{"report_id":"6a936142-613c-4b47-9bd4-f147a56d9b88","version":6,"status":"done","tags":[],"date":"2025-10-16T06:41:58Z","url":{"schema":"https","addr":"mystatment-desktopappm.live/mz/","fqdn":"mystatment-desktopappm.live","domain":"mystatment-desktopappm.live","tld":"live"},"ip":{"addr":"52.38.173.188","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"mystatment-desktopappm.live/mz/","fqdn":"mystatment-desktopappm.live","domain":"mystatment-desktopappm.live","tld":"live"},"title":"Social Security Statement"},"submit":{"url":{"schema":"https","addr":"mystatment-desktopappm.live/mz/","fqdn":"mystatment-desktopappm.live","domain":"mystatment-desktopappm.live","tld":"live"},"ip":{"addr":"52.38.173.188","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-20T06:41:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":8}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-16","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"raw.githubusercontent.com/dinemikw/nime/main/desktop_v3.0.EXE","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"mystatment-desktopappm.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-16","alert":"Phishing - AT\u0026T Inc.","trigger":"mystatment-desktopappm.live/mz/","verdict":"phishing","severity":"medium","comment":"AT\u0026T Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-16","alert":"Phishing - AT\u0026T Inc.","trigger":"mystatment-desktopappm.live","verdict":"phishing","severity":"medium","comment":"AT\u0026T Inc.","link":"https://openphish.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdn-icons-png.flaticon.com","ip":{"addr":"23.36.77.91","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2013-05-10","domain_rank":239972,"first_seen":"2021-09-02T06:55:19Z","last_seen":"2025-10-12T22:52:00.506812Z","alert_count":0,"request_count":1,"received_data":4323,"sent_data":466,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.ssa.gov","ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"unknown","domain_rank":11800,"first_seen":"2013-11-26T00:08:26Z","last_seen":"2025-10-11T14:27:40.9589Z","alert_count":0,"request_count":1,"received_data":20361,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Acquia Cloud Platform:next","description":"Acquia Cloud Platform is a Drupal-tuned application lifecycle management suite with an infrastructure to support Drupal deployment workflow processes.","website":"https://www.acquia.com/products/drupal-cloud/cloud-platform","common_platform_enumeration":"","icon":"acquia-cloud.png","categories":["PaaS"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-10-12T22:12:25.402635Z","alert_count":0,"request_count":3,"received_data":122889,"sent_data":1686,"comment":"","tags":null,"fingerprints":null},{"fqdn":"raw.githubusercontent.com","ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":22021,"first_seen":"2014-03-01T07:08:08Z","last_seen":"2025-10-13T02:07:51.656063Z","alert_count":1,"request_count":1,"received_data":14782882,"sent_data":576,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]}]},{"fqdn":"mystatment-desktopappm.live","ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-16T06:41:36.454911Z","last_seen":"2025-10-16T06:41:36.454911Z","alert_count":12,"request_count":2,"received_data":10740,"sent_data":1036,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-10-12T22:12:24.910527Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"93b5c675ed81f68c5655ace55726d61b","sha1":"8043ae42215711d7848b6215f01c1b620d739e1b","sha256":"c8cfab4b52a7b83832acddeeb8f5a0fb79a9fa01197f2f3897d2490fd4761bba","sha512":"bb2fa5673064cb4649da188c6110412ec2c631be2393f330d460f5a102bc1460bcb96be8b2dbcee09afbcbed0d252c6cc1c65719b4c9c84b5223336cf499d743","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":14781992,"url":{"schema":"https","addr":"raw.githubusercontent.com/dinemikw/nime/main/desktop_v3.0.EXE","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