{"report_id":"a932c2b0-1252-4494-a614-b570110f98c0","version":6,"status":"done","tags":[],"date":"2026-03-28T06:29:02Z","url":{"schema":"https","addr":"www.tgramzok.top/","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"www.tgramzok.top/","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"title":"Telegram","dom":{"size":3124,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3124), with no line terminators","md5":"d34c58723a1f432c364c80615a3af9db","sha1":"1c11a82b0c92dcd3e716549f937fa83a3157e2eb","sha256":"8f6d7775c4f0b45db2492ac5ae6a4b713ac34c0116a60052c42aa314cfd5b7d9","sha512":"96ec9123d4f32446931c830c354e11a77f2150d03843e2bfd34ff6b35839492f30fab697ac4a142276697086e67e95a4ed5b3408581d9c27c49bc613b628facf","ssdeep":"","tlshash":"885132938b18c84e2321863ad5b3f0ccc216d44edab47c50f58545ab4ae5ff0c573266","dom_hash":"domhash0f31abafeaf2029a3dea65104db1780c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"www.tgramzok.top/","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T06:29:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.tgramzok.top","ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2026-03-21","domain_rank":0,"first_seen":"2026-03-28T06:24:22.694599Z","last_seen":"2026-03-28T06:24:22.694599Z","alert_count":64,"request_count":30,"received_data":1589500,"sent_data":13777,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.tgramzok.top/compatTest.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"f1ab325e5ad16479bba6b3e3d4c5f9f8","sha1":"4f4111ca121fe0c469712c5103861f6e2dd258a5","sha256":"b29c4ecbce8aa08374c42036e9d0fc3f563c34335ba2951e2b9d45e8eafcdbf6","sha512":"8917e9026583eab7f6775a5eec11dccbcd32c9bf7a5b597a3f67850eb444c6d38b8218d79114dfd305fbc61e812c343f24752a90b27ac0b41a3a5b3d08b89b31","ssdeep":"","tlshash":"9e5103191db5726150796166bb1bb2437a294133050cfb64a620cf393eb285bc19fde9","size":2593,"data":"","first_seen":"2025-04-18T13:17:13.044436Z","last_seen":"2026-03-28T06:29:04.182674Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/main.40b56ba60d5fec63a885.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"a87d58301acb8d166e42b71af19a30ea","sha1":"5e8747aed1720f4500352b83e9e4f4f190419ed3","sha256":"001c518815ca8f3110f7ee043ad7e25c0fd0d75732124ae619788bf9b34a4f7d","sha512":"9545f28255e6ff183ba514d0c273c70ab1364a0e5d1eb8a283e807b15de16097b884d507f6db82bc4e3e4946804d23154132a06656fcffb5e574b61e93f5fcba","ssdeep":"12288:TS5Ars3PpzX1OfgNxn3OdAkqpFOlTvSH7ZyMwmPwH5Z:TS5Ar/AOlTvSIZZ","tlshash":"9aa45dc57186b0e6a7d704e698bf4248f63459043809c460f0acfdda3a669dbb273f5e","size":454594,"data":"","first_seen":"2026-03-28T06:24:25.921596Z","last_seen":"2026-03-28T06:29:04.188902Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/6708.457f852af5d5245dd736.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c8093d8582055bedeac41e8a05f9644","sha1":"78e5b30902e423bdc3faf1d779a6b500ef21dacd","sha256":"b8f7d33d4ae2a6d7370fa8cee5abb7365cbd6f265073e02c64ffe3ee744beb26","sha512":"eaa4cc184d380459dcf6c1b911bab5de711008e7c064b31dde595bbc75219ff2f651f2e975abd54b21ee08c07706055af2dac25f437868b56d7a29a4d64fa2d2","ssdeep":"192:5CUUFqWvIeXNIYyDWaMd9m8tCKk/YohoDc+EuOYuzCUzmONz16dWQ5a1l8/o:5SvZXKYyDtMHm8gKkPOD/EuOYuzNmONX","tlshash":"8d320981b122b4bea2a6d4c5e9294b03aa3595543c0d91bcf77c78f72c5584730bcf3a","size":10938,"data":"","first_seen":"2024-09-28T13:43:27Z","last_seen":"2026-03-28T06:29:04.189968Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/redirect.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"17773b57b87a678c98e26a7cac72df6c","sha1":"7422857aa75ee81cabcec2eed6c4a6168f363ee1","sha256":"375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f","sha512":"28d9e1c2af08154e653e2291db46f4110edbf9f5591192f8d695c8852f9c3c755d69dfb5a032a45f51e0a3fc9417f16c20d0772b1225ca9b85e5531e12fa8bfc","ssdeep":"","tlshash":"e8e07dda0279030417e013f36d82b4709137c2fb604c5d028d984321a1b9b4f5b7b84f","size":325,"data":"","first_seen":"2023-07-27T09:32:34Z","last_seen":"2026-04-22T03:26:06.223593Z","times_seen":11422,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.tgramzok.top/9357.5b45ea8a5ecbe3e451b3.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9357.5b45ea8a5ecbe3e451b3.