{"report_id":"ce62d5ce-d1e4-4d5e-9977-9abf87a42fbe","version":6,"status":"done","tags":[],"date":"2026-03-28T06:11:43Z","url":{"schema":"https","addr":"tejegvhxol.top/","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"tejegvhxol.top/","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"title":"Telegram","dom":{"size":3045,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2943)","md5":"1e00514240e4f4cb1f37b538062e3606","sha1":"37ab052babd20671448dda2a85d206a64013b421","sha256":"14104028425f8ef80189fb7d2428623642821e53ce1852de7bd6b133d3603bbe","sha512":"51110f2a18b89bf279142c9d4c97b424f729fefeb510cc5d3a18893fba4355fee70504b68c4a06856bd5d702aebed209720a3ff2c674bb9d9706419470c6e0e1","ssdeep":"","tlshash":"a851abd38534c44e2616a73ad6b2f38cc527d22f9be27ed0b48551a64ae4ef48473178","dom_hash":"domhash6e33c66f2e92e36a3d849f095813a349","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"tejegvhxol.top/","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T06:11:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"tejegvhxol.top","ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-27","domain_rank":0,"first_seen":"2026-03-28T06:11:44.745065Z","last_seen":"2026-03-28T06:11:44.745065Z","alert_count":54,"request_count":25,"received_data":1440110,"sent_data":11409,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tejegvhxol.top/compatTest.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","size":2544,"data":"","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-06-08T08:38:38.700833Z","times_seen":14108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/main.74a858e950b3cb360b11.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a825e669d8ff4295ab072c7e339ef88d","sha1":"0e85d5e1fa69f8897007eb8cf86b9baeffcbc71e","sha256":"ff07595993768488c6d7aa1a66394e591d23a8a99c98ed6c67c86532f185f199","sha512":"ebbe4573e9b5d5ce85f583eafe4101a0145f886b08591034690bb9e9095b5991b9caf9f9264dd0d2101c8d78bf1fbb7a08e58f3405eb785e2bdac988ce41bac1","ssdeep":"6144:WS0e3PrB+9r/Vq2FNZibe1UFmMz0cuLyYo8BfXxK8r:x0e3PrB+9r/xzwbUUPzSyYhBfxK8r","tlshash":"cd545cc5b28175a962eb15e6987b4618fb3419003804c4a0f1fcfd9d3e76dcb52a3fa9","size":296589,"data":"","first_seen":"2025-07-13T17:18:25.954814Z","last_seen":"2026-06-07T21:47:16.983422Z","times_seen":1729,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/8673.1b6dd8d303b0535cc1f8.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","size":10696,"data":"","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-06-08T08:38:38.804726Z","times_seen":13014,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"tejegvhxol.top/8673.1b6dd8d303b0535cc1f8.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:26.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /8673.1b6dd8d303b0535cc1f8.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-29c8\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=030OHdUCwA612ONURG0BaH%2FeM4pb7TkQEV%2BHk4AKygBv74G5Ky2Dx3hOdZ6pxo5G5AWJxsiVkpc6%2BSsV2G7dnRu2abEjFoJrzv%2BbgcLtfPs%2Fe89ZGEa6o1OHvWRdY7FLfg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a3d4e73c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10696,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10642)","md5":"ea8d5208dada45e8d0844877a7c93db6","sha1":"45d98fbe3dae09a988cccd836d39016c5100f313","sha256":"25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8","sha512":"e95f47a6e80cedfffd956858247f718db6dddf6a9802ca324f384c0e813895a949090cba5c2cad59e6a14d14c736d93954596385c99103de67844a4cd8f99d20","ssdeep":"192:HnCUz1vNz+6YWQ5PMCUNLTF63vy3fEBzXNqYyx7as/m49YA/UovoDc+Eub/:HnN1vNzHYWTavRXoYyxeqm4aAzAD/Eu7","tlshash":"5d22f885b222b4be9296d0d9ea254b03aa3591143c19a1bcf77c79f72c81d4730bcf36","first_seen":"2024-12-10T16:27:28.222065Z","last_seen":"2026-06-08T08:38:38.804726Z","times_seen":13014,"resource_available":true,"data":null}},"time_used":412,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":412,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/2976.568b5f08af1f452255f3.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:27.360Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-3878\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ntnACRp22U4okcbabhfLzBG9ldJs5irPe6JwMw6QqU%2FQ%2BwRokjf2YKenHZGZusLOz1fyE6Pr1D5a1ldqe85RVhmRgRd9tEZ9nzgbKnN6lC2LC2HS5j3hW2Yx2103adz%2Fhw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a3ffedbc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-06-07T21:47:17.008199Z","times_seen":1728,"resource_available":true,"data":null}},"time_used":409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/7784.df07a876b22e3b2a83e9.