{"report_id":"fc527382-4226-4028-a182-c5c22d92d1c6","version":6,"status":"done","tags":[],"date":"2026-03-28T06:12:37Z","url":{"schema":"https","addr":"wcb.taleagrm.cc/","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"wcb.taleagrm.cc/","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"title":"Telegram","dom":{"size":3124,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3124), with no line terminators","md5":"c6c00028b9a0fa6ed3d34e60082a5910","sha1":"b49fcb3b76053ae6c50a5e54d916bd33cc47a06a","sha256":"c11f0967cc6c14391e377330c51301ffb061e7ff97a75271cfe3ecf4281433f0","sha512":"29a710ed580062d1ccfebec22dbb932b2f4d1f7ce35437a5f2d98353746b06eafff305debd98c4f1a5455a31dcd75e77c97f1aa7810711dd7c53c3a665ae2b2e","ssdeep":"","tlshash":"5b5121939b18c84e2321823ad9b3f0c8c216d44eeab47c50f58546ab4ae5ff0d5b3266","dom_hash":"domhash0f31abafeaf2029a3dea65104db1780c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"wcb.taleagrm.cc/","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T06:12:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"wcb.taleagrm.cc","ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-03-27","domain_rank":0,"first_seen":"2026-03-28T06:12:39.044429Z","last_seen":"2026-03-28T06:12:39.044429Z","alert_count":97,"request_count":31,"received_data":1589843,"sent_data":14135,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"wcb.taleagrm.cc/redirect.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"09b4442f7297c7760b8b8b6b8124d1e6","sha1":"e0fce210431683c481708133b33baa1e7bd686aa","sha256":"7faa91eb7ecfac042805251730c15d85c3c3d39e5997e44fe63d7ea8090356a1","sha512":"3a0dc312d7b177ed66a276d5a86ee74e1c3ab3086b6d43a0a32829c4ba29023b83642c783bf2c743c757da05c3e053a2c45b9bb24df8724215e4307fa7d6a6c8","ssdeep":"","tlshash":"0281114a17e3026056e321fb9b4b2120513be007741dde29ba6e92407f9a76d47f2bcb","size":4057,"data":"","first_seen":"2026-03-28T06:12:42.49264Z","last_seen":"2026-03-28T06:26:12.790603Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/compatTest.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe2a5f155253301a58567a83130cd505","sha1":"35b349178c9455b819e3714c481c594ed36ab5a3","sha256":"3ee5b1443f69c457135f99a191ee2d7decc463669d9a7834f81632fc8ebdac7a","sha512":"f33714e657e6b52df84d9271d3905b0f846d787013849d0bf4b4435f4c0a20dd4b25bee19db436c91de14d72ac52ed3751f3f8e17ae77f2d3346c9d2469a1c86","ssdeep":"","tlshash":"9d51051a0db1726150796167ab1bb14336298577060cfb68b120cf397eb185bc29fde9","size":2763,"data":"","first_seen":"2024-12-25T09:55:32.846851Z","last_seen":"2026-04-01T08:56:31.907858Z","times_seen":743,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/main.84a31bd5596aa2c17cea.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"112bb8905dd6814463ac1f08b981442c","sha1":"699b8e73c9c17fc607b60bd6aac522203bdcebaa","sha256":"676cfe1c6fedabadf5232df5ef6feb3e2a7fea3219a10094b0add6980a6bb795","sha512":"5e16976e0f7b076eca3fd95ac25c74871f3b389217eddc909e67bb801ade327e3f700eba29874dd23932269b0e294d8a9eb06faa31529ddafdf554c1db79a0ef","ssdeep":"12288:SFv3KnRBlVxZa0uRoSiTMYmvwYJ+DeYDeJ5ecOHUjfgJBt5LO:SFv3KnHlvSiO+Aekj7","tlshash":"68945cc57196b4e963d705f6a4ab0088b73859043809c460f1adfcea3e365aea373f5d","size":448481,"data":"","first_seen":"2025-06-08T13:04:14.586722Z","last_seen":"2026-03-28T06:26:12.791508Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/6708.62232e3759fa4a0c14aa.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eae3b19c7ec05efad2731e2578ab68ae","sha1":"da1b735aaae8a1795ac69cf3659935d947e1124f","sha256":"fbd595e42c85dcbc68ffe1b53aadc4ac4c285a9e8b87dea0e60d9a84581d1f18","sha512":"18da34437e90e3f493d7b22a7392323cf1dc9e245f886ee0e8f49da8fd4626091541f31b7e4472f6f500d4eb5c37dab57046c4da702007925cce4a4b69f52662","ssdeep":"192:5CUGseShD/DUWaDzmat0Kk/YsAoDc+EurYfzCUzmONT16dWQ5vZ1l8/X:5MS5/DUtfmamKkT7D/EurYfzNmONTAdq","tlshash":"da220b81b132743e62a7d4d6e6184a02aa3590593c1d92bdf77c78fb2c5580b34bcf7a","size":10376,"data":"","first_seen":"2025-01-28T04:51:38.139377Z","last_seen":"2026-03-28T06:26:12.79013Z","times_seen":151,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9357.6eac77a0486f9581bdbb.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9357.6eac77a0486f9581bdbb.