{"report_id":"8c4d8fcc-29ee-4677-9c80-1e5f45203d6c","version":6,"status":"done","tags":[],"date":"2025-10-20T15:02:39Z","url":{"schema":"http","addr":"teiebbxicf.top/","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"104.21.80.215","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"teiebbxicf.top/","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"title":"Telegram"},"submit":{"url":{"schema":"http","addr":"teiebbxicf.top/","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"104.21.80.215","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-24T15:02:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"teiebbxicf.top","ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-15","domain_rank":0,"first_seen":"2025-10-20T15:02:40.908237Z","last_seen":"2025-10-20T15:02:40.908237Z","alert_count":73,"request_count":25,"received_data":1439513,"sent_data":11409,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"teiebbxicf.top/8673.1b6dd8d303b0535cc1f8.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","size":10696,"data":"","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-04T23:52:43.632681Z","times_seen":12911,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/compatTest.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","size":2544,"data":"","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-04T23:52:43.635509Z","times_seen":13998,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/main.838ad808557acca8e3b5.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7213d9e2b588e594b8bbaa3a8099f426","sha1":"8f8933cc818c124ac33ba51aeb3a316e457d4822","sha256":"effbcfe3b46a0896c5646b1db511ffddc9cf62aef41d3e32a80f747276700dfa","sha512":"409cb005d5dd90deb179e07c5af2a3cd77bab2a4fb07ee44a70374a9b57281c2a9d3a90efee389967b0638dfe0ed43a857316ec2c0434108e4482a167d7a7f93","ssdeep":"6144:MOee3tDBk9r/Vq2F+ZszYrUFmMz0cuLaY38Bpvj8QP:bee3tDBk9r/xQuzQUPzSaYMBxj8QP","tlshash":"f2546dc5b281b5a962eb15e6987b4618f73419003804c4a0f1fcfd9d3e76dcb52a3fa9","size":297279,"data":"","first_seen":"2025-07-22T15:11:00.869979Z","last_seen":"2026-04-04T20:26:35.604754Z","times_seen":529,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"teiebbxicf.top/favicon.svg","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:19.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:19 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\netag: W/\"6877002e-37c\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N07WOlp23V1wBvSg57Vx%2BuvhGx5enyRPEaZ1193C56qlbuVbj9A54xYpFn3%2BjTykRONukhppl0odJai%2BM9Vpdt8pWwVkzAbr1QTu1TSy\"}]}\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 991965424b17120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-04-05T02:20:45.418918Z","times_seen":13764,"resource_available":false,"data":null}},"time_used":675,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":675,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/8673.1b6dd8d303b0535cc1f8.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:22.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /8673.1b6dd8d303b0535cc1f8.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:22 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-29c8\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0IsyP3yQe%2FxbHmHigMzwOI9N7Hyr1BvEtKDF1CCVmo1Aa3t%2FOeL0kv39n2%2FmYUX12tCk5vMCxM%2BFH7MsIOTR2Rgk%2FrK%2BrAiigPeIbo6k\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196553ae28120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10696,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10642)","md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-04T23:52:43.632681Z","times_seen":12911,"resource_available":true,"data":null}},"time_used":606,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":606,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:22.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pGOaLz7intBh2MhVf%2Fv95fxxl8oyFzUMCOx%2BAZTpEwuB0f1ClC%2B%2BSqsc1LIgoqaZZMPk0uOsO1nu5IYpg9Ubq7ZYm3MYhCUVDA9Dj48o\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 991965578ead120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":652,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":652,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:22.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tyFpKQ%2BLeK8jOFRDOlj7nO%2BB2c3iO9%2BdpVkLBPohoNbRMDfehhbI2o5PKwsFozCTfQwYXjX5Saib6bFOfRAviHzadaAa4dJdXn61kJtA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 991965578eae120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":654,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":652,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/7784.df07a876b22e3b2a83e9.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4j80xi4KGKgs8kAUqrTPT4wxNbW1rGtcltGKthJ%2FGip%2F6NKWHVetSkdtBwahgKdbglEefg4GK0UL5k1o%2F2foR%2FOn00Cn7nGDjQ3UVNzW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655bcf2c120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":587,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":587,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/5905.db5d2749ecb90aaf2752.