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-ad6\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2774,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2720)","md5":"3115fe7a8811a0354d555cfbc16e2f01","sha1":"7f84f15ef75e2208ba59bb1d4ec2142cc8ed94c8","sha256":"75a3437d39c0408048a2020239cadd72a0b96db447a00119efd733315bb42031","sha512":"d0aa742737932bdb7260a5264f674888160e9cc26c28e5f471370bec1d43c204978b1b9d30f2d19d636db03fd67f60a42f4aeade53c590bc2aba8fa5666f12b3","ssdeep":"","tlshash":"d651c844277238ba1ce347aa745b37124c3613b17c19e8922609beeb46b664f5b07f4b","first_seen":"2026-03-28T06:24:25.91359Z","last_seen":"2026-03-28T06:29:04.181895Z","times_seen":2,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/compatTest.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:41.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 12:25:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e7a9ae-a21\"\r\nexpires: Sat, 28 Mar 2026 18:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2593,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"f1ab325e5ad16479bba6b3e3d4c5f9f8","sha1":"4f4111ca121fe0c469712c5103861f6e2dd258a5","sha256":"b29c4ecbce8aa08374c42036e9d0fc3f563c34335ba2951e2b9d45e8eafcdbf6","sha512":"8917e9026583eab7f6775a5eec11dccbcd32c9bf7a5b597a3f67850eb444c6d38b8218d79114dfd305fbc61e812c343f24752a90b27ac0b41a3a5b3d08b89b31","ssdeep":"","tlshash":"9e5103191db5726150796166bb1bb2437a294133050cfb64a620cf393eb285bc19fde9","first_seen":"2025-04-18T13:17:13.044436Z","last_seen":"2026-03-28T06:29:04.182674Z","times_seen":73,"resource_available":true,"data":null}},"time_used":808,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":808,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/icon-192x192.png","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:42.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad784-bf3\"\r\nexpires: Mon, 27 Apr 2026 06:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3059,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"1a1650d2c76bfc1ac484646c19e495b9","sha1":"fe58d66042ce9241226f5da9370230285ff604fc","sha256":"6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8","sha512":"79c5c9278959bc94f66434779bebc1b46c055655f0bc58aa375f179c227e7ac0e52dea196764719d42aadcf98e4fd3b5a4488f2db977edde430aa3df733c03bc","ssdeep":"","tlshash":"bd514cd3253318e8e2dbfd7ace62041f656691ce5638ec120568de720c8985dc070caa","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-22T03:26:06.233964Z","times_seen":16225,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/5905.efaeccc9ed0bc890f551.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-18T18:22:11.323852Z","times_seen":977,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/9357.5b45ea8a5ecbe3e451b3.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:47.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9357.5b45ea8a5ecbe3e451b3.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-ad6\"\r\nexpires: Sat, 28 Mar 2026 18:28:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2774,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2720)","md5":"3115fe7a8811a0354d555cfbc16e2f01","sha1":"7f84f15ef75e2208ba59bb1d4ec2142cc8ed94c8","sha256":"75a3437d39c0408048a2020239cadd72a0b96db447a00119efd733315bb42031","sha512":"d0aa742737932bdb7260a5264f674888160e9cc26c28e5f471370bec1d43c204978b1b9d30f2d19d636db03fd67f60a42f4aeade53c590bc2aba8fa5666f12b3","ssdeep":"","tlshash":"d651c844277238ba1ce347aa745b37124c3613b17c19e8922609beeb46b664f5b07f4b","first_seen":"2026-03-28T06:24:25.91359Z","last_seen":"2026-03-28T06:29:04.181895Z","times_seen":2,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:47.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad784-10037\"\r\nexpires: Sat, 28 Mar 2026 18:28:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-19T23:35:33.634143Z","times_seen":14995,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T06:28:40.