{"report_id":"9cdf1c65-2f6a-4fa5-b2f4-719712df30e6","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-09T12:38:18Z","url":{"schema":"http","addr":"xghjc.wasmer.app","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"title":"Navy Federal Credit Union - Our Members are the MissionĀ®","dom":{"size":5126309,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"c57a10d7a3ca7f94cdea7719fd735ee8","sha1":"b20911dee16b3552630fa3d23e6e26c3b6893f48","sha256":"5ee243904cff38fd1b288bba479d2fea4f1d1070218aef2959bac8264226da0a","sha512":"a7a2b25b1dffcce5657bf3993cf84bb5812ba95ca39a625f3e2916c440e655ab3fce55d385907d183a0251192ef3d76db6adf5a4aef1672dcca9219340074a1c","ssdeep":"12288:N0SZthg6wLMLHej3ez2b27iPQ23CtDoW8jqCyYdTUD4W8jbgia:BZng7w+j8OR/jqHil/jUia","tlshash":"ee36443fa203ec3d7a2398fff9ac2ed14451de4beccd9683055c845d2bd28aa7518586","dom_hash":"domhashdf68f7b9fb4ee95955b99f5855dd19c3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xghjc.wasmer.app","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-14T12:38:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-09","alert":"Phishing Block","trigger":"xghjc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"xghjc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"l2.io","ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"domain_registered":"2012-05-12","domain_rank":151857,"first_seen":"2015-06-25T01:31:26Z","last_seen":"2026-06-06T01:30:41.764882Z","alert_count":0,"request_count":1,"received_data":193,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2.4.65","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]}]},{"fqdn":"digitalapps.navyfederal.org","ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"1997-03-24","domain_rank":93913,"first_seen":"2020-08-13T16:50:55Z","last_seen":"2026-06-09T12:27:24.912443Z","alert_count":0,"request_count":4,"received_data":3204,"sent_data":3707,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-07T22:40:26.930816Z","alert_count":0,"request_count":1,"received_data":31972,"sent_data":534,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"xghjc.wasmer.app","ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2018-10-16","domain_rank":0,"first_seen":"2026-06-09T12:38:25.018689Z","last_seen":"2026-06-09T12:38:25.018689Z","alert_count":7,"request_count":3,"received_data":3783034,"sent_data":1474,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.3.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"5457d2528cc901e5baeb7a54a5b0b802","sha1":"50a82ced02259af489c043d09c86b9f53a04e039","sha256":"e789fb0fd9b5d1023c38ef5eac74fc65fdaa7fb0edce0b7cc94b4e89eb9b5b48","sha512":"28ecd0cb65dca59ae6f4b93ece48a5ee726a2cee6b361c1780541588366ed688194cc202f6d8940bf2e2c61dd48b7271752e60eecc2b7a3052d4ea4054d92537","size":1039,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":2}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"0fc67a50fff2c7ef7dea07fb086bac1c","sha1":"981fec969b9891fa3580097b6fc89fab71adec7a","sha256":"1097dc8c1864a9ec363c4080ed9460e2634f7886b6e05bfb7a9eb5c7b364c653","sha512":"f812625a34e924a36ddc36529bf3eaaa67e54847ac8407273f17d6706cefeb34fe5b7f9acb37baca9037fe4b6623cabf1c8a007f61c116b69cfcb157a3da77de","size":1300,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"5bb76ed30c0cf247695210f12c854fa6","sha1":"4d665ff1833eb8ff5f9b08d3bdecaf71a218de53","sha256":"c5a76b16f1a9923d3b691e80d312ebe0b8a40c8b9bda5502149d080ac07e71fd","sha512":"3e3f98ea8fec8b904a871ef1057001bed39475