{"report_id":"2560e73c-8d24-409a-b152-abc4085f0261","version":6,"status":"done","tags":[],"date":"2026-04-04T20:26:28Z","url":{"schema":"http","addr":"telexbyfgr.ink/","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"172.67.209.61","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"telexbyfgr.ink/","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"title":"Telegram","dom":{"size":3045,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2943)","md5":"d9b128d2fb2bf01b31c79ec1706c7f54","sha1":"92e869d18768232eb183caaf493e9c80ffb4d8e1","sha256":"8cf2c034e70efa62b67895433785d4a27411790efee6ab2d9d4f9788814d492f","sha512":"828cbfc1bcc890cebbb77634debc6ae16d303464e25d8e5d793cdce6895e263800c944d2bf6311b4fde42aea6c0686c28d97d2d9263d51cdcb0e2c32154d7083","ssdeep":"","tlshash":"a151a8d38934854e2217a73ad6b2f38c8527e21f9be27ed0b48554a646e4ef48473178","dom_hash":"domhash6e33c66f2e92e36a3d849f095813a349","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"telexbyfgr.ink/","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"172.67.209.61","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-09T20:26:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-04","alert":"Hunting_JS_WebAssembly","trigger":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"telexbyfgr.ink","ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":79,"request_count":25,"received_data":1440822,"sent_data":11409,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"telexbyfgr.ink/compatTest.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","size":2544,"data":"","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-04T23:52:43.635509Z","times_seen":13998,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/main.838ad808557acca8e3b5.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7213d9e2b588e594b8bbaa3a8099f426","sha1":"8f8933cc818c124ac33ba51aeb3a316e457d4822","sha256":"effbcfe3b46a0896c5646b1db511ffddc9cf62aef41d3e32a80f747276700dfa","sha512":"409cb005d5dd90deb179e07c5af2a3cd77bab2a4fb07ee44a70374a9b57281c2a9d3a90efee389967b0638dfe0ed43a857316ec2c0434108e4482a167d7a7f93","ssdeep":"6144:MOee3tDBk9r/Vq2F+ZszYrUFmMz0cuLaY38Bpvj8QP:bee3tDBk9r/xQuzQUPzSaYMBxj8QP","tlshash":"f2546dc5b281b5a962eb15e6987b4618f73419003804c4a0f1fcfd9d3e76dcb52a3fa9","size":297279,"data":"","first_seen":"2025-07-22T15:11:00.869979Z","last_seen":"2026-04-04T20:26:35.604754Z","times_seen":529,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/8673.1b6dd8d303b0535cc1f8.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","size":10696,"data":"","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-04T23:52:43.632681Z","times_seen":12911,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"telexbyfgr.ink/5905.db5d2749ecb90aaf2752.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:14.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9PeEp5W4aaxCQdByq0ErdzoTCYa7PjjkOdkfg8sisSO%2BO95SXdNBV2yCPUbDG%2FVCMceAVx918S4Pyz6NsQX5ZJO%2BZZbnH5kkWr89w3dYRSeFaYL0CBooJl7DUcTMbOA9WQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c015b921525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":779,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":774,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/compatTest.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:08.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:09 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002e-9f0\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Yg89haZPbOewYOGO%2FA1%2BUvZsmzNLQJ574RWslbXlKHEI%2FfRT683UKoBEhnEmDQX2idq9JvtVyAFqvcuvzPidil8p%2BDRPHIQ1B%2BaJULvMDymqZu7AXcfeyH9JmNfz%2F5DLxw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bda9dd31525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2544,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-04T23:52:43.635509Z","times_seen":13998,"resource_available":true,"data":null}},"time_used":645,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":645,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/8673.1b6dd8d303b0535cc1f8.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:12.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /8673.1b6dd8d303b0535cc1f8.