Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"32740b119783fee71ee767cd4cfbb312","sha1":"7b06d9e9845b30085db3a810171d52e3fca3fafc","sha256":"94f71ba017a2e490591b1d61eba5aea13645da9ac6ad383f1f985e529d7835a9","sha512":"082ff41afae2e9cfa42c770aaccbc0010963327433276b65e7bb49833b12015f7eb8563a913706290a1dadc0479eddfbfa355b9729aa50067a82ff1bd148d8d1","ssdeep":"","tlshash":"b0a0223bf3c032320cba02b2a020838c2e003030c80228c3382c80208000fc28e22000","size":76,"data":"","first_seen":"2023-04-14T06:56:18Z","last_seen":"2026-07-03T00:24:04.304452Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"59389381ecc4f9540d557443409f4017","sha1":"d4cde16bd6686b3d0f955803cfb1d185f91cb66c","sha256":"417141921ed8515d84ee26aef1b2e8f71a7bf178a4ee1a0bdc56f689de43840f","sha512":"627a485ef21417d8859b90b915ee5217cca91c081c0a6da835fe9844a75744cdf1c4adfcea026883a3972c5f42b8777b795d056632cb1e57ea9f4692e33dc364","ssdeep":"","tlshash":"e6210ea6da319c70037744fa0a74d3c415a8509ff907d042f57c8ad86ea1f61366694f","size":1433,"data":"","first_seen":"2026-07-03T00:21:11.997415Z","last_seen":"2026-07-03T00:24:04.30551Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1b596498701c7e3c338b64028a911bd","sha1":"8a3037f8f4dbb615b63349aae8d98b7215c456ce","sha256":"a67498faba09ba54dd641c2d0b46d39e05269c57f0f2c17477aa8f17b77e448e","sha512":"e8076f990a330ff6612d0e223765431a3d6a86a4c7feee1c0e4e565fabd46dd6e0f72f5c20e59ec6960473b63a1d49334c629c1ac640b2092569d5a781cf0625","ssdeep":"","tlshash":"30311da6ea319c70437748fa0e70e3c416a8508fe907d042f57c8a986eb1f603766d4f","size":1572,"data":"","first_seen":"2026-07-03T00:21:11.998283Z","last_seen":"2026-07-03T00:24:04.307148Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"bdae24c44bb83d056804183981894982","sha1":"a022bab64bc2e4ee2e0fa7a8eb65d0591ca18c98","sha256":"9948886bcf7397f9dcd3d8435248ce7ec3974d3a15878ed39387614e53cf8e09","sha512":"bea517e7d9b64808dd64d1867c99d18101ed66026a6123d630629195ca59c150bdb2d18227dbd9e6ac3e2a46129ca167eda88e63943a6d0c04189e3c0824dcfa","ssdeep":"","tlshash":"2f31e0a6d9319c70433748fa5b70a3c429a4809ff907d082f57c9a9c6ab1f62376594f","size":1816,"data":"","first_seen":"2026-07-03T00:21:11.99914Z","last_seen":"2026-07-03T00:24:04.309912Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ae6f201d9ccaaa9edb15ea0dcb2f998","sha1":"b39d829f80d1ba191be4d3ca66779d9014e02e70","sha256":"273398b91f118dbba741d696b9b7f818f65831f6908bef7707f820cd9a871e97","sha512":"5bf2209035d75bb7e9dd70d58e4f9e44f3c4754e4eee7d0fb420680626afaf05e80ed54aa6612499471a0440000cf6e13237312ed7cb3b950c94af1697b08dfd","ssdeep":"","tlshash":"2141ada2d931dc74433688f61b70a2c429a4808ff907d082f57cda9c79b6f62376594f","size":2080,"data":"","first_seen":"2026-07-03T00:21:12.000054Z","last_seen":"2026-07-03T00:24:04.311816Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-03","alert":"Detects file containing Telegram Bot API","trigger":"kvw-bgdxc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.464Z","timestamp":1783038200464,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Fri, 03 Jul 2026 00:23:20 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Mon, 04 May 2020 16:10:07 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 186\r\nexpires: Wed, 23 Jun 2027 00:23:20 