599bce996050a62f777d072fe1b03c006fd456137e3ace5d5bca27aff512c83f7366697db6691d21111c668e32","size":1433,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"7ab79de56cd5250ce6766f8994f4d230","sha1":"0b935f64c46dccad2efb10352dbc04b4e85628f0","sha256":"b237e5a668a63ec44e7d1e4f25a91d8cb9b256cbfdc47e67edb38935691c1839","sha512":"ab86cc85590c3a880bdb2b1783874e9d1485bd121e57fb0887bbe28fcce17a9e81e30fe192acbe0636ee9439dcf676e27454044890991e35bb5da78d0870a58c","size":1572,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"d5ee7a8d17c1b4bffec0b48b9be71bd4","sha1":"bb26644322d38ef5540c951dc88d2033e94b36c5","sha256":"d2985d09a2b9ebbaefe73ae80eeddc03b065a478235308e57f3d2869f0d32b64","sha512":"a8fabcf954e9487fd2c6482970b0f7bf5cff1805b03b9dc37d058699b69014db5d122156f8863cb1fe18925a2d5c90de9d46df74836c9e9e53839b5408fff946","size":1816,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"a1a8072d48f194e34afbf9879a6b2326","sha1":"6458af3e9fd2fb12335b162e72f7dcc12a307e5a","sha256":"4d7ae021aeaffd41bbeeb54d8b46b29b1fb53c92dde2087ce5ca6b46f5b5f3c3","sha512":"6ee086b1bfdcd3aa9a59514e006af1219556faedc56388241c53b263f2d96609ea9b3373cd5b5015f569a2c6586462a7f619fdcd780d0103ff9e646a63c8cefc","size":2080,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"846af58f2402033e2f45f807cd504d35","sha1":"ca82f88568a369726cd26c3743a510b75d72769c","sha256":"38d2f83c372e7e582a0f9fb51118304bf12b4efbd7883c58e3e2a3e3d58bb3d8","sha512":"8e24f4366a53c444cf303f0fa15fe59e2e834a8e3d1be0b5d5bdf652c9f0606859942f0c4c5aab3aa9753a48944265d7ec34f466e66624f9c5e4e38678fc4423","size":2243,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"md5":"147a9b5deb63d15018e56e88e58e4c19","sha1":"d4ca50cd6be7b6572a599e4a5d02aa7e7e181637","sha256":"5933a3d948e733341014b488e3b70b7040cc12d64e34d1e07af0ee5c3161ee09","sha512":"bb45fdfc336ee7592893bf57ac479cf75dc614b2ab671fc050da0d2d8e62a9f5d41208734edf01e31396302ee91460f9c3eef630355992d0f635d427ca26f478","size":2406,"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","is_revoked":false,"bot":{"token":"8624610725:AAG55Y4v7ltN-sp9_DepInRGn9s6BA74xW8","user_id":"8624610725","username":"Falivez_bot","first_name":"Falivez","last_name":"","chat":{"chat_id":"8998554273","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"45ec9011a5cc12ad1d2dafabaa3de85b","sha1":"89cabf28283fd64b75942ff12f8144838cb2d0f0","sha256":"32d332bb82e37981201a7d21f43cb452a1de4e19b59493b31cd04898a52bd83e","sha512":"a426a49dd8468ee272dbf8397c019a03c8e04b6a28cde7b7a641a0d5dfcce53f738cd105de7f7bbbb55f5f16538114a2b10aed80e199f7edc8029525ee9bd8ac","ssdeep":"1536:/lgQ/Jxo1wNz8ikMO3cRwc4ek7HFcOxSEaiI5xddSvbAWOO+e+n6l6l66Hjp65rM:H","tlshash":"10069d7fa203ec3d7a6398fff96c2ed18051de4beccd5683018c845e6bd24aa7518586","size":3781591,"data":"","first_seen":"2026-06-09T12:27:31.387329Z","last_seen":"2026-06-10T13:33:11.108224Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b7c1ab31dfbf5f6282a227963e6ec91d","sha1":"d119663b2051379369830bd0aed94566a7c884d3","sha256":"5c1710071d3f3a4d178545597163fa26645914059d693ca343d0ca6b45a62e93","sha512":"ba79e918e23c9d426a0c3a39edceb53ca7e021c6d33cc7ce96fa257bb639fd086033bc7dd5a6fb2e2f7d52b16266571f46ca9fbfe8e9fa492c00d2bb693d1949","ssdeep":"768:gWUfJLQeYPdJxIPdHoHoaDjGNNBTMPz2eYCqHmY6xIGv052bCSYu9E+uLqj+Ctj7:LL1","tlshash":"0d64b23cf323c44d99b35abbfcbc1a14a144aec7e9dda6c80c5d42462fe0d6a35186e5","size":328178,"data":"","first_seen":"2026-06-09T12:27:31.390055Z","last_seen":"2026-06-10T13:33:11.111502Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l2.io/ip.js?var=userip","fqdn":"l2.io","domain":"l2.io","tld":"io"},"ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca994d64b7be9a9f915f9d59cae2dd20","sha1":"aa6f8731897ff69250631f958b9b6f06466d00d8","sha256":"fa40120b181878677d7f0ed99dda534f6fbf729b64ade0fce89c692223e9b38e","sha512":"f9725132be4588f0180370760fcd18fcdafa16d309f61c8b5ce60de4a76c8b6f743696593dfc200c7b2b49a994f8fae7faaba8726c574c1ca073dd7877d10498","ssdeep":"","tlshash":"078000e220300b0008c8830280a800a08c82228220c3ae8283cca3320c00aa0a2a0030","size":26,"data":"","first_seen":"2026-06-08T10:20:42.578788Z","last_seen":"2026-06-19T13:20:54.802243Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"4808dba29c91d7fb50ad3c74f208970b","sha1":"fe2a2395fc9367b980aeb71e077fcb19d9171756","sha256":"122447db490f641aa53c32c2c8b5f1044815783f2d230f0e82fad0960b3d8275","sha512":"436076ba62140ce72899c4302abf83f47b328a651f1ca92c90933859337d4a0d4e3b5f398e5512ca9a7e7b9b8c5ea6afe78f0014b50889ad919702bd1385c34a","ssdeep":"","tlshash":"2c700008a80002002800b02000ec00ac0a022022800082c2a8f0e000208008002080c0","size":19,"data":"","first_seen":"2023-04-14T06:56:18Z","last_seen":"2026-06-14T12:40:52.10755Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"5457d2528cc901e5baeb7a54a5b0b802","sha1":"50a82ced02259af489c043d09c86b9f53a04e039","sha256":"e789fb0fd9b5d1023c38ef5eac74fc65fdaa7fb0edce0b7cc94b4e89eb9b5b48","sha512":"28ecd0cb65dca59ae6f4b93ece48a5ee726a2cee6b361c1780541588366ed688194cc202f6d8940bf2e2c61dd48b7271752e60eecc2b7a3052d4ea4054d92537","ssdeep":"","tlshash":"30110e93c6718c7003b380f64bb4d3c569b8605ef906d002b93c8aa02e61f61366265e","size":1039,"data":"","first_seen":"2026-06-09T12:27:31.392683Z","last_seen":"2026-06-10T13:33:11.112464Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"0fc67a50fff2c7ef7dea07fb086bac1c","sha1":"981fec969b9891fa3580097b6fc89fab71adec7a","sha256":"1097dc8c1864a9ec363c4080ed9460e2634f7886b6e05bfb7a9eb5c7b364c653","sha512":"f812625a34e924a36ddc36529bf3eaaa67e54847ac8407273f17d6706cefeb34fe5b7f9acb37baca9037fe4b6623cabf1c8a007f61c116b69cfcb157a3da77de","ssdeep":"","tlshash":"6d210fe2ca324c70037384fa0bb493c525b8905bf407d042ba7ccbd8aab1f61366295f","size":1300,"data":"","first_seen":"2026-06-09T12:27:31.396101Z","last_seen":"2026-06-10T13:33:11.113672Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bb76ed30c0cf247695210f12c854fa6","sha1":"4d665ff1833eb8ff5f9b08d3bdecaf71a218de53","sha256":"c5a76b16f1a9923d3b691e80d312ebe0b8a40c8b9bda5502149d080ac07e71fd","sha512":"3e3f98ea8fec8b904a871ef1057001bed39475599bce996050a62f777d072fe1b03c006fd456137e3ace5d5bca27aff512c83f7366697db6691d21111c668e32","ssdeep":"","tlshash":"f7210ea6da319c70037384fa0b7493c425a8505af507d042f67c8b986eb1f71376295f","size":1433,"data":"","first_seen":"2026-06-09T12:27:31.398764Z","last_seen":"2026-06-10T13:33:11.114162Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"7ab79de56cd5250ce6766f8994f4d230","sha1":"0b935f64c46dccad2efb10352dbc04b4e85628f0","sha256":"b237e5a668a63ec44e7d1e4f25a91d8cb9b256cbfdc47e67edb38935691c1839","sha512":"ab86cc85590c3a880bdb2b1783874e9d1485bd121e57fb0887bbe28fcce17a9e81e30fe192acbe0636ee9439dcf676e27454044890991e35bb5da78d0870a58c","ssdeep":"","tlshash":"c8311da6d9319c70433344fa0bb4a3c415a8509af407d042f67c8a986eb6f61376695f","size":1572,"data":"","first_seen":"2026-06-09T12:27:31.411683Z","last_seen":"2026-06-10T13:33:11.114612Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"32740b119783fee71ee767cd4cfbb312","sha1":"7b06d9e9845b30085db3a810171d52e3fca3fafc","sha256":"94f71ba017a2e490591b1d61eba5aea13645da9ac6ad383f1f985e529d7835a9","sha512":"082ff41afae2e9cfa42c770aaccbc0010963327433276b65e7bb49833b12015f7eb8563a913706290a1dadc0479eddfbfa355b9729aa50067a82ff1bd148d8d1","ssdeep":"","tlshash":"b0a0223bf3c032320cba02b2a020838c2e003030c80228c3382c80208000fc28e22000","size":76,"data":"","first_seen":"2023-04-14T06:56:18Z","last_seen":"2026-06-14T12:40:52.101198Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5ee7a8d17c1b4bffec0b48b9be71bd4","sha1":"bb26644322d38ef5540c951dc88d2033e94b36c5","sha256":"d2985d09a2b9ebbaefe73ae80eeddc03b065a478235308e57f3d2869f0d32b64","sha512":"a8fabcf954e9487fd2c6482970b0f7bf5cff1805b03b9dc37d058699b69014db5d122156f8863cb1fe18925a2d5c90de9d46df74836c9e9e53839b5408fff946","ssdeep":"","tlshash":"b131cea2d9319c70033788f61bb4a3c529a4809ef507d082f67c9a9c69b2f62376595f","size":1816,"data":"","first_seen":"2026-06-09T12:27:31.401172Z","last_seen":"2026-06-10T13:33:11.109176Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1a8072d48f194e34afbf9879a6b2326","sha1":"6458af3e9fd2fb12335b162e72f7dcc12a307e5a","sha256":"4d7ae021aeaffd41bbeeb54d8b46b29b1fb53c92dde2087ce5ca6b46f5b5f3c3","sha512":"6ee086b1bfdcd3aa9a59514e006af1219556faedc56388241c53b263f2d96609ea9b3373cd5b5015f569a2c6586462a7f619fdcd780d0103ff9e646a63c8cefc","ssdeep":"","tlshash":"89419be2d9319c74033688f61bb4a2c429a4818ef907d082f57c9a9c79b6f62376194f","size":2080,"data":"","first_seen":"2026-06-09T12:27:31.403554Z","last_seen":"2026-06-10T13:33:11.107293Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"846af58f2402033e2f45f807cd504d35","sha1":"ca82f88568a369726cd26c3743a510b75d72769c","sha256":"38d2f83c372e7e582a0f9fb51118304bf12b4efbd7883c58e3e2a3e3d58bb3d8","sha512":"8e24f4366a53c444cf303f0fa15fe59e2e834a8e3d1be0b5d5bdf652c9f0606859942f0c4c5aab3aa9753a48944265d7ec34f466e66624f9c5e4e38678fc4423","ssdeep":"","tlshash":"0c41a2e2d531dc74033649f61bb4a2c129a4818ef907d082f57c9a8c79b6f62376194f","size":2243,"data":"","first_seen":"2026-06-09T12:27:31.377682Z","last_seen":"2026-06-10T13:33:11.109662Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"147a9b5deb63d15018e56e88e58e4c19","sha1":"d4ca50cd6be7b6572a599e4a5d02aa7e7e181637","sha256":"5933a3d948e733341014b488e3b70b7040cc12d64e34d1e07af0ee5c3161ee09","sha512":"bb45fdfc336ee7592893bf57ac479cf75dc614b2ab671fc050da0d2d8e62a9f5d41208734edf01e31396302ee91460f9c3eef630355992d0f635d427ca26f478","ssdeep":"","tlshash":"0441b3e2d531dcb0033749f62b74a2c115a4818ef907d082f57c9a8c75b5f623b6194f","size":2406,"data":"","first_seen":"2026-06-09T12:27:31.380462Z","last_seen":"2026-06-10T13:33:11.110133Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-09","alert":"Detects file containing Telegram Bot API","trigger":"xghjc.wasmer.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"15974b765a8117f4196ea5704b438839","sha1":"d7de278003a2cd2df8aa7d2d8d42016d0289e318","sha256":"f4ad28efd4479c1817faaa647151dcbcfbd3f3f6c8d978acda4a23b00c46bbcc","sha512":"0985dcba9ac5bf86d4430ec3a82dda8fc4175068e73b32ff563aabcb11cf73b695051acebf823af763a7cdedff14b71ff5c198ea60b13f065a932b927988aa04","ssdeep":"","tlshash":"17f05e9bf39a112012afa17a08b5cb8a3034800bcd0019497e2c04b06b36ea1aa5a784","size":654,"data":"","first_seen":"2026-06-09T12:27:31.382703Z","last_seen":"2026-06-14T12:40:52.099096Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xghjc.wasmer.app/navy_files/saved_resource.html","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.333Z","timestamp":1781008648333,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Apr 