-16","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"raw.githubusercontent.com/dinemikw/nime/main/desktop_v3.0.EXE","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mystatment-desktopappm.live/mz/","fqdn":"mystatment-desktopappm.live","domain":"mystatment-desktopappm.live","tld":"live"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"eec21b299dbe96aa957f8d537057133d","sha1":"92f36a13c55fc5bf5704ff429c614ed10fa03eee","sha256":"a80c4ea21f43c5064c27e4ea4ad9821eda763012380f215c35904ebc3c53a2ef","sha512":"a33c98193bb4397c970abb6e1da4f312aba7f5328409ff1ab30aa07b90d747f144803388e75205f7e558a2c8f3fbf31c9a1f9411ba4dd41653ea4b4c41730972","ssdeep":"","tlshash":"c0d0c28b855408030236a07a87663405a2fbc17b85cf68c3729386598f426792396993","size":277,"data":"","first_seen":"2025-09-07T16:48:08.113905Z","last_seen":"2026-01-22T20:51:25.743778Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mystatment-desktopappm.live/mz/","fqdn":"mystatment-desktopappm.live","domain":"mystatment-desktopappm.live","tld":"live"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"403e17bb5c7bd67d15a935cd530bf080","sha1":"76e5b5717348a6cad3fd9ab2b83b4fe8b9e77f73","sha256":"6795757b842f3e0351e6233787ba4f384c90d912ff635603373c6701d05f893d","sha512":"6c1591fb6fe18e7c0f1a1c48236365af74dad5fda257acdba9cbfaf7025357731721ec2e1f428da4850b5f00a7c073fd3b2ad33cb81562e1aa61f472f5916336","ssdeep":"","tlshash":"56016d6e56b282f0492f6566db5b6348e072002b3405c900bcae874cff78f9a955b687","size":784,"data":"","first_seen":"2025-09-07T16:48:08.115043Z","last_seen":"2025-11-11T18:28:28.992999Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mystatment-desktopappm.live/mz/","fqdn":"mystatment-desktopappm.live","domain":"mystatment-desktopappm.live","tld":"live"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T06:41:30.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mystatment-desktopappm.live","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 12:39:36 GMT","end":"Mon, 12 Jan 2026 12:39:35 GMT"},"fingerprint":{"sha1":"23:29:90:C3:7A:67:6F:7C:D9:06:48:23:59:8A:02:44:E8:78:8E:FB","sha256":"FB:65:FD:C7:8B:54:77:2C:F4:A1:AC:29:25:50:AC:61:39:59:3F:B3:D7:AB:6B:E3:A5:CF:12:8E:54:9D:22:95"}}},"request":{"raw":"GET /mz/ HTTP/1.1\r\nHost: mystatment-desktopappm.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 16 Oct 2025 06:41:30 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 2524\r\nlast-modified: Wed, 15 Oct 2025 18:42:59 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":10430,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"e3376dee1daecfc53b3c645a88084123","sha1":"b973403a20004f5e065acefdc0b612894e632d40","sha256":"88a40b0599ccb77e801954d1f2435fb9831fcd00936ac7cb2b38eecee6dafb6d","sha512":"081934103a923774e17bd0d9b98a33f0607e85883b707a907c651c10311e4689862510fb5584231736caecd3097dedbf194e3f41848a7ffbce5dea966c84f5b2","ssdeep":"192:LqwFKkAQ/r4rTUZAFQ6T/6T7TT6G0e03prCQ/TdychyP1y8ZetPfVyXwRgWo0yJR:L19WF85q/qzafcCzw","tlshash":"0322a59fd6b30002291394763fbb67456a55c00be60fcd6a3e9c524ccf9569489f334e","first_seen":"2025-10-16T06:41:42.400635Z","last_seen":"2025-10-16T06:41:59.624838Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1220,"timings":{"blocked":520,"dns":0,"connect":172,"send":0,"wait":173,"receive":0,"ssl":351},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"mystatment-desktopappm.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-16","alert":"Phishing - AT\u0026T Inc.","trigger":"mystatment-desktopappm.live/mz/","verdict":"phishing","severity":"medium","comment":"AT\u0026T Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@400;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mystatment-desktopappm.live/mz/","date":"2025-10-16T06:41:30.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"04:E6:D3:58:E3:A1:E3:05:2B:C3:56:5D:68:BB:1B:0A:08:C6:E3:FB","sha256":"25:4C:B3:A3:9A:E1:D7:FD:25:B6:BF:E9:AA:97:95:20:5D:F2:15:EA:41:46:B6:6B:01:17:19:26:EC:EF:D3:CA"}}},"request":{"raw":"GET /css2?family=Roboto:wght@400;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mystatment-desktopappm.