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:41 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 09 Mar 2026 21:05:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af3630-c05\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3077,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3077), with no line terminators","md5":"985deb053dbbeae3067d5a081ad8d3fe","sha1":"d12bd04dc40d8f619599e7e81b1f6669ea987d19","sha256":"67743b498794416c8e79efe45cd5f8e2586271b1e4a210dc0dbd9ea09c26e5b9","sha512":"bfcf5718170f017e83b7c337ffed8085f8e67d9adb2d4fa0b778a73817ff4d727bea7b069778e1d035d316b50af92ec76f3fe342be3145668a57a11045f76ade","ssdeep":"","tlshash":"305110938b28c84e2321863adab3f0c8c616d44ed9b47c50f58556ab49f1ff0d573265","first_seen":"2026-03-28T06:24:25.928257Z","last_seen":"2026-03-28T06:29:04.184911Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1284,"timings":{"blocked":513,"dns":1,"connect":253,"send":0,"wait":253,"receive":0,"ssl":261},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/redirect.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:41.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /redirect.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:41 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 325\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\netag: \"68bad784-145\"\r\nexpires: Sat, 28 Mar 2026 18:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":325,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"17773b57b87a678c98e26a7cac72df6c","sha1":"7422857aa75ee81cabcec2eed6c4a6168f363ee1","sha256":"375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f","sha512":"28d9e1c2af08154e653e2291db46f4110edbf9f5591192f8d695c8852f9c3c755d69dfb5a032a45f51e0a3fc9417f16c20d0772b1225ca9b85e5531e12fa8bfc","ssdeep":"","tlshash":"e8e07dda0279030417e013f36d82b4709137c2fb604c5d028d984321a1b9b4f5b7b84f","first_seen":"2023-07-27T09:32:34Z","last_seen":"2026-04-22T03:26:06.223593Z","times_seen":11422,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:42.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/main.286c05c9c52b8255220f.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:42 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 11016\r\nlast-modified: Fri, 05 Sep 2025 12:28:50 GMT\r\netag: \"68bad782-2b08\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11016,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11016, version 1.0","md5":"15fa3062f8929bd3b05fdca5259db412","sha1":"6ff06a34f68ad0324ddec1bbe4d453c959178b36","sha256":"5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479","sha512":"07e96d7520b4ede158e77bef10a01a33cd8be7d263fe6900f89c023e65e4a63570e8a442dec2e96030fb563b25610005a748d48f9330fd31eb91b37d1003d376","ssdeep":"192:Tysuo7z1NVoTUYAKVOO7YVxRwHQUXFI5xoBwH9f4d9QFmOfiS:TvdvVoTSjOYR4QUVIgBwpFLaS","tlshash":"6e32af8071ff1c50ff85c2f69be68efa2c2b1895c619016f5240b476397525e9c294bb","first_seen":"2023-04-05T09:25:54Z","last_seen":"2026-04-22T07:03:23.852482Z","times_seen":33234,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":254,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:47.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad784-10037\"\r\nexpires: Sat, 28 Mar 2026 18:28:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-19T23:35:33.634143Z","times_seen":14995,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/7784.4e167a928464165e6412.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-18T18:22:11.323314Z","times_seen":970,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/7784.4e167a928464165e6412.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-18T18:22:11.323314Z","times_seen":970,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/9357.5b45ea8a5ecbe3e451b3.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9357.5b45ea8a5ecbe3e451b3.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-ad6\"\r\nexpires: Sat, 28 Mar 2026 18:28:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2774,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2720)","md5":"3115fe7a8811a0354d555cfbc16e2f01","sha1":"7f84f15ef75e2208ba59bb1d4ec2142cc8ed94c8","sha256":"75a3437d39c0408048a2020239cadd72a0b96db447a00119efd733315bb42031","sha512":"d0aa742737932bdb7260a5264f674888160e9cc26c28e5f471370bec1d43c204978b1b9d30f2d19d636db03fd67f60a42f4aeade53c590bc2aba8fa5666f12b3","ssdeep":"","tlshash":"d651c844277238ba1ce347aa745b37124c3613b17c19e8922609beeb46b664f5b07f4b","first_seen":"2026-03-28T06:24:25.91359Z","last_seen":"2026-03-28T06:29:04.181895Z","times_seen":2,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/notification.mp3","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:42.