2026 15:04:39 GMT","end":"Wed, 15 Jul 2026 15:04:38 GMT"},"fingerprint":{"sha1":"FC:2E:CC:CF:17:11:62:09:49:F9:2C:CD:FA:5C:6A:56:31:D5:D6:9E","sha256":"20:90:3A:BF:BF:97:9E:DC:D3:28:D1:0E:2B:A6:C1:60:AD:76:68:57:DD:5D:26:A7:1E:58:71:E8:A8:5F:61:43"}}},"request":{"raw":"GET /navy_files/saved_resource.html HTTP/1.1\r\nHost: xghjc.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Tue, 09 Jun 2026 12:37:28 GMT\r\nx-edge-app-version-id: dav_RbxI9tqu8qq3\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 563\r\nx-wasmer-request-id: a0a26b52-644b-49d8-bf58-96ce94316235\r\nx-edge-rty: w\r\nx-edge-region: de-falkenstein\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":563,"size_decoded":842,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"6fb93d93e03f47ab0462de916115ea4c","sha1":"455c85d6a73fc28069a6b57eb89c7b1118b6170c","sha256":"424f19fb6203f21d253ea011890be5fd70e4193d88f26cc6aa65bd6f323d1512","sha512":"d1f48099c8e60d649785f30d9d9faf448b5196bdaef6fb7291e573278393758c111010349c666da96bc2547658160973ac2746139939e84ecd98505d01494acf","ssdeep":"","tlshash":"d9f0eb1bc3a2210ef079a4e42dc36350731e0262f4204f38bc562e38e05c8b4287bbcd","first_seen":"2026-04-03T00:11:13.691079Z","last_seen":"2026-06-15T13:14:08.978079Z","times_seen":140,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-09","alert":"Phishing Block","trigger":"xghjc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"xghjc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l2.io/ip.js?var=userip","fqdn":"l2.io","domain":"l2.io","tld":"io"},"ip":{"addr":"195.80.159.133","port":443,"asn":29152,"as":"Decknet SARL","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.336Z","timestamp":1781008648336,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"l2.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 00:03:54 GMT","end":"Mon, 27 Jul 2026 00:03:53 GMT"},"fingerprint":{"sha1":"79:59:65:9E:27:4B:8B:53:9B:B8:E6:B4:4B:DF:72:42:BF:8A:B0:59","sha256":"D3:F4:3B:BA:3B:31:D1:14:80:2D:B3:C7:53:C1:69:11:3D:6F:CD:9A:12:3B:FF:F8:BF:D2:0F:47:41:A0:60:CA"}}},"request":{"raw":"GET /ip.js?var=userip HTTP/1.1\r\nHost: l2.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 09 Jun 2026 12:37:28 GMT\r\nServer: Apache/2.4.65 (Debian)\r\nContent-Length: 26\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.65","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]}],"data":{"size":26,"size_decoded":193,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"ca994d64b7be9a9f915f9d59cae2dd20","sha1":"aa6f8731897ff69250631f958b9b6f06466d00d8","sha256":"fa40120b181878677d7f0ed99dda534f6fbf729b64ade0fce89c692223e9b38e","sha512":"f9725132be4588f0180370760fcd18fcdafa16d309f61c8b5ce60de4a76c8b6f743696593dfc200c7b2b49a994f8fae7faaba8726c574c1ca073dd7877d10498","ssdeep":"","tlshash":"078000e220300b0008c8830280a800a08c82228220c3ae8283cca3320c00aa0a2a0030","first_seen":"2026-06-08T10:20:42.578788Z","last_seen":"2026-06-19T13:20:54.802243Z","times_seen":38,"resource_available":true,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":5,"connect":27,"send":0,"wait":27,"receive":0,"ssl":66},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/static/media/bubbles.9f2a1919448e1d79ac6b.svg","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.416Z","timestamp":1781008648416,"http_version":"HTTP/2","security_state":"","security_info":null,"request":{"raw":"GET /signin/static/media/bubbles.9f2a1919448e1d79ac6b.svg HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 80\r\nx-edgeconnect-origin-mex-latency: 11\r\ncache-control: max-age=86400\r\nexpires: Wed, 10 Jun 2026 12:37:28 GMT\r\ndate: Tue, 09 Jun 2026 12:37:28 GMT\r\nset-cookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/; SameSite=None; Secure\nApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/\nakaalb_Digital_ALB=~op=~rv=76~m=~os=~id=8b9860e26c4b86408b1cedc437830e82; path=/; Secure; SameSite=None\nak_bmsc=46B7CA8F1B6224359DF35CB7620B42EE~000000000000000000000000000000~YAAQJ08kF7uBf3aeAQAAS0ljrACMczdlHGdV+qfDbRQ3BQydP4yPkCYVOJihDwCR+SpJC+MyVBT+qglIWVnFYKqkFc69WWx64MmPMm3AsFnAfz+T0M81RUD+T9t93PsRSnM9COmsbAKn1uiHAXSYqoFYYlVVLspwMNLItTOvm7AtsVxWVLT5/AJkgQDdjW78KXNTdPY7pgeuNtq7CHDZBZukrbhH/MfOiyBrgZNnGRK1yTXKXnbI8sbnFNTpn9+9SGrLfetwnybSLkO0MgQQgC8nbHSmGe7SvlhEM/rvuQ9ZiTh/UOwHzbO7VouWM8x9Qn8czVa4bLr+q3n54IKRen340TOU70t+JqmpUeGr6xH6pV66LeK2kE/Bip7ezhx/lTHin3ryAEI03vNjgvly2p0=; Domain=.navyfederal.org; Path=/; Expires=Tue, 09 Jun 2026 14:37:28 GMT; Max-Age=7200; SameSite=None; Secure; HttpOnly\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T07:29:47.333633Z","times_seen":16602482,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/favicon-16x16.png","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.567Z","timestamp":1781008648567,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"digitalapps.navyfederal.org","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 May 2026 00:00:00 GMT","end":"Sun, 29 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"27:BE:E4:91:4D:E9:18:1E:57:1D:DC:46:05:BE:25:6B:37:B6:18:FC","sha256":"57:78:C2:89:73:4C:23:52:DB:27:90:88:63:E7:5C:40:E0:27:C2:56:51:43:BF:D8:6A:C4:86:97:8A:B2:BC:65"}}},"request":{"raw":"GET /signin/favicon-16x16.png HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nCookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; ApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; akaalb_Digital_ALB=~op=~rv=76~m=~os=~id=8b9860e26c4b86408b1cedc437830e82; ak_bmsc=46B7CA8F1B6224359DF35CB7620B42EE~000000000000000000000000000000~YAAQJ08kF7uBf3aeAQAAS0ljrACMczdlHGdV+qfDbRQ3BQydP4yPkCYVOJihDwCR+SpJC+MyVBT+qglIWVnFYKqkFc69WWx64MmPMm3AsFnAfz+T0M81RUD+T9t93PsRSnM9COmsbAKn1uiHAXSYqoFYYlVVLspwMNLItTOvm7AtsVxWVLT5/AJkgQDdjW78KXNTdPY7pgeuNtq7CHDZBZukrbhH/MfOiyBrgZNnGRK1yTXKXnbI8sbnFNTpn9+9SGrLfetwnybSLkO0MgQQgC8nbHSmGe7SvlhEM/rvuQ9ZiTh/UOwHzbO7VouWM8x9Qn8czVa4bLr+q3n54IKRen340TOU70t+JqmpUeGr6xH6pV66LeK2kE/Bip7ezhx/lTHin3ryAEI03vNjgvly2p0=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 84\r\nx-edgeconnect-origin-mex-latency: 16\r\ncache-control: max-age=86400\r\nexpires: Wed, 10 Jun 2026 12:37:28 GMT\r\ndate: Tue, 09 Jun 2026 12:37:28 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T07:29:47.333633Z","times_seen":16602482,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-09T12:37:26.072Z","timestamp":1781008646072,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Apr 2026 15:04:39 GMT","end":"Wed, 15 Jul 2026 15:04:38 GMT"},"fingerprint":{"sha1":"FC:2E:CC:CF:17:11:62:09:49:F9:2C:CD:FA:5C:6A:56:31:D5:D6:9E","sha256":"20:90:3A:BF:BF:97:9E:DC:D3:28:D1:0E:2B:A6:C1:60:AD:76:68:57:DD:5D:26:A7:1E:58:71:E8:A8:5F:61:43"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xghjc.