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jDO3xzXH%2B9SDmNT6UpgDq%2FB5O%2BnJMe0xdDIU%2Bzdw0BY9x8cG00Lgk4vUiDrRSe%2Fm2YEdQVZrrj4Fe0AAsVkOEnez%2FRn0f2dfrQB1CwZLZ%2BnbvJHlgXjd5NspGzN2qg84ZafgR8aN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a151bdb11d59568e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31000,"size_decoded":6610,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-07-03T04:04:07.284944Z","times_seen":293007,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":10,"connect":16,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/.11ty/reload-client.js","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.483Z","timestamp":1783038200483,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Jun 2026 14:06:07 GMT","end":"Sun, 13 Sep 2026 14:06:06 GMT"},"fingerprint":{"sha1":"8B:BD:8F:CC:1E:76:7E:9C:C5:BC:79:F4:B6:04:88:E6:13:B8:A4:F6","sha256":"70:74:22:12:F4:2B:37:8A:77:CB:11:E7:BD:AE:E7:46:7D:FF:8B:F3:89:15:EA:70:46:E7:24:1C:7C:4F:3B:4D"}}},"request":{"raw":"GET /.11ty/reload-client.js HTTP/1.1\r\nHost: kvw-bgdxc.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Fri, 03 Jul 2026 00:23:20 GMT\r\nx-edge-app-version-id: dav_K0DIktQu3xLy\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 555\r\nx-wasmer-request-id: 7e21752b-0272-49df-a508-7e1b45fdbc2a\r\nx-edge-rty: w\r\nx-edge-region: de-falkenstein\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T04:08:26.983741Z","times_seen":16931406,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"kvw-bgdxc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-03","alert":"Phishing Block","trigger":"kvw-bgdxc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l2.io/ip.js?var=userip","fqdn":"l2.io","domain":"l2.io","tld":"io"},"ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.488Z","timestamp":1783038200488,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"l2.io","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Jun 2026 03:48:27 GMT","end":"Fri, 25 Sep 2026 03:48:26 GMT"},"fingerprint":{"sha1":"0E:79:63:B5:DE:E4:86:9F:56:20:8D:85:A5:F1:88:0F:5C:C7:40:61","sha256":"75:5C:83:EB:8B:89:23:A9:A2:8B:C9:22:5E:63:21:20:7A:34:44:B7:75:4E:36:57:ED:E6:01:DE:7F:2A:4A:6F"}}},"request":{"raw":"GET /ip.js?var=userip HTTP/1.1\r\nHost: l2.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 03 Jul 2026 00:23:20 GMT\r\nServer: Apache/2.4.65 (Debian)\r\nContent-Length: 26\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.65","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":26,"size_decoded":193,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"ca994d64b7be9a9f915f9d59cae2dd20","sha1":"aa6f8731897ff69250631f958b9b6f06466d00d8","sha256":"fa40120b181878677d7f0ed99dda534f6fbf729b64ade0fce89c692223e9b38e","sha512":"f9725132be4588f0180370760fcd18fcdafa16d309f61c8b5ce60de4a76c8b6f743696593dfc200c7b2b49a994f8fae7faaba8726c574c1ca073dd7877d10498","ssdeep":"","tlshash":"078000e220300b0008c8830280a800a08c82228220c3ae8283cca3320c00aa0a2a0030","first_seen":"2026-06-08T10:20:42.578788Z","last_seen":"2026-07-03T00:24:04.288663Z","times_seen":52,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":25,"send":0,"wait":26,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.494Z","timestamp":1783038200494,"http_version":"HTTP/2","security_state":"","security_info":null,"request":{"raw":"GET /signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 80\r\nx-edgeconnect-origin-mex-latency: 10\r\ncache-control: max-age=86400\r\nexpires: Sat, 04 Jul 2026 00:23:20 GMT\r\ndate: Fri, 03 Jul 2026 00:23:20 GMT\r\nset-cookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/; SameSite=None; Secure\nApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/\nakaalb_Digital_ALB=~op=~rv=63~m=~os=~id=5dc83851f7cd957ca6a9482b4255f8a0; path=/; Secure; SameSite=None\nak_bmsc=8B7115B2D3D35E1F06E0A8CCE43C7526~000000000000000000000000000000~YAAQJ08kF9U3/AafAQAA0MtbJQBlOTQRebKjS/JKoRtSx6EX4VXkQlZxnBT+k/qSP/WsoHV5+yjN8/dszC/3InlIsNNX+g+ZYFcc2dw0kBRxz+NFJpLB4H3iHDxCjvLAP3zs4DHqexnp5fPT48/7Viu6qXTfUBZtSYTva3sNQycQsFGKykStZ4SYgB7r+W5LDDYZy2U4xJxuNdSlBqQPV/s/kFwQlczbiDqW1PtAxkhmLDQiWus+jANkuZyRlYMO0l4EJ4UQ+/bRqwfcwHV10KF9op67apoBNGQAQaAUegG3njeDzMCugiCtdSNABNMgnLNQPi5wj+kOXPsFKvhmAkvY+1urDO4U7D/HrzgAxiGx0zB+NRxOl9CC1PyfuKtD9WsQeQIi1T8XI5MYWhRr+Aw=; Domain=.navyfederal.org; Path=/; Expires=Fri, 03 Jul 2026 02:23:20 GMT; Max-Age=7200; SameSite=None; Secure; HttpOnly\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T04:08:26.983741Z","times_seen":16931406,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/apple-touch-icon.png","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.829Z","timestamp":1783038200829,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"digitalapps.navyfederal.org","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 May 2026 00:00:00 GMT","end":"Sun, 29 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"27:BE:E4:91:4D:E9:18:1E:57:1D:DC:46:05:BE:25:6B:37:B6:18:FC","sha256":"57:78:C2:89:73:4C:23:52:DB:27:90:88:63:E7:5C:40:E0:27:C2:56:51:43:BF:D8:6A:C4:86:97:8A:B2:BC:65"}}},"request":{"raw":"GET /signin/apple-touch-icon.png HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nCookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; ApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; akaalb_Digital_ALB=~op=~rv=63~m=~os=~id=5dc83851f7cd957ca6a9482b4255f8a0; ak_bmsc=8B7115B2D3D35E1F06E0A8CCE43C7526~000000000000000000000000000000~YAAQJ08kF9U3/AafAQAA0MtbJQBlOTQRebKjS/JKoRtSx6EX4VXkQlZxnBT+k/qSP/WsoHV5+yjN8/dszC/3InlIsNNX+g+ZYFcc2dw0kBRxz+NFJpLB4H3iHDxCjvLAP3zs4DHqexnp5fPT48/7Viu6qXTfUBZtSYTva3sNQycQsFGKykStZ4SYgB7r+W5LDDYZy2U4xJxuNdSlBqQPV/s/kFwQlczbiDqW1PtAxkhmLDQiWus+jANkuZyRlYMO0l4EJ4UQ+/bRqwfcwHV10KF9op67apoBNGQAQaAUegG3njeDzMCugiCtdSNABNMgnLNQPi5wj+kOXPsFKvhmAkvY+1urDO4U7D/HrzgAxiGx0zB+NRxOl9CC1PyfuKtD9WsQeQIi1T8XI5MYWhRr+Aw=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 79\r\nx-edgeconnect-origin-mex-latency: 26\r\ncache-control: max-age=86400\r\nexpires: Sat, 04 Jul 2026 00:23:20 GMT\r\ndate: Fri, 03 Jul 2026 00:23:20 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T04:08:26.983741Z","times_seen":16931406,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/favicon-16x16.png","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.831Z","timestamp":1783038200831,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"digitalapps.navyfederal.org","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 May 2026 00:00:00 GMT","end":"Sun, 29 