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:42 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 10880\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\netag: \"68bad784-2a80\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-range: bytes 0-10879/10880\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-04-22T03:26:06.216739Z","times_seen":16581,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/favicon.svg","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:42.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:43 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 892\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\netag: \"68bad784-37c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-04-22T03:26:06.234668Z","times_seen":13806,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:45.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9722.8eb27cb0e02fbc9bea91.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-2fee\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12270,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12216)","md5":"560321a09f4f1782d003eb84002b17d2","sha1":"dd821ba35eee35006e3c5fa457580d32eb21cd3f","sha256":"f75ea5993f51df0409008365d7eda8b96c438c70f3299e2fc48e47e26a995116","sha512":"d86a323d7ee100bd7931e0a460138a510085b3cf740fe7294766d3e628f49c9c2519a6db19fba23589a4a6c79f6b207583ee6690f46d4d500bfbdd0ba6641755","ssdeep":"192:JjOqrc38On359fOCUR9d50WBSNj79R4j4Cqu1bEoEhoCfRERCGfEmSpfigtot6E4:JJrc38O359fOj9kxT4MCv1woEhbZACGY","tlshash":"1c42d6c52302a43ee39698d8987f14136134da58781985687b2eaed73c2bdc6f0b1f72","first_seen":"2026-03-28T06:24:25.900757Z","last_seen":"2026-03-28T06:29:04.188089Z","times_seen":2,"resource_available":false,"data":null}},"time_used":499,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":499,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/7784.4e167a928464165e6412.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-18T18:22:11.323314Z","times_seen":970,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/5905.efaeccc9ed0bc890f551.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-18T18:22:11.323852Z","times_seen":977,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/main.40b56ba60d5fec63a885.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:41.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /main.40b56ba60d5fec63a885.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Mar 2026 11:51:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c51dc2-6efc2\"\r\nexpires: Sat, 28 Mar 2026 18:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":454594,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"a87d58301acb8d166e42b71af19a30ea","sha1":"5e8747aed1720f4500352b83e9e4f4f190419ed3","sha256":"001c518815ca8f3110f7ee043ad7e25c0fd0d75732124ae619788bf9b34a4f7d","sha512":"9545f28255e6ff183ba514d0c273c70ab1364a0e5d1eb8a283e807b15de16097b884d507f6db82bc4e3e4946804d23154132a06656fcffb5e574b61e93f5fcba","ssdeep":"12288:TS5Ars3PpzX1OfgNxn3OdAkqpFOlTvSH7ZyMwmPwH5Z:TS5Ar/AOlTvSIZZ","tlshash":"9aa45dc57186b0e6a7d704e698bf4248f63459043809c460f0acfdda3a669dbb273f5e","first_seen":"2026-03-28T06:24:25.921596Z","last_seen":"2026-03-28T06:29:04.188902Z","times_seen":2,"resource_available":true,"data":null}},"time_used":508,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":508,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:45.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9722.8eb27cb0e02fbc9bea91.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-2fee\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12270,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12216)","md5":"560321a09f4f1782d003eb84002b17d2","sha1":"dd821ba35eee35006e3c5fa457580d32eb21cd3f","sha256":"f75ea5993f51df0409008365d7eda8b96c438c70f3299e2fc48e47e26a995116","sha512":"d86a323d7ee100bd7931e0a460138a510085b3cf740fe7294766d3e628f49c9c2519a6db19fba23589a4a6c79f6b207583ee6690f46d4d500bfbdd0ba6641755","ssdeep":"192:JjOqrc38On359fOCUR9d50WBSNj79R4j4Cqu1bEoEhoCfRERCGfEmSpfigtot6E4:JJrc38O359fOj9kxT4MCv1woEhbZACGY","tlshash":"1c42d6c52302a43ee39698d8987f14136134da58781985687b2eaed73c2bdc6f0b1f72","first_seen":"2026-03-28T06:24:25.900757Z","last_seen":"2026-03-28T06:29:04.188089Z","times_seen":2,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:47.