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:27.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-53e5\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fwdM2tRG8ZjyATsJkF3eEGy%2B1yG9Sjys0r2rhQasQ9neNJsIjbUkyjzc5O5RgO2yuNkeBjXfQPWA4Ye0Rc6GZ0xw8Q62WDmP2AxAdrtX0450z51Ea40VTNj6WZ25imV6YA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a42af31c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-06-08T08:38:38.754865Z","times_seen":12807,"resource_available":true,"data":null}},"time_used":386,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":386,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/5905.db5d2749ecb90aaf2752.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-223c9\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MGnAqo7p9iEk7wBWeYqdo169D6TYLnPR0TbNLGIyRxlerAYbE4fUzhbDBbNnVeECrLd6ikRjHA4xpppfixhbfA6q4XufqthqT5sGLFu35xsFz5zp0AAb1SA0Z1QB4tUyHQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a452f64c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-06-08T08:38:38.799417Z","times_seen":12834,"resource_available":true,"data":null}},"time_used":608,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":411,"receive":197,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f31-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SrNnQ6txtBxRIfR%2BM6btX41QlV%2FM%2FtT1wgNEop4WOq%2BAZtb%2FRw6CQCq1aQCdzC9xE7byv%2B9UPBPCLdo7bvYBNw%2BdN%2BtIyvPCz0lFH9tQSrGQ9jfwAmvf4pdBB0XDMMU28w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a494fafc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-06-08T08:38:38.802679Z","times_seen":15113,"resource_available":true,"data":null}},"time_used":622,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":421,"receive":201,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/main.74a858e950b3cb360b11.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:22.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /main.74a858e950b3cb360b11.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f31-4868d\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p4QnXKhpd%2FyRda20EIDLPNwyyStV4FIofT%2F5iFJ9vaMb6UVESEqJQU6OxMLQNgSNFYG50RRHkSH2LcRRmuGtReE4q1C1IocnWslyuw%2Bexe3g44KQK1cjgViIQ2EYvZh6Xw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a23bc37c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":296589,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"a825e669d8ff4295ab072c7e339ef88d","sha1":"0e85d5e1fa69f8897007eb8cf86b9baeffcbc71e","sha256":"ff07595993768488c6d7aa1a66394e591d23a8a99c98ed6c67c86532f185f199","sha512":"ebbe4573e9b5d5ce85f583eafe4101a0145f886b08591034690bb9e9095b5991b9caf9f9264dd0d2101c8d78bf1fbb7a08e58f3405eb785e2bdac988ce41bac1","ssdeep":"6144:WS0e3PrB+9r/Vq2FNZibe1UFmMz0cuLyYo8BfXxK8r:x0e3PrB+9r/xzwbUUPzSyYhBfxK8r","tlshash":"cd545cc5b28175a962eb15e6987b4618fb3419003804c4a0f1fcfd9d3e76dcb52a3fa9","first_seen":"2025-07-13T17:18:25.954814Z","last_seen":"2026-06-07T21:47:16.983422Z","times_seen":1729,"resource_available":true,"data":null}},"time_used":1002,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":433,"receive":569,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/notification.mp3","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:23.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:24 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 10880\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\npriority: u=4,i=?0\r\netag: \"68736f31-2a80\"\r\ncontent-range: bytes 0-10879/10880\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vdEv8hnikrgo5880SEaUSRdAyzq3xuKYxi8Tp0b000ZC1OQzzjJUaZcoOf8ZOKjc%2BqP0ic%2FEflfntufYzmMYaCsOzJfr0SG8ZlAFwT5LkpaUVknQUgPe6j%2FVTJwXyeeGXw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9e347a2aaca3c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-06-08T08:38:38.747028Z","times_seen":16722,"resource_available":false,"data":null}},"time_used":439,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":439,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/icon-192x192.png","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:24.