{"report_id":"84c167ef-54c5-434a-8ad3-5cbb9f71145f","version":6,"status":"done","tags":[],"date":"2025-10-07T15:52:37Z","url":{"schema":"http","addr":"teiegmfcub.cloud/","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"172.67.170.160","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"teiegmfcub.cloud/","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"title":"Telegram"},"submit":{"url":{"schema":"http","addr":"teiegmfcub.cloud/","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"172.67.170.160","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-11T15:52:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"teiegmfcub.cloud","ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-02","domain_rank":0,"first_seen":"2025-10-07T15:52:38.021064Z","last_seen":"2025-10-07T15:52:38.021064Z","alert_count":25,"request_count":25,"received_data":1439366,"sent_data":11507,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"teiegmfcub.cloud/compatTest.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","size":2544,"data":"","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-13T00:10:25.517712Z","times_seen":14007,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/main.74a858e950b3cb360b11.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a825e669d8ff4295ab072c7e339ef88d","sha1":"0e85d5e1fa69f8897007eb8cf86b9baeffcbc71e","sha256":"ff07595993768488c6d7aa1a66394e591d23a8a99c98ed6c67c86532f185f199","sha512":"ebbe4573e9b5d5ce85f583eafe4101a0145f886b08591034690bb9e9095b5991b9caf9f9264dd0d2101c8d78bf1fbb7a08e58f3405eb785e2bdac988ce41bac1","ssdeep":"6144:WS0e3PrB+9r/Vq2FNZibe1UFmMz0cuLyYo8BfXxK8r:x0e3PrB+9r/xzwbUUPzSyYhBfxK8r","tlshash":"cd545cc5b28175a962eb15e6987b4618fb3419003804c4a0f1fcfd9d3e76dcb52a3fa9","size":296589,"data":"","first_seen":"2025-07-13T17:18:25.954814Z","last_seen":"2026-04-13T00:10:25.515003Z","times_seen":1673,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/8673.1b6dd8d303b0535cc1f8.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","size":10696,"data":"","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-13T00:10:25.503156Z","times_seen":12920,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:19.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5bpkclCM12lpGlUUTj63bZ5LjQszAXIYn6%2Bbc4OBidndHr5hUnCZ30ajwFAmU3VavLyrLFB0JSZkzOx1A0WkrOj390z9iv66Sq1qVTJ6\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a2ee3356be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-13T00:10:25.498927Z","times_seen":1672,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/7784.df07a876b22e3b2a83e9.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MGr5SF%2BqFxvJ6HDkxn5tFJaKv3raIL5N7ilkSUpGyTd%2F9l%2BkDvI9xO5bAmX5%2FzT34Iekii8RGXqpXQcLVigThxejrEPzAOKU3HS52HVk\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a56e8656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-13T00:10:25.503952Z","times_seen":12713,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/5905.db5d2749ecb90aaf2752.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5AGncNMbioy1eYp9MMFT6IT1nE9da645qSQr%2BD8nP34gp4G8NxtcWA8kc0y4QbaiHyyyxMErnAf3ZJm9FQxex5q1w0gbegdYkVz52Mqk\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-223c9\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a83ea356be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-13T00:10:25.500081Z","times_seen":12740,"resource_available":false,"data":null}},"time_used":649,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":434,"receive":215,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/5905.db5d2749ecb90aaf2752.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=24DA3Fmk5cJS5YHm9WV3vLQfbOXeT%2Bp4hhIGwXkREgsTpLgbgJeU0GPgj0UXl4eQVqfg7HSotzFzXGnOwofJI4tRNVdzrSItxvKtqPrt\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a83ea556be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-13T00:10:25.500081Z","times_seen":12740,"resource_available":false,"data":null}},"time_used":646,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":432,"receive":214,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/main.f605f09e93c9b9c99e2b.css","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:15.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /main.f605f09e93c9b9c99e2b.css HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:15 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y0cExRk7Z1ol00bZBOhqqHrMbrpv9YLpp369zxlwwST2I1kig34Hus6IIE7vZoXMFohGBsZLuwwwdBjtjr1BF4H0%2BNpx4j4ZeX1fNahL\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797d-1bb78\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae9086ed1656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":113528,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11396)","md5":"3790619482279ecca6795f867b727f1d","sha1":"df3a6ff201408fa0f7b05e554673429950177172","sha256":"fd6d36c29954419dd38530e20cec4ecff0b687ccc2434b44036ef1df24371eaf","sha512":"d32602aa34de43734b51813bb4ae2bb034a20d5687828f07b7454ee55aeff71b5a7f6e94788c14e2e01f23e312a15c30583df8f57dfbcb0c859e693ae4707fbe","ssdeep":"768:2KKiamlPrbvZkRUbbjdKNx2Igt7d3tvoo9eb6Ub0v5ArCIw6KgW56tfEEV+UUrlT:2biIUbb62Igtp3Om5oGuf29","tlshash":"ddb3e898e94411f9a723c23e97c4e76c9d38e481de210fafb247654c07ca7eb11e2b59","first_seen":"2025-04-24T12:12:27.245489Z","last_seen":"2026-04-13T00:10:25.501616Z","times_seen":4293,"resource_available":false,"data":null}},"time_used":614,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":195,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/compatTest.