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-a48\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2632,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2578)","md5":"9a88be9c44d21f0f968af34753d94f74","sha1":"36bbcaf30dece168c8c91d17759ed5d961920e8d","sha256":"571db221ba8701ecb6f1ca5f39ff4cc593b116e510809566494f82aed62f451e","sha512":"4dae56ea2ea0b8f8d824076a2ec3ef95421b64924b4cb6c4d9b9ce3bf6760a494cba48f819c5c7354c79701ea9aefd5908222ee3394ac9d1f5f290e4dbe6efa2","ssdeep":"","tlshash":"c551a7441a7338791de347a6b05b3b120c2513b27819f59216099eeb87b624f5b07f8a","first_seen":"2025-06-27T12:27:16.286459Z","last_seen":"2026-03-28T06:26:12.792475Z","times_seen":16,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":305,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:18.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/main.85a1f87fda9c5c10536b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:18 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 11016\r\nlast-modified: Fri, 07 Feb 2025 16:13:12 GMT\r\netag: \"67a63118-2b08\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11016,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11016, version 1.0","md5":"15fa3062f8929bd3b05fdca5259db412","sha1":"6ff06a34f68ad0324ddec1bbe4d453c959178b36","sha256":"5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479","sha512":"07e96d7520b4ede158e77bef10a01a33cd8be7d263fe6900f89c023e65e4a63570e8a442dec2e96030fb563b25610005a748d48f9330fd31eb91b37d1003d376","ssdeep":"192:Tysuo7z1NVoTUYAKVOO7YVxRwHQUXFI5xoBwH9f4d9QFmOfiS:TvdvVoTSjOYR4QUVIgBwpFLaS","tlshash":"6e32af8071ff1c50ff85c2f69be68efa2c2b1895c619016f5240b476397525e9c294bb","first_seen":"2023-04-05T09:25:54Z","last_seen":"2026-04-12T18:50:11.034979Z","times_seen":33135,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:22.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9722.204bd3ee91908ea636fe.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-2f27\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12071,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12017)","md5":"d5984d818d4ea04353b545f40eb221d9","sha1":"2089b3823ec3f346f257b1f9cd1baeb96d9506ac","sha256":"dbfc80efe17666b15e63d2f367723f13c7fc0bd9771864bc94f325025de51429","sha512":"e712d413a97c47d76c07bbb7e0ac375a841485878d4467206eedfd05ae68ffa441047aa436b5832465a086835a63532b339856fd1c9aada0056742ad9dcc5e65","ssdeep":"192:JjOqrc38On35VfOCURWQeaGBSNLcrRdj4CqIbEoEhoCfRERCGfEmSpfigtot6Ejt:JJrc38O35VfOjWEwdMChwoEhbZACGfE0","tlshash":"1442d6c22702a43ee39798d8987a04537134da587819856c7b2daed77c2bdc6f0b1f72","first_seen":"2025-06-27T12:27:16.284565Z","last_seen":"2026-03-28T06:26:12.786667Z","times_seen":16,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T06:12:16.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:17 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 09 Feb 2025 11:38:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893b0-c05\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3077,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3077), with no line terminators","md5":"740f75e64ff6f7ace39db737f525a0cd","sha1":"193e1dd3c02f8ff16c1753593bd2f414341cbdf4","sha256":"58b176249e804f51fc777896a11ee3f075a8a886506bd1e0b855961e8c8e4357","sha512":"e6c62032975e6cf29ff1cb4ce6bf1bf99fad4e49ed9c6509eb8e6bfc4c7fd9ea3ea6db362c5b6fe0503a25814a244be3d704b10d56bc8fce8a1176b5cda9518f","ssdeep":"","tlshash":"dd510e939b28c84e2321863ad9b3f0c8c216d44ee9b47c50f58556eb4af5ff0d5b3266","first_seen":"2025-06-30T12:06:04.921112Z","last_seen":"2026-03-28T06:18:17.157039Z","times_seen":6,"resource_available":true,"data":null}},"time_used":1711,"timings":{"blocked":701,"dns":88,"connect":305,"send":0,"wait":305,"receive":0,"ssl":309},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/notification.mp3","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:18.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:18 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 10880\r\nlast-modified: Fri, 07 Feb 2025 19:44:54 GMT\r\netag: \"67a662b6-2a80\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-range: bytes 0-10879/10880\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-12T05:21:49.994522Z","times_seen":16561,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":308,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/6708.62232e3759fa4a0c14aa.