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:24 GMT\r\ncontent-type: image/png\r\ncontent-length: 3059\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\npriority: u=6,i=?0\r\netag: \"68736f30-bf3\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4C%2Bg%2BK0DklvK5i8CGmssIdXSjq0%2BA2BVGYHcBXwnRG3X32ORl65%2Bws0KfJvhIkIAHnfzwbuKqVpmGj8KaZG%2FMl7KIzb2KWv668oRs1cnoWYW13IoBzW7n6I%2BQAeL2XoMHg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9e347a2becb4c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3059,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"1a1650d2c76bfc1ac484646c19e495b9","sha1":"fe58d66042ce9241226f5da9370230285ff604fc","sha256":"6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8","sha512":"79c5c9278959bc94f66434779bebc1b46c055655f0bc58aa375f179c227e7ac0e52dea196764719d42aadcf98e4fd3b5a4488f2db977edde430aa3df733c03bc","ssdeep":"","tlshash":"bd514cd3253318e8e2dbfd7ace62041f656691ce5638ec120568de720c8985dc070caa","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-06-08T08:38:38.620397Z","times_seen":16363,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":421,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/2976.568b5f08af1f452255f3.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:27.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pERXq1JxJ8EtKRPBmsTGrlgBRuhdHYZ9CgOCqu8su6HcRuCDXhfLnctvTXgeeX7HzG7LIUjlXOpHaS96sF1HW5sAx7UMHBWyV%2BefPwuqt4U33kJL0hw84J0tQmpKeKli7Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a400edcc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-06-07T21:47:17.008199Z","times_seen":1728,"resource_available":true,"data":null}},"time_used":409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/7784.df07a876b22e3b2a83e9.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:27.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VHfBAoERywTHPHLXlH%2FsssechSCvM%2FQtN0vYZRVic6cm1j%2FSpCa5p5EWoBlSLyjrnCQpOz%2FRJrpNN6DvNYk9cX0p0NRHHOofBGPFHd658lXC6HNDai4V7E1aYb7kwxUu7w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a42af32c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-06-08T08:38:38.754865Z","times_seen":12807,"resource_available":true,"data":null}},"time_used":385,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":385,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/7784.df07a876b22e3b2a83e9.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:27.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vQ8kf5%2BIaAFi9EEZM2nDAPf709Nb1BY%2Fjnf4m%2FoeWSyoAl2GhmiNvRLmukeWq3ugW9%2FjyuCo48%2FknAm5oA%2Bjky5TjQ0HXKOLT758MiLFZQLRV6A7Q9OWtKMhk6JfczUpeg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a42af33c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-06-08T08:38:38.754865Z","times_seen":12807,"resource_available":true,"data":null}},"time_used":383,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":383,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/7784.df07a876b22e3b2a83e9.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:27.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-53e5\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QvHAFnmiTgVpF%2FHBJGzdKjdPGeL2FWgoJU%2F5oVt5M5PI9YoMOkPw3RadxD4razSEoW4Q40%2Fw%2BhfWNGvWfL5lwWGjbA5uEt5TOSjH71pSGuZSOkWaGPAXi%2FK1oeJXpPBIhA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a42bf34c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21477,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21340)","md5":"a0980d43cea486530c30f9f5e1c1b5e4","sha1":"deec93f70f8b813b479137075afa6a0a3a25b8bd","sha256":"4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e","sha512":"9ac9939efa609ace82b5aed5157468098f6e0a25906bdbed44a4ce99fc822004b7c0a6ead8d6de6b148f7b8438ef9aac944e0ec8b1fe0c4825ea9195d500af00","ssdeep":"384:1AdJR5l17Hc+yWId88Q+0VL3oQ0LmVIkTzxr1QQ02NBTQ2tp2TLRX8tRiWyI:1AdJR7dHt8cVL3oQ0LeIkf502NBTQUYW","tlshash":"f6a21bb766f915d652e848e808cb189951f4e0223d86293e5134edd220f2cdbf2fb97d","first_seen":"2024-12-12T09:50:13.265257Z","last_seen":"2026-06-08T08:38:38.754865Z","times_seen":12807,"resource_available":true,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f31-10037\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mC%2BqN484VUWA8pEazdGFHfVrSvDmLDZVjhCfyUlnT0AOGJcqPniijgSMOiuxwSKv88a31cCrImhUoVoh9uh3JAhS9jSj1t96Mi8VHstmreyoQ%2BpJ8VT1MlUlqcnCk0lKgA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a494fadc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-06-08T08:38:38.802679Z","times_seen":15113,"resource_available":true,"data":null}},"time_used":624,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":421,"receive":203,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/favicon.svg","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:24.