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:15.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X4yv%2BVQguPOCsZpunu0Mf6HqNv6kI5LhV7x6gFCWC4cKSoKarKotqdQ2rree9GVMzqYiqe1ujfBQeIjK8YUJeG04CHFT4TJ0rrNc7Kjo\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-9f0\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae9086ed1756be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2544,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-13T00:10:25.517712Z","times_seen":14007,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/notification.mp3","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:16.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:16 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 10880\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RHzwyzh3f0OgxIfMBY%2BLYNQHPRrkZmjo91h1bxiKdOemX5R3UY%2FWKhrfu6L3A%2BovFSDOozOyfFqJbV47jgiJ%2FvFLQw%2Fp9fYA4gI8Zp%2Bj\"}]}\r\netag: \"6873797d-2a80\"\r\naccept-ranges: bytes\r\ncontent-range: bytes 0-10879/10880\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 98ae908dad6e56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-13T09:12:20.464419Z","times_seen":16563,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":411,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:19.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YvQUL8iU7LKI4IAX6qAMgQBnEiqIwVa8fJhChCMVAtsS%2B6WFrAnIv%2FvHSJ0g8%2BCrRnoIqSnbNfyYI5t4buO8EWmXYAR9VCnOaI7YG131\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a2ee3456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-13T00:10:25.498927Z","times_seen":1672,"resource_available":false,"data":null}},"time_used":390,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":390,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:21.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TgA6k5%2BY%2FD%2B9G17zqigN6AooWBaC52MN6WwtPlt2YZ1ASNx6K1q3Ea8%2Bernp6WMWdAgxYePzMTtkOQa0SZl%2BHirMU3C6VIR%2FwCQ%2FsYcn\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797d-10037\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90ac6edc56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-13T09:12:20.468601Z","times_seen":14981,"resource_available":false,"data":null}},"time_used":630,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":425,"receive":205,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:21.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=go1D0EvSp3zyvHikyDEUG1TCUJxJmWbNzXme0YVsHB1HkHMMx2bQJTw8U2y46lfzdZF8UBxp2WqbFmK21XuUk9uweLEGpA4FH3K5Pn%2B1\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797d-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90ac6edd56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-13T09:12:20.468601Z","times_seen":14981,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":201,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:21.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Esqo44JfsC1wY8WeaxikX4UdmIpIwFiXCXmSEN0xqlUH7A2uKrpSKvQrRVJc8SjbNT2D53ETjWWZWpSQKBiD2MqW5m0PAnNhGMnN%2Ftc1\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797d-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90ac6edf56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-13T09:12:20.468601Z","times_seen":14981,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":421,"receive":202,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/8673.1b6dd8d303b0535cc1f8.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:19.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /8673.1b6dd8d303b0535cc1f8.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6Y3dGdW94ryzyd5%2FUI1ASzhxX5z4hzw6le6ZlhDbBsnORcSkVH%2FypubQY47LsYBx072Z%2FiCx3BimKuxgBzKVSjDT3NSmXVRt4t8S%2FiSi\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-29c8\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a04e0a56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10696,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10642)","md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-13T00:10:25.503156Z","times_seen":12920,"resource_available":true,"data":null}},"time_used":393,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":393,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/7784.df07a876b22e3b2a83e9.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bRH6ZEZKHF5AHfHWa77Yo4PWnXkxHSYIhBZ1eU%2F1adMX3OgPFkjeueEEMOMp9d5WbgEl3OFbYtlJMmNygbKQlOPmOIm4YlrWM8p5Mx%2B2\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-53e5\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a57e8756be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-13T00:10:25.503952Z","times_seen":12713,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/7784.df07a876b22e3b2a83e9.