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-29c8\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QJmzVWPx7kgj1Zotb%2FleP4hXXtJOZ19nLv0tY7NZS%2BmNyJnhItm%2FW0o6LumMs2%2Fz1PK3hTdZVpsz4jioJU9072qV7UwFc5l3su%2FG%2Fpu8hdkWOLrrzdNu7nX%2BZd6TKIKhuQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bf599b11525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10696,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10642)","md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-04T23:52:43.632681Z","times_seen":12911,"resource_available":true,"data":null}},"time_used":598,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":597,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/5905.db5d2749ecb90aaf2752.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:14.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GlNgosmVYJ0T%2F%2BIWw8lF3OwONGtdeQYsGPrTEcfIUcEb%2Fk6ldc5FXPqHmmRAzBfMstfkOv7SJKAAotvCGEzAyJ%2B0lXNc0caAGCKW6rQXbsIUv9NTabSTTnop9aXue2leRQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c015b901525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":780,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":774,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:15.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:16 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MjF4ZKjGGWApgUczTTVKCdmMWrW7arbFdfkwKy9yR30gn2LVCuVjtN5STAfBdCk4Iz3XBDnU2587fkMHzuU%2FGr1O89bBDLmefWpQqBPrf1Uixo7%2BxcyzCl%2Fb5ZNmxRSwlw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c065cc91525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":802,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":800,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-04","alert":"Hunting_JS_WebAssembly","trigger":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:15.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:16 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pxPoR0VWLnCKxFi46Vml7qqE4%2BmNyXxwTtAS5f%2FVxtW4LiOs1pDb5p7AdPXhebwzmPiMqs1AWEsuPffqAeFFARCtOlGtx3D%2B5Ur2MfPatw9EanfQbpRnkr5v6OaCvjE8pw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c065cce1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":795,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":793,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-04","alert":"Hunting_JS_WebAssembly","trigger":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/icon-192x192.png","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:09.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:10 GMT\r\ncontent-type: image/png\r\ncontent-length: 3059\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\netag: \"6877002e-bf3\"\r\nstrict-transport-security: max-age=15552000; preload\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FYfN49YzpPCcLBYQPd1xzQ9HVPYKKxdSjw2AJAuqToyLF4LxhrfV1K2KTsDuV9EzN34nL%2FZ4H29eOBB9ODoK8rvu3Rpisdp9z5JQ8A2nTmvGsvLwD7TgbCmOZfOLiB9RAg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9e730be43f371525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3059,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"1a1650d2c76bfc1ac484646c19e495b9","sha1":"fe58d66042ce9241226f5da9370230285ff604fc","sha256":"6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8","sha512":"79c5c9278959bc94f66434779bebc1b46c055655f0bc58aa375f179c227e7ac0e52dea196764719d42aadcf98e4fd3b5a4488f2db977edde430aa3df733c03bc","ssdeep":"","tlshash":"bd514cd3253318e8e2dbfd7ace62041f656691ce5638ec120568de720c8985dc070caa","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-05T02:20:45.419469Z","times_seen":16183,"resource_available":false,"data":null}},"time_used":605,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":605,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/7784.df07a876b22e3b2a83e9.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:13.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qFFXoMla7kS7MuhKKmhrkkkKKnsjKxVtSiTxol6hyv2FfDq2mSqHdMgwWQ5Vo7Nms1vV0wsTd3YZMVkNvTv13zpI6hMPrqyB7%2FGDwCjwQVnoIWabYXGObQRySGva3eQntQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bfd4aee1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":631,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":631,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/7784.df07a876b22e3b2a83e9.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:13.