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad784-10037\"\r\nexpires: Sat, 28 Mar 2026 18:28:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-19T23:35:33.634143Z","times_seen":14995,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/main.286c05c9c52b8255220f.css","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:41.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /main.286c05c9c52b8255220f.css HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 05 Sep 2025 16:35:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bb113e-1b699\"\r\nexpires: Sat, 28 Mar 2026 18:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":112281,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (10797)","md5":"2d58558218de60c8bcb9de7339b5632b","sha1":"20528eadf705cd9ac76a690001a67302154a5b35","sha256":"e48ac8a95fabb212bbc94150995bce6451d56b80711f360553798156eda63225","sha512":"990790238796f53db20c1b8cdb7c639d31404146645cb9b6e5b902cbaece761d0d4d7f88af2f71d7a072f4259c97f6a7f4f2569c6d1cb649c84732a40987b90c","ssdeep":"768:2KKinmlPrbvZzCbgdKNx2Ig37d3hnoo9eb6Ub0vrAnDIbhAkB56tfEEV+SorlKxt:2biUCbx2Ig3p3Omr5yrfAst","tlshash":"86b3e8a8e94411f9a723c23e97c4e76c9d38e441de210fafb247655c07ca3eb11e2b59","first_seen":"2025-04-07T11:42:36.809812Z","last_seen":"2026-03-28T06:29:04.189513Z","times_seen":505,"resource_available":false,"data":null}},"time_used":810,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":810,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/6708.457f852af5d5245dd736.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:45.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /6708.457f852af5d5245dd736.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-2aba\"\r\nexpires: Sat, 28 Mar 2026 18:28:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10938,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10884)","md5":"8c8093d8582055bedeac41e8a05f9644","sha1":"78e5b30902e423bdc3faf1d779a6b500ef21dacd","sha256":"b8f7d33d4ae2a6d7370fa8cee5abb7365cbd6f265073e02c64ffe3ee744beb26","sha512":"eaa4cc184d380459dcf6c1b911bab5de711008e7c064b31dde595bbc75219ff2f651f2e975abd54b21ee08c07706055af2dac25f437868b56d7a29a4d64fa2d2","ssdeep":"192:5CUUFqWvIeXNIYyDWaMd9m8tCKk/YohoDc+EuOYuzCUzmONz16dWQ5a1l8/o:5SvZXKYyDtMHm8gKkPOD/EuOYuzNmONX","tlshash":"8d320981b122b4bea2a6d4c5e9294b03aa3595543c0d91bcf77c78f72c5584730bcf3a","first_seen":"2024-09-28T13:43:27Z","last_seen":"2026-03-28T06:29:04.189968Z","times_seen":74,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/7784.4e167a928464165e6412.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /7784.4e167a928464165e6412.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-53e6\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21341)","md5":"0c6c6d56524f9928ea4a925bbe46f2b9","sha1":"819d484673709289d0fb6907b752bff1f9f89940","sha256":"01a16ae644097aed32a219b9eb3f8a18d6f139ce663bd39c4e826f02005d2778","sha512":"af2e03e57860072ab55794fdc5b397e85f6ef240e50c5fa3ae1f36dc9b90cd0b0c9073375f87fedfbc136dc7604dc2850455dc4b8b678ae839b4f39e6b7275bd","ssdeep":"384:pAdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyU:pAdJR7dHt8cVL3oQ0LeIkf502NBTQUYa","tlshash":"e0a21ab766f915d652e848e808cb189950f4e0223d86293d5134edd220f2cdbf2eb9bd","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-18T18:22:11.323314Z","times_seen":970,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/5905.efaeccc9ed0bc890f551.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-18T18:22:11.323852Z","times_seen":977,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":493,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:47.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:28:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad784-10037\"\r\nexpires: Sat, 28 Mar 2026 18:28:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-04-19T23:35:33.634143Z","times_seen":14995,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"www.tgramzok.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:45.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9722.8eb27cb0e02fbc9bea91.