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 16 Oct 2025 06:41:31 GMT\r\ndate: Thu, 16 Oct 2025 06:41:31 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"f1d5050e039805ed413140bb1be523f6","sha1":"639ab1da29817b2ab05ba2f08262493e48554087","sha256":"98cfacefc1e771421b4d0cc9b9ac4a4a85b1ffab955156395330ca6df5b6efb4","sha512":"2d4b0159459bbd12453236329b35ace598b0674dadd70be9afd6741560619b36388a492f9d0670114e322a197a89012c0dd12d396fbcead1c2707904d6affd1d","ssdeep":"384:8wfMw1wWw6wyhw/qY4XwNwtw/wfWwbwMwwwyXw/qY4hwzwTw4wfdwkwDw3wyQw/P:8JKBLfhQE8YcfA3lfXQuGCTYHw+fQQVl","tlshash":"6172eca1041740009b839ce223cebf35fe5f92117141d0b9abfd9b6badcbc66526936d","first_seen":"2025-09-09T20:09:40.248612Z","last_seen":"2025-11-16T09:20:51.931362Z","times_seen":169,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":68,"dns":0,"connect":7,"send":0,"wait":23,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn-icons-png.flaticon.com/512/892/892640.png","fqdn":"cdn-icons-png.flaticon.com","domain":"flaticon.com","tld":"com"},"ip":{"addr":"23.36.77.91","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mystatment-desktopappm.live/mz/","date":"2025-10-16T06:41:30.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.flaticon.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Sep 2025 09:52:20 GMT","end":"Sat, 06 Dec 2025 09:52:19 GMT"},"fingerprint":{"sha1":"B2:7B:62:83:1E:F9:AF:6F:E2:E5:F1:C0:0A:0C:36:DF:45:8B:26:2C","sha256":"7A:0E:24:74:DB:8A:69:DD:B3:B4:8C:BE:9A:A3:C8:BC:05:54:64:3D:10:7A:DF:EE:F3:F6:87:52:F6:49:50:50"}}},"request":{"raw":"GET /512/892/892640.png HTTP/1.1\r\nHost: cdn-icons-png.flaticon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mystatment-desktopappm.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3833\r\nlast-modified: Mon, 18 Sep 2023 23:15:27 GMT\r\netag: \"8ceb71a01f1a182d6062f67531128226\"\r\naccept-ranges: bytes\r\nakamai-amd-bc-debug: [a=23.45.121.217,b=74715617,c=w,d=1756134496,h=200,k=2,l=16,n=FR_IDF_AUBERVILLIERS,o=20940,r=18,p=3833]\r\ndate: Thu, 16 Oct 2025 06:41:31 GMT\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\npragma: public\r\ncache-control: public, max-age=31536000\r\nx-default-rule: YES\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3833,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"8ceb71a01f1a182d6062f67531128226","sha1":"d82f376105795fd9eedbd436b28441b29accc855","sha256":"8e352d47c6568e3dcb4471d33acd72894ee48d2edc1a095e8a12f0c5cc36b103","sha512":"2621615145af6d513f526c7a5ed393580ae6af86b2be413bed315f6fd47939d7bb12dfa51ca84540ae80b0ab99992fb776a01b6c4860fd8464f2c4df0865a29a","ssdeep":"","tlshash":"4381159179005961eeb9ef1f5e622e5514b4c0c281ab82f69dcdc37d078b2098d5dfa3","first_seen":"2025-05-29T18:08:02.991214Z","last_seen":"2026-01-22T20:51:25.738651Z","times_seen":14,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":48,"dns":33,"connect":1,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.ssa.gov/themes/custom/ssa_core/logo.svg","fqdn":"www.ssa.gov","domain":"ssa.gov","tld":"gov"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mystatment-desktopappm.live/mz/","date":"2025-10-16T06:41:30.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ssa.gov","organization":"Social Security Administration"},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Wed, 24 Sep 2025 00:00:00 GMT","end":"Tue, 20 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"0F:99:DA:10:29:AC:7A:5D:C2:E3:D0:48:2C:B8:4D:45:E0:7B:3F:6C","sha256":"66:C8:F6:C6:C1:19:CF:08:87:63:25:DB:EA:DA:FB:F9:CC:4C:5C:91:DA:AC:0B:49:71:AB:4D:F4:B7:59:AF:DE"}}},"request":{"raw":"GET /themes/custom/ssa_core/logo.svg HTTP/1.1\r\nHost: www.ssa.gov\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mystatment-desktopappm.