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1kiYublmEFDP0d2B5flkGNEZW%2FwsRdVk8U7vs26q8s5QzbugDtnLchlKC2FJeIqzvE1XiA1%2FYEJNa5YSsiCWi9ac41zFlpjeF0MIlpUrwdWKtwDSksklpXw97EpdRT%2Fq9w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bfd5af01525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":625,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":625,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/5905.db5d2749ecb90aaf2752.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:14.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZLLJWismZfqqZP4uzcJ3AWj1QX6PNwjbDTHb7L3MIX%2BIeZGub04vOUDLWUKJIKk6Cocl%2Fv%2BLjgMb1iIm0urI%2BFMp9RIkjf7NAW6fDZawtQKka%2BgemSRo3uVyWBGMygnOfw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c015b8d1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":783,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":775,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/5905.db5d2749ecb90aaf2752.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:14.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aNiH8grC0TU%2BWtRCobOiXeFHXCLaQexCOEuIaB9NrIQD9le7XjNy00GARgLFmdH60RuU8OEAqUEVxkFfrbPpQugJYby8egB78YA7jzDFoSEDnMh6Q7xiDc6B60AHvZKUzA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c015b8f1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":780,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":775,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:15.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:16 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hbq8ZtINeJTwIs2E1qxjyzURsRzvqqN46ZD4uXG4ORTfnETfHHQdEfUMwIVFCFAWcXbAIPFX0HmLGv8C2wiIY3Ugx1p3cVEzfpjI30ibFP3UWpcbz6uageQFLNgpPE4uEw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c065ccd1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":799,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":796,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-04","alert":"Hunting_JS_WebAssembly","trigger":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:15.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:16 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k9bU9unJwv8%2F9%2Fj9WtrqumJNGARt3c64NUd%2Bqkh6dZKgEZbZYt%2Fp90%2F33TpvLfgPxumRQpNgeNsKMKSCnLVDs2UuhyIC0YgRtNU3BIk8uWvqeeDBh0HKx%2Bmq1w4MIEhg7A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730c066ccf1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":796,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":792,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-04","alert":"Hunting_JS_WebAssembly","trigger":"telexbyfgr.ink/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:13.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XA2dkwQViHXYwkS5wrMBpmQO%2BkWdwKPWl88AH4qVkMxaZBzzgWana3QAhRmFdxuY67yeGoNPedfsvOtZ9Tb43rCDeGmt9PbeXeCrtZnBfASGhesvjPtvVd5pcWUGsCy8%2BA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bf98a321525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":579,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":579,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:13.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JnYz%2BFVtGdRH5hMCYBBxrQD7UcrzbNVILrXCIJrGkACU%2Bo6IdQQmffPnVuFAZaRERfL%2BHrvJowctXYvsbU3RMf0MG2Bx%2B9O01Zrdhk3tBTK1BeN%2BEqYWo9Q38Vhqik6s4g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bf99a341525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-04T20:26:06.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 04 Apr 2026 20:26:08 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=15,cfOrigin;dur=601\r\nstrict-transport-security: max-age=15552000; preload\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vXLk%2B22mwu6LO8Z6xVwESBvZZyz9%2BEv1NHS4BMvqRbyZ%2B6OBAhbm5pElTnpWs%2FG0dKSn2Rjo6D8UUCh5Qs2247JpyGc79TfPFs8UgC%2FPQLA%2BITxH3b8bCW7FnFbN4gmIaA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 9e730bd5785a0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2768,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2753)","md5":"4af46820f012e3949714b6aa65f69641","sha1":"d6d7872fa6cea16a8cb58986e4d5c6a46a0dc7fa","sha256":"7edd93e1687825bc8e0cd2c7c0dbad59a471b86dd1cf10acef158c25df4b6a7d","sha512":"50e3c5a5c6c50253b5baccdd2f79bfe082902560f82e2a5e9f35106cac6786dd6a3faa1c0bdde7ca81de8df3d0e17516ce3bf93d74c05c0f9ddd41e0d7057a80","ssdeep":"","tlshash":"0c51b7d34914c88d2212877aeb72f1ccc526f42e9ea17c90f4c9a1a649f0ff4807327a","first_seen":"2026-04-04T20:26:35.603967Z","last_seen":"2026-04-04T20:26:35.603967Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3284,"timings":{"blocked":1331,"dns":1274,"connect":1,"send":0,"wait":622,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/main.838ad808557acca8e3b5.