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"27:BE:E4:91:4D:E9:18:1E:57:1D:DC:46:05:BE:25:6B:37:B6:18:FC","sha256":"57:78:C2:89:73:4C:23:52:DB:27:90:88:63:E7:5C:40:E0:27:C2:56:51:43:BF:D8:6A:C4:86:97:8A:B2:BC:65"}}},"request":{"raw":"GET /signin/favicon-16x16.png HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nCookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; ApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; akaalb_Digital_ALB=~op=~rv=63~m=~os=~id=5dc83851f7cd957ca6a9482b4255f8a0; ak_bmsc=8B7115B2D3D35E1F06E0A8CCE43C7526~000000000000000000000000000000~YAAQJ08kF9U3/AafAQAA0MtbJQBlOTQRebKjS/JKoRtSx6EX4VXkQlZxnBT+k/qSP/WsoHV5+yjN8/dszC/3InlIsNNX+g+ZYFcc2dw0kBRxz+NFJpLB4H3iHDxCjvLAP3zs4DHqexnp5fPT48/7Viu6qXTfUBZtSYTva3sNQycQsFGKykStZ4SYgB7r+W5LDDYZy2U4xJxuNdSlBqQPV/s/kFwQlczbiDqW1PtAxkhmLDQiWus+jANkuZyRlYMO0l4EJ4UQ+/bRqwfcwHV10KF9op67apoBNGQAQaAUegG3njeDzMCugiCtdSNABNMgnLNQPi5wj+kOXPsFKvhmAkvY+1urDO4U7D/HrzgAxiGx0zB+NRxOl9CC1PyfuKtD9WsQeQIi1T8XI5MYWhRr+Aw=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 79\r\nx-edgeconnect-origin-mex-latency: 14\r\ncache-control: max-age=86400\r\nexpires: Sat, 04 Jul 2026 00:23:20 GMT\r\ndate: Fri, 03 Jul 2026 00:23:20 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T04:08:26.983741Z","times_seen":16931406,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/navy_files/saved_resource.html","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.491Z","timestamp":1783038200491,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Jun 2026 14:06:07 GMT","end":"Sun, 13 Sep 2026 14:06:06 GMT"},"fingerprint":{"sha1":"8B:BD:8F:CC:1E:76:7E:9C:C5:BC:79:F4:B6:04:88:E6:13:B8:A4:F6","sha256":"70:74:22:12:F4:2B:37:8A:77:CB:11:E7:BD:AE:E7:46:7D:FF:8B:F3:89:15:EA:70:46:E7:24:1C:7C:4F:3B:4D"}}},"request":{"raw":"GET /navy_files/saved_resource.html HTTP/1.1\r\nHost: kvw-bgdxc.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Fri, 03 Jul 2026 00:23:20 GMT\r\nx-edge-app-version-id: dav_K0DIktQu3xLy\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 563\r\nx-wasmer-request-id: 50774f61-9fe1-46f6-91ad-178b51ac5ab1\r\nx-edge-rty: w\r\nx-edge-region: de-falkenstein\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":563,"size_decoded":842,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"6fb93d93e03f47ab0462de916115ea4c","sha1":"455c85d6a73fc28069a6b57eb89c7b1118b6170c","sha256":"424f19fb6203f21d253ea011890be5fd70e4193d88f26cc6aa65bd6f323d1512","sha512":"d1f48099c8e60d649785f30d9d9faf448b5196bdaef6fb7291e573278393758c111010349c666da96bc2547658160973ac2746139939e84ecd98505d01494acf","ssdeep":"","tlshash":"d9f0eb1bc3a2210ef079a4e42dc36350731e0262f4204f38bc562e38e05c8b4287bbcd","first_seen":"2026-04-03T00:11:13.691079Z","last_seen":"2026-07-03T00:24:04.289631Z","times_seen":149,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-03","alert":"Phishing Block","trigger":"kvw-bgdxc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"kvw-bgdxc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/static/media/bubbles.9f2a1919448e1d79ac6b.svg","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kvw-bgdxc.wasmer.app/","date":"2026-07-03T00:23:20.558Z","timestamp":1783038200558,"http_version":"HTTP/2","security_state":"","security_info":null,"request":{"raw":"GET /signin/static/media/bubbles.9f2a1919448e1d79ac6b.svg HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://kvw-bgdxc.wasmer.