{"report_id":"91115fca-b7df-4696-8bfa-83f2341a0f6a","version":6,"status":"done","tags":[],"date":"2025-11-28T00:15:28Z","url":{"schema":"http","addr":"telegjmok.green/","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"telegjmok.green/","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"title":"Telegram","dom":{"size":3964,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3862)","md5":"cc5dc2311e4114d4b4ce5bfe670148e2","sha1":"90231cac50b897ad145eb652a11c9204122e0750","sha256":"1e75062be0ae0dc732227f223fd7835ad645ed1c24e70d6eda332d508b89b98c","sha512":"4a68d6bc54e682afb984f28d6b0a33700723e764ab23a6a07fb4de0cde040e257096a5ab2348641f73fc7a9c705992116ac93476b80e644b6e7108f95c2cd3d2","ssdeep":"","tlshash":"ba81caa35934881d1216a327d6b6f38c5633e12f9b5179c0f49dd4a64e94ee4446387c","dom_hash":"domhasheb25360fee8dd4c683ad6062a8b207b4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"telegjmok.green/","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-02T00:15:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-28","alert":"Hunting_JS_WebAssembly","trigger":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"telegjmok.green","ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-28T00:15:29.323019Z","last_seen":"2025-11-28T00:15:29.323019Z","alert_count":104,"request_count":25,"received_data":1440499,"sent_data":11458,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"telegjmok.green/main.74a858e950b3cb360b11.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a825e669d8ff4295ab072c7e339ef88d","sha1":"0e85d5e1fa69f8897007eb8cf86b9baeffcbc71e","sha256":"ff07595993768488c6d7aa1a66394e591d23a8a99c98ed6c67c86532f185f199","sha512":"ebbe4573e9b5d5ce85f583eafe4101a0145f886b08591034690bb9e9095b5991b9caf9f9264dd0d2101c8d78bf1fbb7a08e58f3405eb785e2bdac988ce41bac1","ssdeep":"6144:WS0e3PrB+9r/Vq2FNZibe1UFmMz0cuLyYo8BfXxK8r:x0e3PrB+9r/xzwbUUPzSyYhBfxK8r","tlshash":"cd545cc5b28175a962eb15e6987b4618fb3419003804c4a0f1fcfd9d3e76dcb52a3fa9","size":296589,"data":"","first_seen":"2025-07-13T17:18:25.954814Z","last_seen":"2026-04-04T23:52:43.637812Z","times_seen":1666,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/8673.1b6dd8d303b0535cc1f8.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","size":10696,"data":"","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-04T23:52:43.632681Z","times_seen":12911,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/compatTest.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","size":2544,"data":"","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-04T23:52:43.635509Z","times_seen":13998,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736411-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hHNBN%2BesmDHy4u7CBzGoKqYekYLzH4JwQHUiHA86tNR9JIi%2BESRxsk2sH39%2B5hJ3YS%2Fp2wyPLEZpP8chS9Pn%2BSGUE%2BPEzZ%2FNSOafkG1Jlw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab68ae200daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":618,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":418,"receive":200,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-28","alert":"Hunting_JS_WebAssembly","trigger":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736411-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Bf1bSTwUmRwlO36jjst%2FHzjjtv9LVNESmc7roHJsmyTQKFO%2Bjw87EGDKdHeMt9uTFryFD%2Bc0wuDENVvL6%2BtxSe602kDi6quZqranB0%2B5Kg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab68be240daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":617,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":418,"receive":199,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-28","alert":"Hunting_JS_WebAssembly","trigger":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/compatTest.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:06.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-9f0\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mie3mBoBxT%2FzcVdmiwi%2Frl8mzllQa9AMlVgW9llrqu7cJnWara4b%2FCmVUbPm86t1AJY5v9RRbutKQbnB1QIyZbqMr9UCAB4dS06btu1PVQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab439b370daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2544,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-04-04T23:52:43.635509Z","times_seen":13998,"resource_available":true,"data":null}},"time_used":426,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":426,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/icon-192x192.png","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:08.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 3059\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\npriority: u=6,i=?0\r\netag: \"68736410-bf3\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7OaHRNCAEJhM3xva5zDnLLZ6fNXnJ2byVT%2F8Di%2BFH2y0GifocN%2BNqG7Q2xS3%2BqVjYyaDn2yWSmi3Lfmo78SYocPnP%2F4jOSV%2FXXZFOSDORQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 9a55ab4b5bea0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3059,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"1a1650d2c76bfc1ac484646c19e495b9","sha1":"fe58d66042ce9241226f5da9370230285ff604fc","sha256":"6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8","sha512":"79c5c9278959bc94f66434779bebc1b46c055655f0bc58aa375f179c227e7ac0e52dea196764719d42aadcf98e4fd3b5a4488f2db977edde430aa3df733c03bc","ssdeep":"","tlshash":"bd514cd3253318e8e2dbfd7ace62041f656691ce5638ec120568de720c8985dc070caa","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-05T02:20:45.419469Z","times_seen":16183,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/2976.568b5f08af1f452255f3.