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:08.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /main.838ad808557acca8e3b5.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:09 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-4893f\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A324I%2B51zZoEm2MJazYmG00Y%2Fpi5RV3Z%2BwAGPpsUcXkq5iHB7LU1rZAUIkp7zkT%2BeIC2AVOzBfo5Fbj4kSB8JvXzcPV375VX%2BVcqwjMejsflwTOVkgNTkbsYA%2FMjOKaw%2FA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bda9dd11525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":297279,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"7213d9e2b588e594b8bbaa3a8099f426","sha1":"8f8933cc818c124ac33ba51aeb3a316e457d4822","sha256":"effbcfe3b46a0896c5646b1db511ffddc9cf62aef41d3e32a80f747276700dfa","sha512":"409cb005d5dd90deb179e07c5af2a3cd77bab2a4fb07ee44a70374a9b57281c2a9d3a90efee389967b0638dfe0ed43a857316ec2c0434108e4482a167d7a7f93","ssdeep":"6144:MOee3tDBk9r/Vq2F+ZszYrUFmMz0cuLaY38Bpvj8QP:bee3tDBk9r/xQuzQUPzSaYMBxj8QP","tlshash":"f2546dc5b281b5a962eb15e6987b4618f73419003804c4a0f1fcfd9d3e76dcb52a3fa9","first_seen":"2025-07-22T15:11:00.869979Z","last_seen":"2026-04-04T20:26:35.604754Z","times_seen":529,"resource_available":true,"data":null}},"time_used":1212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":826,"receive":386,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/main.f605f09e93c9b9c99e2b.css","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:08.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /main.f605f09e93c9b9c99e2b.css HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:09 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 23 Apr 2025 14:21:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6808f76e-1bb78\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2FhgvDEHQNVDGo%2B1u1tW%2FGMJtm0X9s%2Bd6CH8S1xJGy6RzKpWe8BeGF2If2ueeYkbnMe5SE1CJAHBu%2FbYsySNyp7HZlDWdvZUeA4C%2B%2FbETTwObEzQSM3sxV3VkWPpSobfGw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bda9dd21525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":113528,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11396)","md5":"3790619482279ecca6795f867b727f1d","sha1":"df3a6ff201408fa0f7b05e554673429950177172","sha256":"fd6d36c29954419dd38530e20cec4ecff0b687ccc2434b44036ef1df24371eaf","sha512":"d32602aa34de43734b51813bb4ae2bb034a20d5687828f07b7454ee55aeff71b5a7f6e94788c14e2e01f23e312a15c30583df8f57dfbcb0c859e693ae4707fbe","ssdeep":"768:2KKiamlPrbvZkRUbbjdKNx2Igt7d3tvoo9eb6Ub0v5ArCIw6KgW56tfEEV+UUrlT:2biIUbb62Igtp3Om5oGuf29","tlshash":"ddb3e898e94411f9a723c23e97c4e76c9d38e481de210fafb247654c07ca7eb11e2b59","first_seen":"2025-04-24T12:12:27.245489Z","last_seen":"2026-04-04T23:52:43.631185Z","times_seen":4284,"resource_available":false,"data":null}},"time_used":817,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":812,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:09.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/main.f605f09e93c9b9c99e2b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:10 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 11016\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\netag: \"674840af-2b08\"\r\nstrict-transport-security: max-age=15552000; preload\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=meQe%2BND%2Fdk2WqZpQCeGyVT5orwyMRku0cY08%2F9H3M%2FhDvkLCaIX8kk%2BddnFIrx0be%2FdUZMR29t6hvBgHT33X1XlesPjusDvml4%2B0DzSUpt9ZM%2FqKWOtQe164iih2kkx3xA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9e730be2ef0a1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11016,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11016, version 1.0","md5":"15fa3062f8929bd3b05fdca5259db412","sha1":"6ff06a34f68ad0324ddec1bbe4d453c959178b36","sha256":"5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479","sha512":"07e96d7520b4ede158e77bef10a01a33cd8be7d263fe6900f89c023e65e4a63570e8a442dec2e96030fb563b25610005a748d48f9330fd31eb91b37d1003d376","ssdeep":"192:Tysuo7z1NVoTUYAKVOO7YVxRwHQUXFI5xoBwH9f4d9QFmOfiS:TvdvVoTSjOYR4QUVIgBwpFLaS","tlshash":"6e32af8071ff1c50ff85c2f69be68efa2c2b1895c619016f5240b476397525e9c294bb","first_seen":"2023-04-05T09:25:54Z","last_seen":"2026-04-05T05:16:38.942551Z","times_seen":33015,"resource_available":false,"data":null}},"time_used":798,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":602,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/favicon.svg","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:09.