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 80\r\nx-edgeconnect-origin-mex-latency: 12\r\ncache-control: max-age=86400\r\nexpires: Sat, 04 Jul 2026 00:23:20 GMT\r\ndate: Fri, 03 Jul 2026 00:23:20 GMT\r\nset-cookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/; SameSite=None; Secure\nApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/\nakaalb_Digital_ALB=~op=~rv=59~m=~os=~id=aaeeb6959e035621e595543252254424; path=/; Secure; SameSite=None\nak_bmsc=D2B2919717C30351D0D27D96AABC5005~000000000000000000000000000000~YAAQJ08kF9Q3/AafAQAAxMtbJQDK6eLIht5JjLgEXwUAv3hv3M4sIjx+m63k8nxfcdccVpCjhrRilTPvUHhaNYDC1In7lKkp1/558e94KAuGoDcqsRkDCznDQrctdFmSU1dP1nqiJka6rgg3XNwr9WES1m5SQJLKTp7Z00cqgqLq9jPQeIgEzr9dkI+HkUl2dNbpyQMA4yBLTS02KIC6nsTWCNjB5Mabgfrcl2mlRF4F7J3eZCokXOTKbPUfS1k63Z/SukArUye7TqxJExsp090gAP2irVFxXHV7Y4wqtCuWNdjNq4ErW7QBqOxISNZInKiMmC5abnq2zbqI/mvaihap3KwqMmSLeHw/ae8vccfywGFaaJ+5H3NmzRfmzYngszzsc+zMDEoV3vvbH4xO/AI=; Domain=.navyfederal.org; Path=/; Expires=Fri, 03 Jul 2026 02:23:20 GMT; Max-Age=7200; SameSite=None; Secure; HttpOnly\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T04:08:26.983741Z","times_seen":16931406,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kvw-bgdxc.wasmer.app/","fqdn":"kvw-bgdxc.wasmer.app","domain":"kvw-bgdxc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-03T00:23:19.681Z","timestamp":1783038199681,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Jun 2026 14:06:07 GMT","end":"Sun, 13 Sep 2026 14:06:06 GMT"},"fingerprint":{"sha1":"8B:BD:8F:CC:1E:76:7E:9C:C5:BC:79:F4:B6:04:88:E6:13:B8:A4:F6","sha256":"70:74:22:12:F4:2B:37:8A:77:CB:11:E7:BD:AE:E7:46:7D:FF:8B:F3:89:15:EA:70:46:E7:24:1C:7C:4F:3B:4D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kvw-bgdxc.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Fri, 03 Jul 2026 00:23:19 GMT\r\nx-edge-region: de-falkenstein\r\nx-powered-by: PHP/8.3.21\r\ncontent-type: text/html; charset=UTF-8\r\nx-edge-app-version-id: dav_K0DIktQu3xLy\r\nx-wasmer-request-id: c3d5b0dc-b7f7-4243-a466-6a7c9422550a\r\nx-edge-rty: w\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"PHP:8.3.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":3781638,"size_decoded":3781922,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"f4da14999ac202f0ae76f7d4d5b853e8","sha1":"ec208d5740e771cd9676d7a50c7122c584b08cc3","sha256":"d3d66db39a430df1bf018fc6d15d64d48fe1ea8a1ebddee9a3c538875294c2bf","sha512":"b86f3de04b6e0cb0a2916cca21c7507156d3adf9269f7dc5f47c2f37d7e1831a0fec88e9cd73f4e83f93adb409aa25ad0d956c06356de34311cf95ae5d11be65","ssdeep":"1536:GlgQ/Jxo1wNz8ikMO3cRwc4ek7HFcOxSEaiI5xddSvbAWOO+e+n6l6l66Hjp65rR:T","tlshash":"c025657e6200ec4d6d2399bffdac3ee09064de5fedc9ab840059841fafd18a975085c6","first_seen":"2026-05-24T12:27:22.043124Z","last_seen":"2026-07-03T00:24:04.290527Z","times_seen":24,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":0,"dns":38,"connect":35,"send":0,"wait":39,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"kvw-bgdxc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-03","alert":"Phishing Block","trigger":"kvw-bgdxc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}}]}