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:24 GMT\r\ncontent-type: image/svg+xml\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"68736f30-37c\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P%2B7BtsV11K%2F2v5wWYjmW%2BzFkq%2F7GHcoWuHgil1H7bwiBPGG4YklmPy40Yap6xJ3xSL5hEaVFQE32LM%2B94P96A%2B2glt7yU0neQ5laaieNX79TlbRAIankszIONSbsBwJklA%3D%3D\"}]}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a2becb5c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-06-08T08:38:38.614624Z","times_seen":13947,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/2976.568b5f08af1f452255f3.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:27.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CG2siGiml%2FxIoO0IVdoYEyoY1Bz%2Br6Wp4m5X7kssk8rVHENtXW%2BBW8a2wz6jnBaPxBSGH%2FWfI9MxKwzi%2Fol8XWe5cISx7N8wckCVwl86f20Pa8YRnUQFY7gy5bLi%2FEsjfw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a400edec272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-06-07T21:47:17.008199Z","times_seen":1728,"resource_available":true,"data":null}},"time_used":405,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":405,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/5905.db5d2749ecb90aaf2752.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=831wh17ORMj6iH2ouXwHZxa0WjOn3%2BnBuz1lsKPMBRHbWdyPpw5oB9f7YputVGqbdtojG4xTAr2m8kCFo62XuslOAJANgvmkHrIzXBs17%2FutNfdqkEIH6k954s0iuGJEOg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a452f65c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-06-08T08:38:38.799417Z","times_seen":12834,"resource_available":true,"data":null}},"time_used":608,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":410,"receive":198,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/5905.db5d2749ecb90aaf2752.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U4jsIw9vxpk5D89u1kMC3f2LGJVXhSsepomEONeFevSBm1qdWp83dZWoBxuj3Ykdm09CU1NtZyUPr0FUuq04Lt9EJSsG0qJEm%2FJSNSs2EN2Dr8m1wfAqZeBsjN3NlOTujA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a453f66c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-06-08T08:38:38.799417Z","times_seen":12834,"resource_available":true,"data":null}},"time_used":606,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":197,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/5905.db5d2749ecb90aaf2752.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-223c9\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GkmK3pWIgplrkvciiClPghxQZJDJjbjqbnasHUiIplBQ%2FVYLJnKmdJorZrLYFjbqVDOhL98CUuj4mEaLElCTVD%2B6jyV%2BgjJr8ZLqxQz37VA0V2123ZSERYBK8Kh3Rk1tvA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a453f67c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140233,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fdd268f67cf5c4f79320041e3d156e98","sha1":"d66194ee702467dd19130dee59bd824990f5bc71","sha256":"36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967","sha512":"f8c983fdfc6562b92f7839aad2bb7d4f75a28a43f636d5b4eda8bd25b15eb2cd87e4cc3a78c9de13fb2339c1ffdf95eb6a59c5d8ceb8fccd6fef16c93967810d","ssdeep":"1536:IW3M14X1jDx480MHyQL3YLZHZp+snJhcssuovxz2Rs8:3Xxq8mwmJs9E","tlshash":"8ed3c682f86424125382b1e654760709773af41ca9c941acfe6cfed569bcd8d32afb34","first_seen":"2024-12-10T16:27:28.208403Z","last_seen":"2026-06-08T08:38:38.799417Z","times_seen":12834,"resource_available":true,"data":null}},"time_used":601,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":194,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f31-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Hb9DDSCMM1kWm3xkeNm0MQ5d6NMrgsrVr4m1fOcGKDQK%2BAjOX0ny5hvneApJDNMLeogCRfuYPJM60I%2F2JDJZcxOLL%2BDmqNObkt1X9WESUvd67Rh9zpeYnJ5AwMEVin0OvQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a494faec272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-06-08T08:38:38.802679Z","times_seen":15113,"resource_available":true,"data":null}},"time_used":622,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":423,"receive":199,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T06:11:22.