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 09 Jun 2026 12:37:27 GMT\r\nx-edge-region: de-falkenstein\r\nx-powered-by: PHP/8.3.21\r\ncontent-type: text/html; charset=UTF-8\r\nx-edge-app-version-id: dav_RbxI9tqu8qq3\r\nx-wasmer-request-id: a3ff4dc0-c189-4dba-a9b7-564667ae8111\r\nx-edge-rty: w\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"PHP:8.3.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":3781629,"size_decoded":3781913,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"f4da14999ac202f0ae76f7d4d5b853e8","sha1":"ec208d5740e771cd9676d7a50c7122c584b08cc3","sha256":"d3d66db39a430df1bf018fc6d15d64d48fe1ea8a1ebddee9a3c538875294c2bf","sha512":"b86f3de04b6e0cb0a2916cca21c7507156d3adf9269f7dc5f47c2f37d7e1831a0fec88e9cd73f4e83f93adb409aa25ad0d956c06356de34311cf95ae5d11be65","ssdeep":"1536:GlgQ/Jxo1wNz8ikMO3cRwc4ek7HFcOxSEaiI5xddSvbAWOO+e+n6l6l66Hjp65rR:T","tlshash":"c025657e6200ec4d6d2399bffdac3ee09064de5fedc9ab840059841fafd18a975085c6","first_seen":"2026-05-24T12:27:22.043124Z","last_seen":"2026-06-14T12:40:52.095228Z","times_seen":21,"resource_available":true,"data":null}},"time_used":1623,"timings":{"blocked":-1,"dns":60,"connect":33,"send":0,"wait":1486,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-09","alert":"Phishing Block","trigger":"xghjc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"xghjc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.319Z","timestamp":1781008648319,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Tue, 09 Jun 2026 12:37:28 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Mon, 04 May 2020 16:10:07 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 371645\r\nexpires: Sun, 30 May 2027 12:37:28 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KsiibWadJ4ehZY4QyEkm8qSE15mXdd4mbl0ciqLL1zRub91B3X6PzZ0KASQtUR1hB323WaX5FYPLdE%2FxOUUV8S%2BMhNj7G8LtvOlQRpSBNJfZXAo1k7xLCZwjaaD9nynU6lpEVdAj\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a09030142cce49c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":6603,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-06-21T07:33:05.469946Z","times_seen":288545,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":13,"connect":12,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xghjc.wasmer.app/.11ty/reload-client.js","fqdn":"xghjc.wasmer.app","domain":"xghjc.wasmer.app","tld":"wasmer.app"},"ip":{"addr":"144.76.124.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.334Z","timestamp":1781008648334,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wasmer.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Apr 2026 15:04:39 GMT","end":"Wed, 15 Jul 2026 15:04:38 GMT"},"fingerprint":{"sha1":"FC:2E:CC:CF:17:11:62:09:49:F9:2C:CD:FA:5C:6A:56:31:D5:D6:9E","sha256":"20:90:3A:BF:BF:97:9E:DC:D3:28:D1:0E:2B:A6:C1:60:AD:76:68:57:DD:5D:26:A7:1E:58:71:E8:A8:5F:61:43"}}},"request":{"raw":"GET /.11ty/reload-client.js HTTP/1.1\r\nHost: xghjc.wasmer.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Tue, 09 Jun 2026 12:37:28 GMT\r\nx-edge-app-version-id: dav_RbxI9tqu8qq3\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 555\r\nx-wasmer-request-id: 2598492f-dee2-47b9-82e8-eb9fe876bba3\r\nx-edge-rty: w\r\nx-edge-region: de-falkenstein\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T07:29:47.333633Z","times_seen":16602482,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-09","alert":"Phishing Block","trigger":"xghjc.wasmer.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"xghjc.wasmer.