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nNoBCdeh%2FLQY1mErgkNbWOAzg4%2BGD5xIofeU54z5SP929thpnta052WGHZ9VjerKjNBPaqp%2BCc%2BCCYGyfxJJvBLF7O7QUCvK8bNB%2FGZw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655f9fcf120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":792,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":596,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:24.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qToEFE1YvRKYzVmSeAec9nUkT%2FrA11Msi%2FCehGXcUTYg%2BqN0AqyolM%2FPnjj%2BTwaJaFyD3ZWmssfwDrlbxzHqIOAxk%2FdDCc346sA5%2Bqye\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196564a8e0120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":832,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":613,"receive":219,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:24.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jk1ogVwc0n25zcGhuhufmMZwuPeOAD3sSGELqZPOMhNWh7pUlIKhlfyUkexriOpsmRGB%2BKev83AxgoILLhksfQyOT2Y2SHQFhLFdVJ1f\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196564a8e2120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":829,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":611,"receive":218,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/7784.df07a876b22e3b2a83e9.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JsnlZhtf4lIu6mIfpaqU%2FQLQ9KvQQVe2dMhJywnheA9RQzm55Utcrb0cH%2BChK0LfBiKFBySnCHYYmk%2FZ7e67JznHnzxiR7wgmzwl3Q7N\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655bbf2a120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/icon-192x192.png","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:19.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 3059\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\netag: \"6877002e-bf3\"\r\nstrict-transport-security: max-age=15552000; preload\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ofdZWRp6w1KG5js%2Fj%2BavCxTZ6GX4K7h7q1Qh2Zx3QVxXO6g1vXWZLSgcWqoWcsr3%2FJhdc%2BiFDL5C1F1HrsCpaRTqMVXWTbgwz1gu2ND7\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 991965424b16120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3059,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"1a1650d2c76bfc1ac484646c19e495b9","sha1":"fe58d66042ce9241226f5da9370230285ff604fc","sha256":"6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8","sha512":"79c5c9278959bc94f66434779bebc1b46c055655f0bc58aa375f179c227e7ac0e52dea196764719d42aadcf98e4fd3b5a4488f2db977edde430aa3df733c03bc","ssdeep":"","tlshash":"bd514cd3253318e8e2dbfd7ace62041f656691ce5638ec120568de720c8985dc070caa","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-05T02:20:45.419469Z","times_seen":16183,"resource_available":false,"data":null}},"time_used":943,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":942,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/5905.db5d2749ecb90aaf2752.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QJIZCZqSSUf9Eel9hQ1qgkco2ny36VMQg1Tn2RME9BCsocnwqpgyi2k5K6DUWQ6sg%2BK1a5v3pS6h3lDgDVBlZdzmzPMrHxzHUXx%2FZeLH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655f9fcb120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":797,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":600,"receive":197,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/5905.db5d2749ecb90aaf2752.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CtvcW3OCLKhNkk5%2BEqEahvre8wHb%2BRIlcTSzaFRY3a8Xxqi39V5T7EUGSXUU786HlFNTTtzaj1oUXXug05tBnateNRl3c6e7kmQB8D5T\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655f9fcd120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":795,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":599,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:24.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=99iOUHTBBaqcW8iTeT0wxOIv7uRwVjsGY3AboAtla9WaCA2itmqmSutkASeEriK65dFpC49OB%2BKUY%2FlPhHOpjLPUnv2JOmYVMsKA9gpY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196564b8e5120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":826,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":608,"receive":218,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-20T15:02:16.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 20 Oct 2025 15:02:17 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nstrict-transport-security: max-age=15552000; preload\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EbyYQbxE8Ro9LQk%2F6sAavNCDJ1V4rEmOzyj35rFaNi1G0q%2FPI%2B2%2B7ae2o2HBUZ32WyJbVEY9LMDRky%2BSnTRhh9BxT9Oz5X89%2BkJw3ota\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ncf-ray: 991965341ff25a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2264,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2264), with no line terminators","md5":"2763071f63132812e504181c68d4a7c0","sha1":"da7378b12a1b9df9485b030f6c8e1600e2ae1fa1","sha256":"cd85cddf3ec4fcee63c329c78302915291155e82f042b582469fae95cc106069","sha512":"99e546b7279136c338330b324cddb936704bd5a64eb8a459c63aee1603ffe84bef5052543b6ec23e4c99116e2891a7616e417d0ce7da7ce7f8aba19e453bc8df","ssdeep":"","tlshash":"a54132d34a18c84e2722977bdab2f0ccc516e41daea57c80f88551a78de0ff094b35b9","first_seen":"2025-07-22T15:11:00.861181Z","last_seen":"2026-03-26T07:27:15.323218Z","times_seen":30,"resource_available":true,"data":null}},"time_used":764,"timings":{"blocked":64,"dns":46,"connect":1,"send":0,"wait":636,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/main.838ad808557acca8e3b5.