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 06:11:22 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=32,cfOrigin;dur=391\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MCqppWBoIj5IJO8vBJfkvWdhsW8a613aP2J0QeS9n4FwZUcdw7RYzP2FNaQGKBbOvG2LnVjjI85V%2BbGbDrBE%2Fmc6d4IukXFtVcgqkWB%2BkHU%2BbN5gkXtAzb5myi%2FeozQJow%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 9e347a1ffaba5684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":2768,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2753)","md5":"52b8b76c4c124b0844263d5cc097e505","sha1":"0559e0ba0ca9fdc6963bc9e92ced541bf79485f4","sha256":"37d11f2092c6a81a6ec8389ac8f0b83f30677f5fafeea149224272a3fd78f60d","sha512":"902dbf0e5c0b5e83e8c1a1ce132e386973d5440d16c35c6f0f7ff6c753775db71b3f1b911fe8517482fee72c947cbb456a2152ea62483a946a0bca20b42765ef","ssdeep":"","tlshash":"de5196d34914884d2612877ada72f1ccc526e02e9ea17c90b4c9a1a649f0ff4807316a","first_seen":"2026-03-28T06:11:48.780116Z","last_seen":"2026-03-28T06:14:23.984215Z","times_seen":2,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":76,"dns":55,"connect":1,"send":0,"wait":427,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/compatTest.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:22.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-9f0\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kUSi90PPe7W3VDVvyDixVLpco3teVPPr1zUCyXuM3Hn2BGxuTbSjkhlaQo0spEB2qtgK1TLOJNot74siWhteSejtkGb7CwCyGkE4xUvQtD4rSwIzaQ2FWSoOq2cL6URrcQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a23bc39c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2544,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"da7800ea928a021f2539ab41e6f2323e","sha1":"0141da1dc85ca8f34212f3dde2fac9bf61f5adb7","sha256":"15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf","sha512":"228ca1c1f1ff8de139ebcfa7b084bc40d467a56ddccd103cf02a3fa26ba8c1b4d1961904511198e2fb6797837414bb3c09fc9f0902c3874f2467f279d526f0a9","ssdeep":"","tlshash":"fa5125190db5726150796167fb1bb2433a294133050cfb64a620cf393eb285bc19fde9","first_seen":"2024-06-30T22:36:50Z","last_seen":"2026-06-08T08:38:38.700833Z","times_seen":14108,"resource_available":true,"data":null}},"time_used":474,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":474,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/main.f605f09e93c9b9c99e2b.css","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:22.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /main.f605f09e93c9b9c99e2b.css HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:23 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f31-1bb78\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w%2ByJcWgs8vjcMAobolUyZDmUcYrxoGY9pCBaUK0TILzqIdo2zYQ6Ki9PecO7Ij8jhFZhjlapy96NqxVe2BMXRSOpiTF0fsmGjD4w%2B6bXmljLzbnZlfWomKuYABdqROgyaA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a23bc38c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":113528,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11396)","md5":"3790619482279ecca6795f867b727f1d","sha1":"df3a6ff201408fa0f7b05e554673429950177172","sha256":"fd6d36c29954419dd38530e20cec4ecff0b687ccc2434b44036ef1df24371eaf","sha512":"d32602aa34de43734b51813bb4ae2bb034a20d5687828f07b7454ee55aeff71b5a7f6e94788c14e2e01f23e312a15c30583df8f57dfbcb0c859e693ae4707fbe","ssdeep":"768:2KKiamlPrbvZkRUbbjdKNx2Igt7d3tvoo9eb6Ub0v5ArCIw6KgW56tfEEV+UUrlT:2biIUbb62Igtp3Om5oGuf29","tlshash":"ddb3e898e94411f9a723c23e97c4e76c9d38e481de210fafb247654c07ca7eb11e2b59","first_seen":"2025-04-24T12:12:27.245489Z","last_seen":"2026-06-08T08:38:38.665296Z","times_seen":4385,"resource_available":false,"data":null}},"time_used":648,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":449,"receive":199,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:23.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/main.f605f09e93c9b9c99e2b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:24 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 11016\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\npriority: u=4,i=?0\r\netag: \"68736f31-2b08\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4bZgZ1vOUqMUNXiSEcF%2Bb7G3nrLHnabrcqwK6g0%2BdYBHm5lyqNEKk12R63wwpZ8b%2B%2Ben9npTVf1DqCrGqAGSWSL%2F6X63HB3eXN81mpqAnztPhEB6U8SBCNZSMfX%2BpT2%2B5A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9e347a2a8c9fc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11016,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11016, version 1.0","md5":"15fa3062f8929bd3b05fdca5259db412","sha1":"6ff06a34f68ad0324ddec1bbe4d453c959178b36","sha256":"5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479","sha512":"07e96d7520b4ede158e77bef10a01a33cd8be7d263fe6900f89c023e65e4a63570e8a442dec2e96030fb563b25610005a748d48f9330fd31eb91b37d1003d376","ssdeep":"192:Tysuo7z1NVoTUYAKVOO7YVxRwHQUXFI5xoBwH9f4d9QFmOfiS:TvdvVoTSjOYR4QUVIgBwpFLaS","tlshash":"6e32af8071ff1c50ff85c2f69be68efa2c2b1895c619016f5240b476397525e9c294bb","first_seen":"2023-04-05T09:25:54Z","last_seen":"2026-06-08T11:26:27.461377Z","times_seen":33874,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":428,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/2976.568b5f08af1f452255f3.