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.340Z","timestamp":1781008648340,"http_version":"HTTP/2","security_state":"","security_info":null,"request":{"raw":"GET /signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 85\r\nx-edgeconnect-origin-mex-latency: 15\r\ncache-control: max-age=86400\r\nexpires: Wed, 10 Jun 2026 12:37:28 GMT\r\ndate: Tue, 09 Jun 2026 12:37:28 GMT\r\nset-cookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/; SameSite=None; Secure\nApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; Path=/\nakaalb_Digital_ALB=~op=~rv=84~m=~os=~id=b3f3dce16cb8adb25478b852bb99d748; path=/; Secure; SameSite=None\nak_bmsc=8C8E0FA04EDE4BE358697A3DE21A6B13~000000000000000000000000000000~YAAQJ08kF7qBf3aeAQAAREljrABf97AH3kk4urQUAOgdmDOQC6PO5KCk0JF9lN0UILMcSlbTb4w6bJk4M5WheuZ3Qd1r/8hgaULaG3zLaiKAZ3xBvP6suAQuHKYEEWZgr02wDWjAl4ngDvy3w5w3NgazyyH0gNqncYBLY+Q9ZJ86vCsk5G6htftAIaGybiKm1V1kWgAPujXFczozFyJ3njQ/x5ekSVcPmMxnrBVgxaB6m3wmU3ndAL7j6n+khpIXrUaiqbtYtLM6H5H733Dhd2nwXGU5WkfMdO1MFYEvbpu7iqRv5RUWgSyKbGiUmsw4dHgwkugOggimLK2QonX+IsgWP0+Pt6dcuTBo5gdD+LXOjrcXFNVpNGYSZcoWfFsZiiReJRhn7c24vG0xdDAEofU=; Domain=.navyfederal.org; Path=/; Expires=Tue, 09 Jun 2026 14:37:28 GMT; Max-Age=7200; SameSite=None; Secure; HttpOnly\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T07:29:47.333633Z","times_seen":16602482,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"digitalapps.navyfederal.org/signin/apple-touch-icon.png","fqdn":"digitalapps.navyfederal.org","domain":"navyfederal.org","tld":"org"},"ip":{"addr":"184.25.10.9","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xghjc.wasmer.app/","date":"2026-06-09T12:37:28.566Z","timestamp":1781008648566,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"digitalapps.navyfederal.org","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 May 2026 00:00:00 GMT","end":"Sun, 29 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"27:BE:E4:91:4D:E9:18:1E:57:1D:DC:46:05:BE:25:6B:37:B6:18:FC","sha256":"57:78:C2:89:73:4C:23:52:DB:27:90:88:63:E7:5C:40:E0:27:C2:56:51:43:BF:D8:6A:C4:86:97:8A:B2:BC:65"}}},"request":{"raw":"GET /signin/apple-touch-icon.png HTTP/1.1\r\nHost: digitalapps.navyfederal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://xghjc.wasmer.app/\r\nCookie: ApplicationGatewayAffinityCORS=0fe1eb12cb825d0abe4ecd3aa94b5eec; ApplicationGatewayAffinity=0fe1eb12cb825d0abe4ecd3aa94b5eec; akaalb_Digital_ALB=~op=~rv=76~m=~os=~id=8b9860e26c4b86408b1cedc437830e82; ak_bmsc=46B7CA8F1B6224359DF35CB7620B42EE~000000000000000000000000000000~YAAQJ08kF7uBf3aeAQAAS0ljrACMczdlHGdV+qfDbRQ3BQydP4yPkCYVOJihDwCR+SpJC+MyVBT+qglIWVnFYKqkFc69WWx64MmPMm3AsFnAfz+T0M81RUD+T9t93PsRSnM9COmsbAKn1uiHAXSYqoFYYlVVLspwMNLItTOvm7AtsVxWVLT5/AJkgQDdjW78KXNTdPY7pgeuNtq7CHDZBZukrbhH/MfOiyBrgZNnGRK1yTXKXnbI8sbnFNTpn9+9SGrLfetwnybSLkO0MgQQgC8nbHSmGe7SvlhEM/rvuQ9ZiTh/UOwHzbO7VouWM8x9Qn8czVa4bLr+q3n54IKRen340TOU70t+JqmpUeGr6xH6pV66LeK2kE/Bip7ezhx/lTHin3ryAEI03vNjgvly2p0=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: application/json\r\ncontent-length: 54\r\nx-edgeconnect-midmile-rtt: 79\r\nx-edgeconnect-origin-mex-latency: 15\r\ncache-control: max-age=86400\r\nexpires: Wed, 10 Jun 2026 12:37:28 GMT\r\ndate: Tue, 09 Jun 2026 12:37:28 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains ; preload\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T07:29:47.333633Z","times_seen":16602482,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}