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:10 GMT\r\ncontent-type: image/svg+xml\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"6877002e-37c\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T2owfvd1F8BgcuGm0OJRZL%2BTM7WFmM%2FJt3batsskOMUHryYfClr6THwTYjMS8QQU%2Bfss37q3lJiMD72L8V9StFmGhnqbMSwzij31565wBoBrQEF5cA34TliPIGDM3XtPWw%3D%3D\"}]}\r\npriority: u=6,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730be43f381525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-04-05T02:20:45.418918Z","times_seen":13764,"resource_available":false,"data":null}},"time_used":651,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":651,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:13.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MCQX63NRZb7MjCnHENdF%2FU05rUPQwETHixXvk5dOTmm3IE32NwQqz5RMS%2FBDB10GUyRMVV35pARua2%2BqtP2BsKwj%2Fg57pdW%2F2WY4ZYQaAXp%2FTicpkW7ljwmm3cM0HQWllg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bf98a301525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/notification.mp3","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:09.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:10 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 10880\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\netag: \"6877002e-2a80\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-range: bytes 0-10879/10880\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2%2B8DPWlHQp5XtckutZD78zbMf6hZWKzknSvWg4z5FnKAZpC13KIeq6XrzVUrRaneLBkd5PEy9qh6pGA%2FiDodgvDrpqvK%2BztXaWuT%2BPv%2FUPHsBRZB4WbOAFY4RJnIenwxog%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9e730be2ff0f1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-05T02:20:45.425787Z","times_seen":16537,"resource_available":false,"data":null}},"time_used":803,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":606,"receive":197,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/","date":"2026-04-04T20:26:13.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9pQJDYqn92RVxInuPmTxWMsmD9dXJqo2vqT1vg8IgpOKNfsDf00G5n6PD1toQPaGkUH5yNopTRSYn7qHIWjUm5GhL2mmL5%2Fv5QRJ%2FN4hbZwjXLcQuc6BK7oLdmkvS9wveQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bf97a2e1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":594,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":594,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/7784.df07a876b22e3b2a83e9.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:13.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xJlz%2BFgYSnDvrnziOcsY57OifG%2Bg3pjvYoB3QltDkAGhwGzpOFFvzNPepd66%2BNsPw0YvDTXrJSkKnQDKcgW4FMvwM%2FFrirKp8uwA4YNV7mp7Ro3c0xQupnU73e2T2Wys%2BQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bfd4aeb1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":632,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":631,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telexbyfgr.ink/7784.df07a876b22e3b2a83e9.js","fqdn":"telexbyfgr.ink","domain":"telexbyfgr.ink","tld":"ink"},"ip":{"addr":"104.21.93.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js","date":"2026-04-04T20:26:13.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telexbyfgr.ink","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 16:20:41 GMT","end":"Sun, 17 May 2026 17:19:14 GMT"},"fingerprint":{"sha1":"0C:EE:41:CC:F4:61:5D:38:80:95:92:B3:11:B1:AB:43:8A:A7:87:AD","sha256":"FF:B3:54:30:71:CF:0D:A2:F5:BE:FC:0A:F7:7A:85:13:DA:31:49:1E:41:A2:F8:62:8D:50:D9:59:82:EA:D8:80"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telexbyfgr.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telexbyfgr.ink/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 04 Apr 2026 20:26:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sVYXADfrtKm70Rt3PqSKyxuFXRCcBeedLmxod7cRo%2BB9JDwr3dX7CrVoq1E%2B2E1nyKQFMJ925KqZc%2BzH2iegq7ZYwremIBaYpaNqeYh9rKyl4LScn3MESY2cwNl2eBKQ1A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: 9e730bfd4aef1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":630,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":630,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"telexbyfgr.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}