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\nx-content-type-options: nosniff\r\nlast-modified: Tue, 12 Nov 2024 15:04:43 GMT\r\nx-request-id: v-7305ebb4-5bee-11f0-ac5a-27afb718647b\r\nx-ah-environment: 01live\r\nx-cache-hits: 3269\r\nx-age: 347745\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-length: 7845\r\ncache-control: max-age=2592000\r\nexpires: Sat, 15 Nov 2025 06:41:31 GMT\r\ndate: Thu, 16 Oct 2025 06:41:31 GMT\r\nvary: Accept-Encoding\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc=\"1760596891015_388255151_18527167_69_13648_0_11_11\";dur=1\r\nalt-svc: h3=\":443\"; ma=93600\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Acquia Cloud Platform:next","description":"Acquia Cloud Platform is a Drupal-tuned application lifecycle management suite with an infrastructure to support Drupal deployment workflow processes.","website":"https://www.acquia.com/products/drupal-cloud/cloud-platform","common_platform_enumeration":"","icon":"acquia-cloud.png","categories":["PaaS"]}],"data":{"size":19677,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"190659b134140da8c7eac798e0128bbb","sha1":"bb705e72f45de1b3c9465355e6ee0089df926f11","sha256":"3b2fccbb2f1744fc5ea844b6af65cc55123635596c6792b4e185aab5d3223d8b","sha512":"da9e84b2f150635ba4b2a6c7e04a336fc1d9c42184f4b666394cca079271ead3cec383aa6f6f470e86386b98d488a712857daf9a6588b596d89e9630f43f4bfd","ssdeep":"384:+6MlLPnMFFt98Xcd5ZVmP92tbX9HpmTqCDpxXUyWOkFiq5:aAFFv8sdlCebXNpmhpxXU9OkIq5","tlshash":"8092a8e067dca2e4e006a7f9c71a64757a732cf67b12d58903d12d96b89402e8cadcd3","first_seen":"2024-11-15T15:56:21.772236Z","last_seen":"2026-03-30T18:58:58.199864Z","times_seen":115,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":45,"dns":33,"connect":3,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mystatment-desktopappm.live/mz/","date":"2025-10-16T06:41:31.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"89:22:0A:7D:C4:DA:9A:62:E8:BB:1D:75:F2:AF:6C:80:09:53:D0:9F","sha256":"3E:15:EC:D6:31:6A:14:01:07:F9:F2:65:18:42:B3:08:7B:47:93:0C:CE:2C:93:2D:DA:E4:21:74:79:B6:F0:6F"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mystatment-desktopappm.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Oct 2025 12:56:02 GMT\r\nexpires: Fri, 09 Oct 2026 12:56:02 GMT\r\ncache-control: public, max-age=31536000\r\nage: 582329\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T11:46:59.437094Z","times_seen":714426,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":178,"dns":3,"connect":21,"send":0,"wait":21,"receive":7,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"raw.githubusercontent.com/dinemikw/nime/main/desktop_v3.0.EXE","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T06:41:31.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91","sha256":"7D:11:22:EA:96:98:52:34:1E:8D:D9:2B:CC:0C:7E:CC:00:96:30:D1:4D:A7:34:D7:CA:42:D5:B5:4A:2B:20:97"}}},"request":{"raw":"GET /dinemikw/nime/main/desktop_v3.0.EXE HTTP/1.1\r\nHost: raw.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mystatment-desktopappm.live/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: application/octet-stream\r\netag: W/\"5d524548281e7f5066c7ae622947ab893946ce185799df9c88941fda36467427\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: E831:B60B3:16C070:1B5B32:68F0937F\r\naccept-ranges: bytes\r\ndate: Thu, 16 Oct 2025 06:41:31 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410020-HEL\r\nx-cache: HIT\r\nx-cache-hits: 1\r\nx-timer: S1760596892.551592,VS0,VE8\r\nvary: Authorization,Accept-Encoding\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: 75108be930db2cffaaccbfd5ccc0ed8f08826e68\r\nexpires: Thu, 16 Oct 2025 06:46:31 GMT\r\nsource-age: 21\r\ncontent-length: 