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:21.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /6708.62232e3759fa4a0c14aa.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-2888\"\r\nexpires: Sat, 28 Mar 2026 18:12:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10376,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10322)","md5":"eae3b19c7ec05efad2731e2578ab68ae","sha1":"da1b735aaae8a1795ac69cf3659935d947e1124f","sha256":"fbd595e42c85dcbc68ffe1b53aadc4ac4c285a9e8b87dea0e60d9a84581d1f18","sha512":"18da34437e90e3f493d7b22a7392323cf1dc9e245f886ee0e8f49da8fd4626091541f31b7e4472f6f500d4eb5c37dab57046c4da702007925cce4a4b69f52662","ssdeep":"192:5CUGseShD/DUWaDzmat0Kk/YsAoDc+EurYfzCUzmONT16dWQ5vZ1l8/X:5MS5/DUtfmamKkT7D/EurYfzNmONTAdq","tlshash":"da220b81b132743e62a7d4d6e6184a02aa3590593c1d92bdf77c78fb2c5580b34bcf7a","first_seen":"2025-01-28T04:51:38.139377Z","last_seen":"2026-03-28T06:26:12.79013Z","times_seen":151,"resource_available":true,"data":null}},"time_used":306,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9357.6eac77a0486f9581bdbb.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9357.6eac77a0486f9581bdbb.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-a48\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2632,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2578)","md5":"9a88be9c44d21f0f968af34753d94f74","sha1":"36bbcaf30dece168c8c91d17759ed5d961920e8d","sha256":"571db221ba8701ecb6f1ca5f39ff4cc593b116e510809566494f82aed62f451e","sha512":"4dae56ea2ea0b8f8d824076a2ec3ef95421b64924b4cb6c4d9b9ce3bf6760a494cba48f819c5c7354c79701ea9aefd5908222ee3394ac9d1f5f290e4dbe6efa2","ssdeep":"","tlshash":"c551a7441a7338791de347a6b05b3b120c2513b27819f59216099eeb87b624f5b07f8a","first_seen":"2025-06-27T12:27:16.286459Z","last_seen":"2026-03-28T06:26:12.792475Z","times_seen":16,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-10037\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T05:21:49.993988Z","times_seen":14979,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/redirect.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:17.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /redirect.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:17 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Jan 2026 09:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69749298-fd9\"\r\nexpires: Sat, 28 Mar 2026 18:12:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4057,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"09b4442f7297c7760b8b8b6b8124d1e6","sha1":"e0fce210431683c481708133b33baa1e7bd686aa","sha256":"7faa91eb7ecfac042805251730c15d85c3c3d39e5997e44fe63d7ea8090356a1","sha512":"3a0dc312d7b177ed66a276d5a86ee74e1c3ab3086b6d43a0a32829c4ba29023b83642c783bf2c743c757da05c3e053a2c45b9bb24df8724215e4307fa7d6a6c8","ssdeep":"","tlshash":"0281114a17e3026056e321fb9b4b2120513be007741dde29ba6e92407f9a76d47f2bcb","first_seen":"2026-03-28T06:12:42.49264Z","last_seen":"2026-03-28T06:26:12.790603Z","times_seen":4,"resource_available":true,"data":null}},"time_used":305,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":305,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/icon-192x192.png","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:19.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 07 Feb 2025 19:44:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a662b6-bf3\"\r\nexpires: Mon, 27 Apr 2026 06:12:19 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3059,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"1a1650d2c76bfc1ac484646c19e495b9","sha1":"fe58d66042ce9241226f5da9370230285ff604fc","sha256":"6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8","sha512":"79c5c9278959bc94f66434779bebc1b46c055655f0bc58aa375f179c227e7ac0e52dea196764719d42aadcf98e4fd3b5a4488f2db977edde430aa3df733c03bc","ssdeep":"","tlshash":"bd514cd3253318e8e2dbfd7ace62041f656691ce5638ec120568de720c8985dc070caa","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-12T05:21:49.99803Z","times_seen":16205,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/7784.4e167a928464165e6412.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:22.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T03:22:15.912647Z","times_seen":968,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/7784.4e167a928464165e6412.