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:11.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zQxvsozxul4nCFxDdd8Z4y9smFN78o2Uo%2F1X1deDKyYNm2y%2FU%2Bv10x0RlAsDZzN7t7%2FSxwwW5f%2BQ2FsZCe1QhiJuAuADMpnQmonw8Gp16w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab5f9d430daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-04T23:52:43.63068Z","times_seen":1665,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":406,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/2976.568b5f08af1f452255f3.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:11.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TbGZQ13bg1ARSnjABTXbQRczB%2FA%2FR%2BF2%2BbGtsy6gwPi4HRbVhr6MENh9zKTB8CRUqiZY3Vn6JzDWwLPI05IMcyUMEHo8Ns42N5oJWJNrFQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab5fad450daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-04T23:52:43.63068Z","times_seen":1665,"resource_available":false,"data":null}},"time_used":403,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":402,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/7784.df07a876b22e3b2a83e9.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:11.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ya5milj02y%2FnUPaz9arI6cEzvbN6pvsIbxkYAyxuejuHckTvcGzzLwK8OtwXp0ZIxFHJ1272C%2FAegfCWPKDitxk2FYPEDllS7zmWEo1pxQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab623d930daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":416,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":415,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/7784.df07a876b22e3b2a83e9.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:11.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YBMiRiGzndwtjLQfMkD%2B25r5kM6mKYIWgAAZYcampmhtCjRXfy26TQEYpdnrWQ1skEUUS1bbP4kaGltal6ZSatnv%2Fr1Cda9jCo4fOR4EEQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab623d940daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":415,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/5905.db5d2749ecb90aaf2752.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-223c9\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BQDNRt55vgfNVJOTGhE8n6HNbmjQo88lYogxGY%2FfQOSUcqkJLu164VFvW%2Fuw1XCzfZpwgMnMPuFSgjiZ7QsLoer%2FdAQ9rfDBdiCbPeeDnA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab64eddc0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":575,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":387,"receive":188,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/2976.568b5f08af1f452255f3.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:11.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-3878\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R%2F0VrdNqUB7LMQap9ehGiGvrOtHLFrHznTiHOjAc1njPzUsCaW553vGAAJcfkQwK5VWT8mtSFVTqpt%2BZGkWDmVzCIIVncq5g6slcDKMM8g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab5f9d400daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-04T23:52:43.63068Z","times_seen":1665,"resource_available":false,"data":null}},"time_used":411,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":410,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736411-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VeFxc9NkUgeC258CgCigOStrmNgJeM7vfxI9Pd%2F8S61h36gnOeI4d6Y8IgU7yjk8OhOQ9SE6fRMCqcfoBCIHZ06SURKsYrxewGPMCGnzgw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab68be230daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":610,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":412,"receive":198,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-28","alert":"Hunting_JS_WebAssembly","trigger":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-28T00:15:06.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 28 Nov 2025 00:15:06 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=65,cfOrigin;dur=396\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z8FoCKXZtU%2B%2Fwb0Qfgx6TC89mXQnQaARyjVvoE7YAdtt3L0wPKZ%2BUHwZCJEHELGNoLf%2BpWJEFHaoQG6wj6AGzxNvxtKb8dGBHXpKuWs%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 9a55ab3faee60b3d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":3687,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3672)","md5":"2d129885455a89299f9ae3f5b4bf86ce","sha1":"c4a03e7e4d7ed13a09f3d8f81162da7291f68a08","sha256":"1462e32aa9f82e07b5ce6de18579e1dde80f1d5ceaee075af6e332ec2b3c83d4","sha512":"f25ebdd623f49cfbc010ccccc1442bf9329afb9af28320e521bb6ba02a971451ac5eb133ae4398d28ae4b63ee55fec8fd9580dec5880f56ff1eadfe0ef18e3ed","ssdeep":"","tlshash":"0a71d7e31914881d1212827be6b6f2cc9a36e02dad517c80f59dd8aa4df0fe044b3d7e","first_seen":"2025-11-28T00:15:34.921346Z","last_seen":"2025-11-28T00:15:34.921346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":47,"dns":27,"connect":2,"send":0,"wait":466,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:07.