14781992\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]}],"data":{"size":14781992,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","md5":"93b5c675ed81f68c5655ace55726d61b","sha1":"8043ae42215711d7848b6215f01c1b620d739e1b","sha256":"c8cfab4b52a7b83832acddeeb8f5a0fb79a9fa01197f2f3897d2490fd4761bba","sha512":"bb2fa5673064cb4649da188c6110412ec2c631be2393f330d460f5a102bc1460bcb96be8b2dbcee09afbcbed0d252c6cc1c65719b4c9c84b5223336cf499d743","ssdeep":"24576:YLO+MWQigjMQT5pKeYTNqHtbsKJtip+5Qx3I1wleG4xt89kHMzjnKNQY:YLAW9IuhTNwRta+A3awIlj89lGOY","tlshash":"b32523137af5c976e1924e308d6996b0d1f7ea290c30491b378c4e1eaf7b6c1d10a7a7","first_seen":"2025-10-16T06:41:42.41638Z","last_seen":"2025-10-16T06:41:59.754476Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1056,"timings":{"blocked":62,"dns":1,"connect":26,"send":0,"wait":34,"receive":895,"ssl":35},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-16","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"raw.githubusercontent.com/dinemikw/nime/main/desktop_v3.0.EXE","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}}],"urlquery":null}},{"url":{"schema":"https","addr":"mystatment-desktopappm.live/mz/send.php","fqdn":"mystatment-desktopappm.live","domain":"mystatment-desktopappm.live","tld":"live"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mystatment-desktopappm.live/mz/","date":"2025-10-16T06:41:31.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mystatment-desktopappm.live","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 12:39:36 GMT","end":"Mon, 12 Jan 2026 12:39:35 GMT"},"fingerprint":{"sha1":"23:29:90:C3:7A:67:6F:7C:D9:06:48:23:59:8A:02:44:E8:78:8E:FB","sha256":"FB:65:FD:C7:8B:54:77:2C:F4:A1:AC:29:25:50:AC:61:39:59:3F:B3:D7:AB:6B:E3:A5:CF:12:8E:54:9D:22:95"}}},"request":{"raw":"POST /mz/send.php HTTP/1.1\r\nHost: mystatment-desktopappm.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mystatment-desktopappm.live/mz/\r\nContent-Type: application/json\r\nContent-Length: 39\r\nOrigin: https://mystatment-desktopappm.live\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T11:49:30.368697Z","times_seen":13330398,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"mystatment-desktopappm.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-16","alert":"Phishing - AT\u0026T Inc.","trigger":"mystatment-desktopappm.live","verdict":"phishing","severity":"medium","comment":"AT\u0026T Inc.","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"mystatment-desktopappm.live","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mystatment-desktopappm.live/mz/","date":"2025-10-16T06:41:31.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"89:22:0A:7D:C4:DA:9A:62:E8:BB:1D:75:F2:AF:6C:80:09:53:D0:9F","sha256":"3E:15:EC:D6:31:6A:14:01:07:F9:F2:65:18:42:B3:08:7B:47:93:0C:CE:2C:93:2D:DA:E4:21:74:79:B6:F0:6F"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mystatment-desktopappm.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Oct 2025 12:56:02 GMT\r\nexpires: Fri, 09 Oct 2026 12:56:02 GMT\r\ncache-control: public, max-age=31536000\r\nage: 582329\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T11:46:59.437094Z","times_seen":714426,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":79,"dns":1,"connect":20,"send":0,"wait":21,"receive":26,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mystatment-desktopappm.live/mz/","date":"2025-10-16T06:41:31.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"89:22:0A:7D:C4:DA:9A:62:E8:BB:1D:75:F2:AF:6C:80:09:53:D0:9F","sha256":"3E:15:EC:D6:31:6A:14:01:07:F9:F2:65:18:42:B3:08:7B:47:93:0C:CE:2C:93:2D:DA:E4:21:74:79:B6:F0:6F"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mystatment-desktopappm.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Oct 2025 12:56:02 GMT\r\nexpires: Fri, 09 Oct 2026 12:56:02 GMT\r\ncache-control: public, max-age=31536000\r\nage: 582329\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T11:46:59.437094Z","times_seen":714426,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":103,"dns":0,"connect":20,"send":0,"wait":22,"receive":13,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}