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:17.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /main.838ad808557acca8e3b5.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-4893f\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lQ9iYe%2FwpPmDeRHM8qbGpGN37ke7c2xgtnzL2rPtpDZxhm9uBBRFczz5TVDEDSZvDiKyaTChk9TguHZG6wQ%2BI7zfZLNKZufvZwyy1HKY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196538f98e120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":297279,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"7213d9e2b588e594b8bbaa3a8099f426","sha1":"8f8933cc818c124ac33ba51aeb3a316e457d4822","sha256":"effbcfe3b46a0896c5646b1db511ffddc9cf62aef41d3e32a80f747276700dfa","sha512":"409cb005d5dd90deb179e07c5af2a3cd77bab2a4fb07ee44a70374a9b57281c2a9d3a90efee389967b0638dfe0ed43a857316ec2c0434108e4482a167d7a7f93","ssdeep":"6144:MOee3tDBk9r/Vq2F+ZszYrUFmMz0cuLaY38Bpvj8QP:bee3tDBk9r/xQuzQUPzSaYMBxj8QP","tlshash":"f2546dc5b281b5a962eb15e6987b4618f73419003804c4a0f1fcfd9d3e76dcb52a3fa9","first_seen":"2025-07-22T15:11:00.869979Z","last_seen":"2026-04-04T20:26:35.604754Z","times_seen":529,"resource_available":true,"data":null}},"time_used":1170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":581,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/main.f605f09e93c9b9c99e2b.css","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:17.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /main.f605f09e93c9b9c99e2b.css HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:18 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 23 Apr 2025 14:21:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6808f76e-1bb78\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YVZCXXUWipvaC5kQ4R5PeqmLcVuZHThXqustMlXVe49vR0u7qKIBIETi2puYGSz0j35ATdibriqU6DbIAbjxaZQ6RCx2StVrnap4rHjM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196538f98f120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":113528,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11396)","md5":"3790619482279ecca6795f867b727f1d","sha1":"df3a6ff201408fa0f7b05e554673429950177172","sha256":"fd6d36c29954419dd38530e20cec4ecff0b687ccc2434b44036ef1df24371eaf","sha512":"d32602aa34de43734b51813bb4ae2bb034a20d5687828f07b7454ee55aeff71b5a7f6e94788c14e2e01f23e312a15c30583df8f57dfbcb0c859e693ae4707fbe","ssdeep":"768:2KKiamlPrbvZkRUbbjdKNx2Igt7d3tvoo9eb6Ub0v5ArCIw6KgW56tfEEV+UUrlT:2biIUbb62Igtp3Om5oGuf29","tlshash":"ddb3e898e94411f9a723c23e97c4e76c9d38e481de210fafb247654c07ca7eb11e2b59","first_seen":"2025-04-24T12:12:27.245489Z","last_seen":"2026-04-04T23:52:43.631185Z","times_seen":4284,"resource_available":false,"data":null}},"time_used":796,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":603,"receive":193,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:22.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lZkRbq0EfInKJbvD3dmtEeBi0GNfQR60vUBBO4bqrmLFUr7ZWc7WFeEGA%2BT9X7n%2FR6%2BA9TxHOlzV%2BR8erpafEM6lHs5PE2QxzLdAoZp8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 991965579eb2120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":646,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":644,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/7784.df07a876b22e3b2a83e9.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wXMEwZ8iQlKQPLGVZ4flNpr7LnZOPi60nvkfrvBhBcjYZaUbo8PpvI75%2FEvwMVUp5wTDyv%2F5kuvBT2fFHxLwDmWOrW17dhYJPcdaJTRU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655bcf2b120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":587,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/7784.df07a876b22e3b2a83e9.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-53e5\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R%2BpiH3X77pjSMCBx90gqiLqqvXnvP6Jk8yBWkKoC08WC59RKOUzr6AVb%2Bloxt5WpoX5fa4u%2BrfA8l5IJea60m%2F0DZ9UU8VWSMkSSdT1X\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655bcf2d120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":586,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/5905.db5d2749ecb90aaf2752.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:23.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-223c9\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vQS772DUIjI4kfvtEaDz9wpy01t5F7%2FKH75DMKQ2RtxwR%2BwY4O3yT6XU79iyOF5uALCKySyB04rzRtPDp%2B%2FkY5ptIMOvyscQ4ltTRetq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 9919655f9fcc120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":797,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":601,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","date":"2025-10-20T15:02:24.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"674840af-10037\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l1qYLNe%2FDCEoV2enI4mphVnHnAq%2BWV%2FiZRsqspgDcxVFStrF1YzH29xnv588lRsSHU1eBrjxLFEN7ki9tQcnRfwO3MiHB8q127mJvE%2Bh\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196564b8e4120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":823,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":214,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/2976.a8659c79b4c68f3cdc43.