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/main.f605f09e93c9b9c99e2b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:08 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 11016\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\npriority: u=4,i=?0\r\netag: \"68736411-2b08\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TCLB24ULjV0BxUGfCZHi9BffnMfOjy%2BRidKXlDxxu9b8YmHEFq82IWvHxl%2FjFneIrWoUA9qdb3i2wrbY6BO7S37Da1kAeYlt9bwTZdVltQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 9a55ab4a1ba10daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11016,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11016, version 1.0","md5":"15fa3062f8929bd3b05fdca5259db412","sha1":"6ff06a34f68ad0324ddec1bbe4d453c959178b36","sha256":"5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479","sha512":"07e96d7520b4ede158e77bef10a01a33cd8be7d263fe6900f89c023e65e4a63570e8a442dec2e96030fb563b25610005a748d48f9330fd31eb91b37d1003d376","ssdeep":"192:Tysuo7z1NVoTUYAKVOO7YVxRwHQUXFI5xoBwH9f4d9QFmOfiS:TvdvVoTSjOYR4QUVIgBwpFLaS","tlshash":"6e32af8071ff1c50ff85c2f69be68efa2c2b1895c619016f5240b476397525e9c294bb","first_seen":"2023-04-05T09:25:54Z","last_seen":"2026-04-05T05:16:38.942551Z","times_seen":33015,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/notification.mp3","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:07.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:08 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 10880\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\npriority: u=4,i=?0\r\netag: \"68736411-2a80\"\r\ncontent-range: bytes 0-10879/10880\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uBYGqTuOzp4k7aQzVkNSofF0yE8l0eTbT8ieUxjF5Om%2FHKsA%2BlIY549UH30MFZyB6L7wWifeEqwd2Os01OQ%2Bjcqil4kkjhKkM4G0PSW14w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 9a55ab4a2ba20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-05T02:20:45.425787Z","times_seen":16537,"resource_available":false,"data":null}},"time_used":381,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":380,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/favicon.svg","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:08.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:08 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"68736410-37c\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ym2Io7R8y8wpfrqJLIKKcSKg86962CAqCEnsATXJQ0wbq47XoDwfl5XyY5NiXR2GtPqq8qv0BEegbKcxcFkKy8f%2FRdvAoTZmKXN6UAMfGg%3D%3D\"}]}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9a55ab4b6beb0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-04-05T02:20:45.418918Z","times_seen":13764,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/8673.1b6dd8d303b0535cc1f8.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:10.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /8673.1b6dd8d303b0535cc1f8.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-29c8\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TZ3rEQjO6gNRZC6L8WlgUyqZDjQd0YYWDKWpdJwrAKanah32TUNFw1ILAweCsLvH4Apd3cgflijRXvbZcPXWh6XCfn8%2BEeJX4SZ5CwJg%2Bw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab5cccf60daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10696,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10642)","md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-04-04T23:52:43.632681Z","times_seen":12911,"resource_available":true,"data":null}},"time_used":432,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":432,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/7784.df07a876b22e3b2a83e9.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:11.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-53e5\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iEtV%2BnFn5MgmGP1E6getr7ZElZwDPf%2Fv9UnDQ3ZxpvTKNQxXpvJkhV0L814x6OokedsLqR9sWZxG36QGDbk8J3Gd0ErHVPWCnLNPf89V%2Fw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab623d920daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":417,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/5905.db5d2749ecb90aaf2752.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Eg3Ex6I3N31FMawmd%2FbQ0iogIxhgfPRadSj88tO4r5DlR%2BnX5ndm5ZVeWGvwpDdyNPy1HmWl6JwRsZYgnOrMjdqEl3J4QguE6OutCT0%2B%2BA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab64eddd0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":573,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":387,"receive":186,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/5905.db5d2749ecb90aaf2752.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NsMGXNuRnqVl49b95Zw2RrXXUOfLFJn0qEk%2FpekgVUAX3h5ktZpNbbeL%2BaeITIJpfVEQORR%2FqMBZPObnYWoL8AcFuMJ1CfTVmlaolE4kfg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab64fde00daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":571,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":385,"receive":186,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/main.74a858e950b3cb360b11.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:06.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /main.74a858e950b3cb360b11.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736411-4868d\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4BUgkozX5dozG21Z5sYjpyghYtF3gmNgrCT3NDXACY7OxSjbfIUwWE0uRBVsM%2B0yBVNrJkgUMuLHsAbn63Tr8Hm%2FEZVDiKIPnnAHsrfZHQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab439b350daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":296589,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"a825e669d8ff4295ab072c7e339ef88d","sha1":"0e85d5e1fa69f8897007eb8cf86b9baeffcbc71e","sha256":"ff07595993768488c6d7aa1a66394e591d23a8a99c98ed6c67c86532f185f199","sha512":"ebbe4573e9b5d5ce85f583eafe4101a0145f886b08591034690bb9e9095b5991b9caf9f9264dd0d2101c8d78bf1fbb7a08e58f3405eb785e2bdac988ce41bac1","ssdeep":"6144:WS0e3PrB+9r/Vq2FNZibe1UFmMz0cuLyYo8BfXxK8r:x0e3PrB+9r/xzwbUUPzSyYhBfxK8r","tlshash":"cd545cc5b28175a962eb15e6987b4618fb3419003804c4a0f1fcfd9d3e76dcb52a3fa9","first_seen":"2025-07-13T17:18:25.954814Z","last_seen":"2026-04-04T23:52:43.637812Z","times_seen":1666,"resource_available":true,"data":null}},"time_used":943,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":386,"receive":557,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/main.f605f09e93c9b9c99e2b.css","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:06.