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:22.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T03:22:15.912647Z","times_seen":968,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/5905.efaeccc9ed0bc890f551.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-12T03:22:15.911355Z","times_seen":975,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/main.84a31bd5596aa2c17cea.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:17.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /main.84a31bd5596aa2c17cea.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:17 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 14:54:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a8c18e-6d7e1\"\r\nexpires: Sat, 28 Mar 2026 18:12:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":448481,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65531), with no line terminators","md5":"112bb8905dd6814463ac1f08b981442c","sha1":"699b8e73c9c17fc607b60bd6aac522203bdcebaa","sha256":"676cfe1c6fedabadf5232df5ef6feb3e2a7fea3219a10094b0add6980a6bb795","sha512":"5e16976e0f7b076eca3fd95ac25c74871f3b389217eddc909e67bb801ade327e3f700eba29874dd23932269b0e294d8a9eb06faa31529ddafdf554c1db79a0ef","ssdeep":"12288:SFv3KnRBlVxZa0uRoSiTMYmvwYJ+DeYDeJ5ecOHUjfgJBt5LO:SFv3KnHlvSiO+Aekj7","tlshash":"68945cc57196b4e963d705f6a4ab0088b73859043809c460f1adfcea3e365aea373f5d","first_seen":"2025-06-08T13:04:14.586722Z","last_seen":"2026-03-28T06:26:12.791508Z","times_seen":17,"resource_available":true,"data":null}},"time_used":607,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":607,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/getConfig/147591","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:17.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /getConfig/147591 HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:17 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2031,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8f2c393ca66cddb78db4d10c6bf170be","sha1":"d3e91c495c856f4264eac9a5b147699985cc60ea","sha256":"1e6f01dc82b6b7433eb2bfc4b022da79a144ec07c4ca689c9d505719acdbd76e","sha512":"68c285c6b79994f19472bbb5f221e1c072370a7a11410c8caaa5410380ab64956990f3df7288f4d60e937db1b8f16bd5018f4cd634ac82a9a91afbf852f78b62","ssdeep":"","tlshash":"5d411108d704c398cd492c8f5af11c1e2839e1693e05fc2d2e4ac157dbdba7f64ea594","first_seen":"2026-03-28T06:12:42.497557Z","last_seen":"2026-03-28T06:26:12.793412Z","times_seen":4,"resource_available":false,"data":null}},"time_used":916,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":916,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:22.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9722.204bd3ee91908ea636fe.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-2f27\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12071,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12017)","md5":"d5984d818d4ea04353b545f40eb221d9","sha1":"2089b3823ec3f346f257b1f9cd1baeb96d9506ac","sha256":"dbfc80efe17666b15e63d2f367723f13c7fc0bd9771864bc94f325025de51429","sha512":"e712d413a97c47d76c07bbb7e0ac375a841485878d4467206eedfd05ae68ffa441047aa436b5832465a086835a63532b339856fd1c9aada0056742ad9dcc5e65","ssdeep":"192:JjOqrc38On35VfOCURWQeaGBSNLcrRdj4CqIbEoEhoCfRERCGfEmSpfigtot6Ejt:JJrc38O35VfOjWEwdMChwoEhbZACGfE0","tlshash":"1442d6c22702a43ee39798d8987a04537134da587819856c7b2daed77c2bdc6f0b1f72","first_seen":"2025-06-27T12:27:16.284565Z","last_seen":"2026-03-28T06:26:12.786667Z","times_seen":16,"resource_available":false,"data":null}},"time_used":605,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":605,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/5905.efaeccc9ed0bc890f551.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:22.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-12T03:22:15.911355Z","times_seen":975,"resource_available":false,"data":null}},"time_used":605,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":605,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-10037\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T05:21:49.993988Z","times_seen":14979,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/7784.4e167a928464165e6412.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:22.