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:22.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /2976.a8659c79b4c68f3cdc43.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002d-3878\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nage: 0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q7UKwcowjLSQigHhLUMeNrCAItLTKN1tGSFgekpw9HO39RuNtiyvdeajToIT0yYG6TCqBHwTHnfUxDbnPZarxRf2JrlXAehX6RyR5F4c\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 991965578eaf120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"515db62c50f50011462a382e852e295d","sha1":"693e023b6bc48ec9a6a7e4f064e5584ecf8ac3f6","sha256":"0ffaf6aed5a83a77b0248099e886fd8e416fdbf07a031feb4f2943728411b9de","sha512":"d8bb044fc820e9eca5fe0b59753208b3ccdb67514a8d521ff5d8ea8100afb8ed9d2141fa3e568ea13d84af41cf185f79880b23c90c98dff818cfde490f7e7d4e","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2x:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCz","tlshash":"b45219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed73d27ec6f172f62","first_seen":"2025-07-22T15:11:00.856165Z","last_seen":"2026-04-04T20:26:35.602852Z","times_seen":529,"resource_available":false,"data":null}},"time_used":651,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":649,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/compatTest.js","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:17.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877002e-9f0\"\r\nstrict-transport-security: max-age=15552000; preload\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eUfs0CeexccPGPIWQ8u9AZwc6yyyptJ1aJtPwrFkWy5FCupa9GB4v%2FLFicZw06rq2tzlPEJSGtbD64XeHRpK%2BLFctl%2BWrlLESvGjNXQE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncf-ray: 99196538f990120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2544,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-04T23:52:43.635509Z","times_seen":13998,"resource_available":true,"data":null}},"time_used":631,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":631,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:19.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/main.f605f09e93c9b9c99e2b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 11016\r\nlast-modified: Thu, 28 Nov 2024 10:06:39 GMT\r\netag: \"674840af-2b08\"\r\nstrict-transport-security: max-age=15552000; preload\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U993i5hnPMyszddcsi2%2FBraKA7azlMBqzmeWRWa5a1pm6sPB0QvOaefMwpOdfVp2avbgrrsnfxHupvumcyTU1b8OskliTskO%2BQBOt%2Fvq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 99196540daeb120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11016,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11016, version 1.0","md5":"15fa3062f8929bd3b05fdca5259db412","sha1":"6ff06a34f68ad0324ddec1bbe4d453c959178b36","sha256":"5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479","sha512":"07e96d7520b4ede158e77bef10a01a33cd8be7d263fe6900f89c023e65e4a63570e8a442dec2e96030fb563b25610005a748d48f9330fd31eb91b37d1003d376","ssdeep":"192:Tysuo7z1NVoTUYAKVOO7YVxRwHQUXFI5xoBwH9f4d9QFmOfiS:TvdvVoTSjOYR4QUVIgBwpFLaS","tlshash":"6e32af8071ff1c50ff85c2f69be68efa2c2b1895c619016f5240b476397525e9c294bb","first_seen":"2023-04-05T09:25:54Z","last_seen":"2026-04-05T05:16:38.942551Z","times_seen":33015,"resource_available":false,"data":null}},"time_used":782,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":589,"receive":193,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teiebbxicf.top/notification.mp3","fqdn":"teiebbxicf.top","domain":"teiebbxicf.top","tld":"top"},"ip":{"addr":"172.67.154.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://teiebbxicf.top/","date":"2025-10-20T15:02:19.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teiebbxicf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 10:39:17 GMT","end":"Tue, 13 Jan 2026 11:36:22 GMT"},"fingerprint":{"sha1":"75:7B:28:C2:31:0A:A6:3D:71:58:BC:19:BB:21:C9:D5:43:85:28:85","sha256":"C0:01:4F:E7:C4:CC:B3:35:6A:E2:47:25:9F:9C:87:D5:DF:76:A0:32:E9:94:F7:1D:99:6C:81:C2:DA:F8:64:05"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: teiebbxicf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teiebbxicf.top/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Mon, 20 Oct 2025 15:02:19 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 10880\r\nlast-modified: Wed, 16 Jul 2025 01:28:14 GMT\r\netag: \"6877002e-2a80\"\r\nstrict-transport-security: max-age=15552000; preload\r\naccept-ranges: bytes\r\ncontent-range: bytes 0-10879/10880\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YE4jGlr6YGdFsCwz4fKpkrqLlSHMsHzNEeLd8csKM1TrktLhQLu6%2F7Yr5thIl9tRjfIn3GxPWJI%2BT2CZ3k06HFG6yCYz4pyecDEP9ztj\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 991965410af3120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-05T02:20:45.425787Z","times_seen":16537,"resource_available":false,"data":null}},"time_used":790,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":598,"receive":192,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-20","alert":"Phishing Block","trigger":"teiebbxicf.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"teiebbxicf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}