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9U5MV9RgO9Pr9RkDlv6Krt8ebm8VkO0Sq5qsDqQNDgDz7OvZMEhfJARSgKZsKmlBlUr5i3%2FzGcZNeOfq4EgqmRI5M2jZeZ7V4Vtyq1W9\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a57e8956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-13T00:10:25.503952Z","times_seen":12713,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":423,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/5905.db5d2749ecb90aaf2752.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wRVQneL8uN6i4Eh5OmPyfHwzn2Wa0P%2FlWa47kjn7uHnTPcBlmzVQod%2FqeUq5%2BtWW1lyF3Vq2AM9UTAq2oeJ%2B5qN8PU2wGt4itlB9N1vA\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a83ea656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-13T00:10:25.500081Z","times_seen":12740,"resource_available":false,"data":null}},"time_used":646,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":430,"receive":216,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/icon-192x192.png","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:16.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 3059\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s%2FM4e3yckbQ5nFIWwKLbX6sNI9DekpkzjwezMzYytlJBDaEdcPIUzvXsJaGPwmsab0XaH8eRUWINjawuJJO%2FAMZgX7Fj8xPFoGJgB2uQ\"}]}\r\netag: \"6873797c-bf3\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 98ae908eed8956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3059,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"1a1650d2c76bfc1ac484646c19e495b9","sha1":"fe58d66042ce9241226f5da9370230285ff604fc","sha256":"6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8","sha512":"79c5c9278959bc94f66434779bebc1b46c055655f0bc58aa375f179c227e7ac0e52dea196764719d42aadcf98e4fd3b5a4488f2db977edde430aa3df733c03bc","ssdeep":"","tlshash":"bd514cd3253318e8e2dbfd7ace62041f656691ce5638ec120568de720c8985dc070caa","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-13T09:12:20.467375Z","times_seen":16207,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":416,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:19.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XAAkAx4Nc7FiweMJ1VUTXBtcyOBm5dpBMY%2BiSMsxJfhHNhWoUa3YjZ4ulD1m5N0WBVzbH1MtQMAoDaBG1UViRA%2F04LbJHstd3oRsi%2Blx\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-3878\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a2de3156be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-13T00:10:25.498927Z","times_seen":1672,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":397,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:19.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ef4tRO70eEtD%2BMzDpNZaIlocl9ovXeqllfK7Ws1V3R4mwB%2B5FJ4eRcHQJRnhCfZs7zy7q8Kj3LegmxwHNalmTPrelwlgDZGbecDGmLog\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a2de3256be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-13T00:10:25.498927Z","times_seen":1672,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/7784.df07a876b22e3b2a83e9.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q7HDSGlEgmH5Xfwpnou2MUll12CNd9pq9iM%2B9H6r44zlZpQUEnPuO0DO1ooIgcpf8bveoBvBDWonmP%2FKzWjSbYfDPkuq6NkyIL8irMhi\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a56e8056be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-13T00:10:25.503952Z","times_seen":12713,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":429,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/5905.db5d2749ecb90aaf2752.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:20.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:20 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mpbxQOjIbaEjHOlufKGW3WLkvm359OrMXMvNERS35svyQJKgNcEbRIIuxSwvPYZNFDb889HvzBzhaelEJTLj9QJYGuJeLA66nGQ7256%2F\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797c-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90a83ea456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-13T00:10:25.500081Z","times_seen":12740,"resource_available":false,"data":null}},"time_used":645,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":435,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js","date":"2025-10-07T15:52:21.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0ESw7YmHoaEG02ZVa5aaHhQn9z%2B5nBE539u5tW%2FZqpgJgBSxd2oAY2fsN3jmKPpG60ChunvgxWcBbDc%2F%2B2rD2YHnaKewzLeHLYnDOfXm\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797d-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae90ac6ede56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-13T09:12:20.468601Z","times_seen":14981,"resource_available":false,"data":null}},"time_used":624,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":205,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-07T15:52:14.