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T03:22:15.912647Z","times_seen":968,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/7784.4e167a928464165e6412.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:22.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T03:22:15.912647Z","times_seen":968,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/5905.efaeccc9ed0bc890f551.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-12T03:22:15.911355Z","times_seen":975,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9357.6eac77a0486f9581bdbb.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9357.6eac77a0486f9581bdbb.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-a48\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2632,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2578)","md5":"9a88be9c44d21f0f968af34753d94f74","sha1":"36bbcaf30dece168c8c91d17759ed5d961920e8d","sha256":"571db221ba8701ecb6f1ca5f39ff4cc593b116e510809566494f82aed62f451e","sha512":"4dae56ea2ea0b8f8d824076a2ec3ef95421b64924b4cb6c4d9b9ce3bf6760a494cba48f819c5c7354c79701ea9aefd5908222ee3394ac9d1f5f290e4dbe6efa2","ssdeep":"","tlshash":"c551a7441a7338791de347a6b05b3b120c2513b27819f59216099eeb87b624f5b07f8a","first_seen":"2025-06-27T12:27:16.286459Z","last_seen":"2026-03-28T06:26:12.792475Z","times_seen":16,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":305,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/compatTest.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:17.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:17 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 19:44:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a662b6-acb\"\r\nexpires: Sat, 28 Mar 2026 18:12:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2763,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"fe2a5f155253301a58567a83130cd505","sha1":"35b349178c9455b819e3714c481c594ed36ab5a3","sha256":"3ee5b1443f69c457135f99a191ee2d7decc463669d9a7834f81632fc8ebdac7a","sha512":"f33714e657e6b52df84d9271d3905b0f846d787013849d0bf4b4435f4c0a20dd4b25bee19db436c91de14d72ac52ed3751f3f8e17ae77f2d3346c9d2469a1c86","ssdeep":"","tlshash":"9d51051a0db1726150796167ab1bb14336298577060cfb68b120cf397eb185bc29fde9","first_seen":"2024-12-25T09:55:32.846851Z","last_seen":"2026-04-01T08:56:31.907858Z","times_seen":743,"resource_available":true,"data":null}},"time_used":1228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/main.85a1f87fda9c5c10536b.css","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:17.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /main.85a1f87fda9c5c10536b.css HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:17 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-1bec6\"\r\nexpires: Sat, 28 Mar 2026 18:12:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":114374,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11469)","md5":"18ab7bcca0d7a7015dd07deb232add67","sha1":"d4eaee7d50411a3250cce3e8fbca7d58e52e9f9a","sha256":"d1dac81a1f2b2541f549e813e619a0b78f40d4e75c8575449d36c1b7db2d7d6c","sha512":"2610869eb5ad5cda6328cc4cfbdc631ec86c1772cd51cab096a6d09c06ab5fe8ac137ba3dec70ce1a81353d61b395f3854490855d3c0844bb5a681f24db6caba","ssdeep":"768:ZetKiaflPrQhnvSkRUUbHoeu2Igy1HOhzoo9eb6Ub0v5ArcIRxMqa56tfEEV+FI9:gki7UUbI2IgyROOm5KkIfBJ","tlshash":"3bb3e794e94411f9ab33c23e97c4e76c9938e481de210fafb247615c07ca7ea11e2b59","first_seen":"2025-04-09T11:24:09.076709Z","last_seen":"2026-03-28T06:26:12.791982Z","times_seen":147,"resource_available":false,"data":null}},"time_used":1228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/favicon.svg","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:19.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:19 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 892\r\nlast-modified: Fri, 07 Feb 2025 19:44:54 GMT\r\netag: \"67a662b6-37c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-04-12T05:21:49.992896Z","times_seen":13786,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:22.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9722.204bd3ee91908ea636fe.