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-2fee\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12270,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12216)","md5":"560321a09f4f1782d003eb84002b17d2","sha1":"dd821ba35eee35006e3c5fa457580d32eb21cd3f","sha256":"f75ea5993f51df0409008365d7eda8b96c438c70f3299e2fc48e47e26a995116","sha512":"d86a323d7ee100bd7931e0a460138a510085b3cf740fe7294766d3e628f49c9c2519a6db19fba23589a4a6c79f6b207583ee6690f46d4d500bfbdd0ba6641755","ssdeep":"192:JjOqrc38On359fOCUR9d50WBSNj79R4j4Cqu1bEoEhoCfRERCGfEmSpfigtot6E4:JJrc38O359fOj9kxT4MCv1woEhbZACGY","tlshash":"1c42d6c52302a43ee39698d8987f14136134da58781985687b2eaed73c2bdc6f0b1f72","first_seen":"2026-03-28T06:24:25.900757Z","last_seen":"2026-03-28T06:29:04.188089Z","times_seen":2,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/","date":"2026-03-28T06:28:45.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9722.8eb27cb0e02fbc9bea91.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-2fee\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12270,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12216)","md5":"560321a09f4f1782d003eb84002b17d2","sha1":"dd821ba35eee35006e3c5fa457580d32eb21cd3f","sha256":"f75ea5993f51df0409008365d7eda8b96c438c70f3299e2fc48e47e26a995116","sha512":"d86a323d7ee100bd7931e0a460138a510085b3cf740fe7294766d3e628f49c9c2519a6db19fba23589a4a6c79f6b207583ee6690f46d4d500bfbdd0ba6641755","ssdeep":"192:JjOqrc38On359fOCUR9d50WBSNj79R4j4Cqu1bEoEhoCfRERCGfEmSpfigtot6E4:JJrc38O359fOj9kxT4MCv1woEhbZACGY","tlshash":"1c42d6c52302a43ee39698d8987f14136134da58781985687b2eaed73c2bdc6f0b1f72","first_seen":"2026-03-28T06:24:25.900757Z","last_seen":"2026-03-28T06:29:04.188089Z","times_seen":2,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/5905.efaeccc9ed0bc890f551.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:46.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /5905.efaeccc9ed0bc890f551.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Sep 2025 12:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68bad82a-223ca\"\r\nexpires: Sat, 28 Mar 2026 18:28:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140234,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"64a6ce633fb3d0e45c76444320599966","sha1":"797ac0ce9a80a16667b4cb5e3ace93e066f0af67","sha256":"19029ef084d2b11071ef27c229253b68aee1da038eff08f5af99718a9d48ecbc","sha512":"1c8f178e73daab5a389a4276faeb9f608f3cd6e2616aa60f476e9fdcaf18181ab652f72bd58645597aacc9c5e237486ad2359dc8ba0e7fce4aec04f83074d61f","ssdeep":"1536:WW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rsz:JXxq8mwmJs9L","tlshash":"04d3c682f86424125382b1e654760709773af41ca9c940acfe6cfed569bcd8d32afb34","first_seen":"2024-05-27T01:56:11Z","last_seen":"2026-04-18T18:22:11.323852Z","times_seen":977,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tgramzok.top/9357.5b45ea8a5ecbe3e451b3.js","fqdn":"www.tgramzok.top","domain":"tgramzok.top","tld":"top"},"ip":{"addr":"143.92.60.213","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js","date":"2026-03-28T06:28:47.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tgramzok.top","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 27 Mar 2026 07:00:00 GMT","end":"Thu, 25 Jun 2026 06:59:59 GMT"},"fingerprint":{"sha1":"C4:46:6C:38:3A:7F:B1:AB:E0:E4:E0:9E:5B:BB:D0:51:94:07:D2:23","sha256":"38:09:44:F6:86:8B:26:A1:75:19:45:AB:C6:6C:1D:56:CB:02:DB:11:DF:86:04:CB:50:7E:4D:9E:88:8F:80:94"}}},"request":{"raw":"GET /9357.5b45ea8a5ecbe3e451b3.js HTTP/1.1\r\nHost: www.tgramzok.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.tgramzok.top/9722.8eb27cb0e02fbc9bea91.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 06:28:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 21:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69af362e-ad6\"\r\nexpires: Sat, 28 Mar 2026 18:28:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2774,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2720)","md5":"3115fe7a8811a0354d555cfbc16e2f01","sha1":"7f84f15ef75e2208ba59bb1d4ec2142cc8ed94c8","sha256":"75a3437d39c0408048a2020239cadd72a0b96db447a00119efd733315bb42031","sha512":"d0aa742737932bdb7260a5264f674888160e9cc26c28e5f471370bec1d43c204978b1b9d30f2d19d636db03fd67f60a42f4aeade53c590bc2aba8fa5666f12b3","ssdeep":"","tlshash":"d651c844277238ba1ce347aa745b37124c3613b17c19e8922609beeb46b664f5b07f4b","first_seen":"2026-03-28T06:24:25.91359Z","last_seen":"2026-03-28T06:29:04.181895Z","times_seen":2,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"www.tgramzok.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}