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/","date":"2026-03-28T06:11:27.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /2976.568b5f08af1f452255f3.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:48 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f30-3878\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=154c7SGIODJTL80o2Nm%2BoglVeOpHQZc8F0sGnPruKLZPJuon1rRnErVYic1JyjKziMQHNdwUG7G6BSDDuaN%2FhgejOE5f%2BWbfFBspfA%2F7lna9sGQxOUlXBtcA0m1G374WIg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a400eddc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14456,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14402)","md5":"96a37d8af9490150a6d951768c8e92c7","sha1":"f21e3dc6b56dbb6fd9cf4ec6aa61a5150ae7c994","sha256":"259a29a5b25f869b59b7dab39977e5171f529b3bfd53dd62d0ea24aadbca094e","sha512":"453f2c37da741e3610f61efd17a034fcf6d23b0a57851350c446eaa85b6dd9ee13e47d0fa0e2c8f80075b372c364241e42099033c1a7fa4872ecf92d3c8d3139","ssdeep":"384:1UkSTrXtVSGpk8UDEua/4L+DnOQUluZIah87A6hXm1WdHgl2scj/2u:1UkSTrXtVSG+8UDE1AL+DcuZv87A6tCY","tlshash":"495219c12312343e92d798d9a87b1403a034e658781ad5287b2dbed72d27ec6f172f63","first_seen":"2025-07-13T17:18:25.951329Z","last_seen":"2026-06-07T21:47:17.008199Z","times_seen":1728,"resource_available":true,"data":null}},"time_used":405,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":405,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","fqdn":"tejegvhxol.top","domain":"tejegvhxol.top","tld":"top"},"ip":{"addr":"172.67.158.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tejegvhxol.top/2976.568b5f08af1f452255f3.js","date":"2026-03-28T06:11:28.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tejegvhxol.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Mar 2026 15:57:31 GMT","end":"Tue, 23 Jun 2026 16:55:07 GMT"},"fingerprint":{"sha1":"2A:B1:E4:8B:7D:19:A2:E7:15:C6:54:4C:17:7A:36:B0:07:11:08:19","sha256":"5B:6E:0D:AB:FE:58:FF:B8:53:69:84:02:E3:5C:25:5C:53:AC:C4:0C:45:96:26:4F:50:E6:6A:71:E5:67:66:04"}}},"request":{"raw":"GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1\r\nHost: tejegvhxol.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tejegvhxol.top/2976.568b5f08af1f452255f3.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 06:11:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 08:32:49 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"68736f31-10037\"\r\ncontent-encoding: gzip\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tBgS%2FyPxZu9f%2FGbVJwQf78c7UfdpiU8XXlkI6%2FM1K1dMzj6oTqnsH9SwIX3nhDPiJFK0jkNlVjuulXRNSMj2U1p7rBqNNYk7WJCEDrzfTNNli0FxQh1z1A1BrZ%2F06KMAKA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 9e347a495fb0c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4441938ee433d3657c20d454d352a336","sha1":"dd67121d7fda7c17be196f60c72dfa06bcb5bc6f","sha256":"659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679","sha512":"f90da6f2003442e547813d62f44e22e688f637616dd7f7f33c81e73d05a3a3de39947c0a8f580002cc96a716caecc4bcd988644ad78b01ae2e9a9792c726604e","ssdeep":"768:O6T4cK2yQ6eO1P2WgcdxazvszXIgBB1ARna76Ae/FqsSwYxRrqhlr3NqR:m1Q6eO4+IUzXXsjvi1alrcR","tlshash":"6153e88535d9b0ab42837878946f310bf2ab6d52641c8410db1dd4dabcb4e49e63ffe8","first_seen":"2024-05-16T20:37:02Z","last_seen":"2026-06-08T08:38:38.802679Z","times_seen":15113,"resource_available":true,"data":null}},"time_used":617,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":418,"receive":199,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-28","alert":"Hunting_JS_WebAssembly","trigger":"tejegvhxol.top/rlottie-wasm.f013598f1b2ba719f25e.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"tejegvhxol.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"tejegvhxol.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}