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Oct 2025 15:52:15 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=13,cfOrigin;dur=427\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rQjIAP5FfeCut5NozcTd3mdx%2Fc0NNqTTTujdl6NISLm7M9C6zG7TECt1nU5mMc%2BnSKMY6GrGB5zVWBthOARTHtpbr4eNfgIk%2B0866rhF\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 98ae90833ce356b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2768,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2753)","md5":"23e24724db58c99e32bd5efae5e103be","sha1":"8fe83ba5029f835fb66b96b8722898e59bd00007","sha256":"44e5a0cad7193f9d46af8c0b01205d711969842a5ca5277d2b988bd04cb16e80","sha512":"6d7c7b878cedd409ad6d4e8b88a45257099231620dba1a77774a0753a4ffcc161d7fd5fab63d40f65c6cc6cf94f9db7bf4adba1fb3790aa78d6b6731d17c7bc0","ssdeep":"","tlshash":"4d5166d34914c88d2312977adbb2f08cc626e42d9da57c80b49a51a74df0ff49073565","first_seen":"2025-10-07T15:52:40.816515Z","last_seen":"2025-10-07T15:52:40.816515Z","times_seen":1,"resource_available":false,"data":null}},"time_used":495,"timings":{"blocked":25,"dns":6,"connect":1,"send":0,"wait":445,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/main.74a858e950b3cb360b11.js","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:15.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /main.74a858e950b3cb360b11.js HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gV7N1YQRN971Ezwq4iOvvyu70NSDf0fCyxu%2F0%2FzZ6ZYlVSEcNZc100fsHBErFf3sQc61v%2BAgVPBwZ8YDZzARX1Mjz7Lwj2wt0KKoxCzP\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"6873797d-4868d\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98ae9086ed1556be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":296589,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"a825e669d8ff4295ab072c7e339ef88d","sha1":"0e85d5e1fa69f8897007eb8cf86b9baeffcbc71e","sha256":"ff07595993768488c6d7aa1a66394e591d23a8a99c98ed6c67c86532f185f199","sha512":"ebbe4573e9b5d5ce85f583eafe4101a0145f886b08591034690bb9e9095b5991b9caf9f9264dd0d2101c8d78bf1fbb7a08e58f3405eb785e2bdac988ce41bac1","ssdeep":"6144:WS0e3PrB+9r/Vq2FNZibe1UFmMz0cuLyYo8BfXxK8r:x0e3PrB+9r/xzwbUUPzSyYhBfxK8r","tlshash":"cd545cc5b28175a962eb15e6987b4618fb3419003804c4a0f1fcfd9d3e76dcb52a3fa9","first_seen":"2025-07-13T17:18:25.954814Z","last_seen":"2026-04-13T00:10:25.515003Z","times_seen":1673,"resource_available":true,"data":null}},"time_used":984,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":412,"receive":572,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:16.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/main.f605f09e93c9b9c99e2b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:16 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 11016\r\nlast-modified: Sun, 13 Jul 2025 09:16:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n6ZBPGPaSMWwl6U8Um8cruxOPASRy6EIFaz2E8UH9KNIMDA5TRh4DPeXPj66WKTjWnqdCW2iWg3IwnLR8ldIOJZ9RV63mioFV%2FwYiR90\"}]}\r\netag: \"6873797d-2b08\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 98ae908d9d6d56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11016,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11016, version 1.0","md5":"15fa3062f8929bd3b05fdca5259db412","sha1":"6ff06a34f68ad0324ddec1bbe4d453c959178b36","sha256":"5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479","sha512":"07e96d7520b4ede158e77bef10a01a33cd8be7d263fe6900f89c023e65e4a63570e8a442dec2e96030fb563b25610005a748d48f9330fd31eb91b37d1003d376","ssdeep":"192:Tysuo7z1NVoTUYAKVOO7YVxRwHQUXFI5xoBwH9f4d9QFmOfiS:TvdvVoTSjOYR4QUVIgBwpFLaS","tlshash":"6e32af8071ff1c50ff85c2f69be68efa2c2b1895c619016f5240b476397525e9c294bb","first_seen":"2023-04-05T09:25:54Z","last_seen":"2026-04-13T12:41:55.489208Z","times_seen":33141,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":397,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiegmfcub.cloud/favicon.svg","fqdn":"teiegmfcub.cloud","domain":"teiegmfcub.cloud","tld":"cloud"},"ip":{"addr":"104.21.55.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teiegmfcub.cloud/","date":"2025-10-07T15:52:16.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiegmfcub.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 04:31:24 GMT","end":"Wed, 31 Dec 2025 05:26:45 GMT"},"fingerprint":{"sha1":"0D:B0:71:62:2B:B4:1D:67:01:ED:9F:84:72:5C:A6:F5:BC:6B:72:EF","sha256":"6F:26:B5:0C:56:53:81:FF:6C:06:11:B3:F8:2A:35:97:5D:C5:82:25:E8:31:B5:17:50:F0:6B:0C:27:6E:04:9F"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: teiegmfcub.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiegmfcub.cloud/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 07 Oct 2025 15:52:16 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\nlast-modified: Sun, 13 Jul 2025 09:16:44 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"6873797c-37c\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L67BOxKc9K5divZ0Ufs09TEKNY02r%2FObwiRVtXkxq7h%2BIInCPjoLMZO0xlTF9HF8iEhLFxLnqnsjp5wzR07Hmh0BeZqeH13uBpx8jvWE\"}]}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 98ae908eed8a56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-04-13T09:12:20.473978Z","times_seen":13788,"resource_available":false,"data":null}},"time_used":442,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":442,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"teiegmfcub.cloud","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}