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-2f27\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12071,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12017)","md5":"d5984d818d4ea04353b545f40eb221d9","sha1":"2089b3823ec3f346f257b1f9cd1baeb96d9506ac","sha256":"dbfc80efe17666b15e63d2f367723f13c7fc0bd9771864bc94f325025de51429","sha512":"e712d413a97c47d76c07bbb7e0ac375a841485878d4467206eedfd05ae68ffa441047aa436b5832465a086835a63532b339856fd1c9aada0056742ad9dcc5e65","ssdeep":"192:JjOqrc38On35VfOCURWQeaGBSNLcrRdj4CqIbEoEhoCfRERCGfEmSpfigtot6Ejt:JJrc38O35VfOjWEwdMChwoEhbZACGfE0","tlshash":"1442d6c22702a43ee39798d8987a04537134da587819856c7b2daed77c2bdc6f0b1f72","first_seen":"2025-06-27T12:27:16.284565Z","last_seen":"2026-03-28T06:26:12.786667Z","times_seen":16,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":608,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/5905.efaeccc9ed0bc890f551.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:22.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-12T03:22:15.911355Z","times_seen":975,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":316,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9357.6eac77a0486f9581bdbb.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9357.6eac77a0486f9581bdbb.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-a48\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2632,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2578)","md5":"9a88be9c44d21f0f968af34753d94f74","sha1":"36bbcaf30dece168c8c91d17759ed5d961920e8d","sha256":"571db221ba8701ecb6f1ca5f39ff4cc593b116e510809566494f82aed62f451e","sha512":"4dae56ea2ea0b8f8d824076a2ec3ef95421b64924b4cb6c4d9b9ce3bf6760a494cba48f819c5c7354c79701ea9aefd5908222ee3394ac9d1f5f290e4dbe6efa2","ssdeep":"","tlshash":"c551a7441a7338791de347a6b05b3b120c2513b27819f59216099eeb87b624f5b07f8a","first_seen":"2025-06-27T12:27:16.286459Z","last_seen":"2026-03-28T06:26:12.792475Z","times_seen":16,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-10037\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T05:21:49.993988Z","times_seen":14979,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","date":"2026-03-28T06:12:23.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 07 Feb 2025 17:35:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a6447e-10037\"\r\nexpires: Sat, 28 Mar 2026 18:12:23 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-12T05:21:49.993988Z","times_seen":14979,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"wcb.taleagrm.cc/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcb.taleagrm.cc/9722.204bd3ee91908ea636fe.js","fqdn":"wcb.taleagrm.cc","domain":"taleagrm.cc","tld":"cc"},"ip":{"addr":"45.192.102.142","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wcb.taleagrm.cc/","date":"2026-03-28T06:12:22.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcb.taleagrm.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:51:13 GMT","end":"Thu, 25 Jun 2026 11:51:12 GMT"},"fingerprint":{"sha1":"D9:03:EF:ED:F4:5E:7F:0C:02:17:63:9A:F5:97:E8:21:92:8C:96:E8","sha256":"54:E1:2E:39:1E:CF:DC:9E:A8:67:36:E6:6D:05:81:F9:BF:44:F7:58:D6:31:A9:5F:B1:24:11:4E:A5:9A:B3:47"}}},"request":{"raw":"GET /9722.204bd3ee91908ea636fe.js HTTP/1.1\r\nHost: wcb.taleagrm.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcb.taleagrm.cc/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:12:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 09 Feb 2025 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67a893aa-2f27\"\r\nexpires: Sat, 28 Mar 2026 18:12:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12071,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12017)","md5":"d5984d818d4ea04353b545f40eb221d9","sha1":"2089b3823ec3f346f257b1f9cd1baeb96d9506ac","sha256":"dbfc80efe17666b15e63d2f367723f13c7fc0bd9771864bc94f325025de51429","sha512":"e712d413a97c47d76c07bbb7e0ac375a841485878d4467206eedfd05ae68ffa441047aa436b5832465a086835a63532b339856fd1c9aada0056742ad9dcc5e65","ssdeep":"192:JjOqrc38On35VfOCURWQeaGBSNLcrRdj4CqIbEoEhoCfRERCGfEmSpfigtot6Ejt:JJrc38O35VfOjWEwdMChwoEhbZACGfE0","tlshash":"1442d6c22702a43ee39798d8987a04537134da587819856c7b2daed77c2bdc6f0b1f72","first_seen":"2025-06-27T12:27:16.284565Z","last_seen":"2026-03-28T06:26:12.786667Z","times_seen":16,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"wcb.taleagrm.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"wcb.taleagrm.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}