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /main.f605f09e93c9b9c99e2b.css HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:07 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736411-1bb78\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OisYX8cSJWSclk9U3cRk98YdaM0NwU2GSIjGWdF2Pdgr4CqcYc1z%2BXMtn1kP7p0lLv3gOkLk559bRAnAANbU7Zzmo2ymMjmV%2BYmj8YfKEQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab439b360daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":113528,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11396)","md5":"3790619482279ecca6795f867b727f1d","sha1":"df3a6ff201408fa0f7b05e554673429950177172","sha256":"fd6d36c29954419dd38530e20cec4ecff0b687ccc2434b44036ef1df24371eaf","sha512":"d32602aa34de43734b51813bb4ae2bb034a20d5687828f07b7454ee55aeff71b5a7f6e94788c14e2e01f23e312a15c30583df8f57dfbcb0c859e693ae4707fbe","ssdeep":"768:2KKiamlPrbvZkRUbbjdKNx2Igt7d3tvoo9eb6Ub0v5ArCIw6KgW56tfEEV+UUrlT:2biIUbb62Igtp3Om5oGuf29","tlshash":"ddb3e898e94411f9a723c23e97c4e76c9d38e481de210fafb247654c07ca7eb11e2b59","first_seen":"2025-04-24T12:12:27.245489Z","last_seen":"2026-04-04T23:52:43.631185Z","times_seen":4284,"resource_available":false,"data":null}},"time_used":604,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":195,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/2976.568b5f08af1f452255f3.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/","date":"2025-11-28T00:15:11.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d33CRippDpOb4hYR43cj%2F60rOqY%2BpJy8TLRmU%2FczVSBbB1qs%2FRzKW5l8oBDnyktaZDMW5sF%2B9RpdDN7etT5xO9nPx%2B13cjQtKBjwtzQWfg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab5f9d440daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-04-04T23:52:43.63068Z","times_seen":1665,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":405,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/7784.df07a876b22e3b2a83e9.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:11.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1uyM6x6HSwJM48NTJLIHFLUhwuL%2BcDCeVMJ9Dc4ttusY6z4gVHFHydSoSjL3QTkvCsE61%2Be6c2VnKICkSSvX3NR6X2XeaDwyId9GQ%2FkuZA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab624d950daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-04-04T23:52:43.634998Z","times_seen":12704,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":409,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/5905.db5d2749ecb90aaf2752.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:12 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:20 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736410-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3rf9gXzf4EzflXZG88UPWQZXd6e3VWeVWycBFO%2BjYZxkYFq8cZYOh%2Ftnm6ewo2FhlWdL8361DuGRTQrTh8MeRNoXZJOzu%2BnEN%2Baw7xaAeA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab64edde0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-04-04T23:52:43.632167Z","times_seen":12731,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":387,"receive":185,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"telegjmok.green","domain":"telegjmok.green","tld":"green"},"ip":{"addr":"104.21.20.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegjmok.green/2976.568b5f08af1f452255f3.js","date":"2025-11-28T00:15:12.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegjmok.green","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 14:41:05 GMT","end":"Sun, 01 Feb 2026 15:37:39 GMT"},"fingerprint":{"sha1":"8F:62:52:0F:BD:75:0F:4D:6D:C3:93:FF:01:65:9D:24:1A:E4:53:F6","sha256":"49:10:65:47:CA:90:F0:F8:97:9E:35:DD:2A:64:26:92:CB:20:6D:55:2F:4E:E7:A4:62:00:B7:C6:16:27:0E:EB"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: telegjmok.green\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegjmok.green/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 28 Nov 2025 00:15:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 07:45:21 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736411-10037\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XE2EgxYlgly9xoH5CjllphBcL7sAcJaAfVpHnXxXxsdS9Hr2l9nW6XVCHJYZsxg9Nswtob%2B3iNpjv2LvSAwyZp1FxfRgjYx%2B9ckxkRX53g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9a55ab68ae1f0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-05T02:20:45.422464Z","times_seen":14960,"resource_available":false,"data":null}},"time_used":621,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":422,"receive":199,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-28","alert":"Hunting_JS_WebAssembly","trigger":"telegjmok.green/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-28","alert":"Phishing Block","trigger":"telegjmok.green","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"telegjmok.green","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}