{"report_id":"e55ce98e-a9e3-462e-ac8c-38841da9d968","version":6,"status":"done","tags":[],"date":"2026-05-29T21:17:03Z","url":{"schema":"http","addr":"telegram-xz.com","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.15.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"telegram-xz.com/","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"title":"Telegram官网 - Telegram下载_电报中文版","dom":{"size":65926,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9139)","md5":"0c975d6945f590967cbd149181fd2f1a","sha1":"91a97e6f6df20d5eab26cca024370d7e0d6d4c88","sha256":"a6671355f63112a3fb9358522c3bd819f54f07ef9eca99b0a249e66b002cceda","sha512":"614bf3ff9b4ae1ccee72b4574b809a017d56bac5042992815053988fecdb4d5b12ebff9ca001dab95f5cdf61138b005fb81943659ffd00b9de3581e66145b013","ssdeep":"768:2ZW8Zdyp6aff6+xcfXZyaOwVE2Duo0sC58:gnypBff6+x8p7OuE2DA8","tlshash":"7353b97613f8802375cac6ea1156f72bbf51e107ee0a6386b1bc29495fd2dd34a6321c","dom_hash":"domhashe82c254dbdaf913283cc46032d988694","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"telegram-xz.com","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.15.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-03T21:17:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"telegram-xz.com","ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2026-03-14T14:44:56.632888Z","last_seen":"2026-03-14T14:44:56.632889Z","alert_count":100,"request_count":50,"received_data":2858636,"sent_data":24801,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Yoast SEO:26.4","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress:7.0","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2026-05-24T22:48:41.874191Z","alert_count":0,"request_count":1,"received_data":33601,"sent_data":508,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"telegram-xz.com/wp-includes/js/wp-emoji-loader.min.js","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"542eb40e048bfd0f99f93b3468cbe285","sha1":"111b39a211f87eb7ae237f4e8e2dee3955f057c9","sha256":"497b93ece1c06f01c7566ee6f4ce424fb4b9d1f7fa5c771f8c0a934ffa1057ec","sha512":"7c490b8c2ecf5706ae37f10e12365757c5ade233b5dee372c72cab04795a9b7892a1d6d1493f8af85cfaec2857b5cc3a50a4f3be568270f9814b4f959d11b4b4","ssdeep":"","tlshash":"9971979ae77638dbb2f900f2697a0d47e7614435d6c8d038c9bda3141cb5893c274a46","size":3569,"data":"","first_seen":"2026-05-29T21:17:07.739532Z","last_seen":"2026-05-30T00:53:47.444039Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-06-24T01:13:25.44201Z","times_seen":851266,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v833ccba57c9e4d2798f2e76cebdd09a11778172276447","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ec2f610910f9dfd8e87975604e5e34c","sha1":"10d61ee41e8fe816ca08616159d7b6b8294a2011","sha256":"aca73fc574e12740e3368860b88a284d01b643456f3ed6a06322ecb47750563f","sha512":"e7b30399c71c25762d3671fe662070cc2e236f6aef815084a2460df8bfe72e598ef2b7d84ff808a56d80e7af6227fddbfb45046ac8218ee647fe66b7c08b3f11","ssdeep":"384:qVCILwCiUg1IX33sDycq+AgMXUQKxrhxIZOGNG620vbgZLTE5egwolSV0yuuokwz:AwCiUqHmcd/5xdKZdt8Z3Cer2yuuDPQB","tlshash":"6ce219e9b595713613f350b2406f220bb33a7562588e8018e22bd7c16c78eded267f6d","size":33228,"data":"","first_seen":"2026-05-07T16:46:10.96487Z","last_seen":"2026-06-24T01:10:47.605529Z","times_seen":31356,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-06-24T01:13:25.44844Z","times_seen":925121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-includes/js/wp-emoji-release.min.js?ver=7.0","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","size":22762,"data":"","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-06-24T01:13:25.401793Z","times_seen":281065,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/js/faq-schema-ultimate-public.js","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"49cea0a781874a962879c2caca9bc322","sha1":"72c1650de2b93ef320d2db873fbb473fe360269c","sha256":"57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37","sha512":"7ebf5da4637794cdab0d199e8b0550e9230a1550804a4ce7fc723a8881e16d12327b9c40bceecff54ece29dde71bf41e63e8510adf0827c4cd13c2392e6250a6","ssdeep":"","tlshash":"63011ecefbc22622c0337ab85def739873ba902581d66ec42850013c562193f8067cdc","size":838,"data":"","first_seen":"2023-03-07T01:03:06Z","last_seen":"2026-06-23T23:16:19.473166Z","times_seen":20665,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/04/d1ed83db161d1d57539fc4141dfd8ea8-1024x576.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/04/d1ed83db161d1d57539fc4141dfd8ea8-1024x576.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 27022\r\nlast-modified: Mon, 16 Feb 2026 11:42:46 GMT\r\netag: \"699302b6-698e\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W1gwhmh4LXSPCmFvi84TeaC2doesbppRX%2B4TzlA%2BuddfteeM2Dh2Xia49P9bShZlOHjHetDcytbgkv6TT8yBPmWdYtJZ80Fsxa5IRmfj1yEelh8opX92hiBMM3kvpciOsS8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f8a390883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27022,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x576, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e55536ef502b57f391bbd6f5116fb2bd","sha1":"049638ec9b3a7d3c9c952aef9189b7b6f2218c08","sha256":"99908ca28939689037031560f88f69dad4e0040419a1a504329bf3b5b17d47d0","sha512":"7822e36f5eeed1c8fdc5211926a42c3ce2da5472c07d9345648c99b6de39ee340eed8722af9e36f2ff89d96f5824bafd0b89ee66f0894aa37ecd5b284a7d5f6e","ssdeep":"384:yWDxejGj/fdSlW+7m3wzn+OFpkhlFa+Hj1pONDE9pK8MH9OW5KfTo32ieFYYkWhg:vrjXs9r+NlFaOfpK3/5QT1YYjh/cWS","tlshash":"64c2e143e9695a3f21afde327492ded2d180517203886896cacb60865f4e25fe338797","first_seen":"2026-05-29T21:17:07.664379Z","last_seen":"2026-05-30T00:53:47.424707Z","times_seen":4,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-digital-illustration-showcasing-a-smartphone-displaying-the-Telegram-app-interface-focused-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-digital-illustration-showcasing-a-smartphone-displaying-the-Telegram-app-interface-focused-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 15 Feb 2026 08:00:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69917d2c-ae64\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NUuhY3VI8SKLHuShGKThc4rTkAbkwsMgsoewYhlRf6nFPeYtu%2F9rtW9A3hxmxe5cHQq21y7ES7T4Rq6pMj7TEVAUzWRcxOsBuNDBZaRGgqH7ywGPWcM4Lq0PMeQWPpNQj0A%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a3b0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44644,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"d8edff51c9c0353da1ae4284b995a007","sha1":"4c7cba224216feafd3eb5cdad00fc45de5decd1a","sha256":"8ee8b086065237c0d8e78f9c097060362b445be35b53fe6301b7d866ddfa4c9e","sha512":"5a3364a5c342ceb75fcc2dd704b4d49f7913681b4661e158e5d09f116df7a57845c395568de7a28878aa876f2d8c8b6b2e933f8e4ac14707dcd7940f7b463119","ssdeep":"768:Iu3wBPUDSvRJQhbJx55C70E3IW/kCkzeB5THvZhSvRz/PJU+U5jJp2GY776:Iu3KcCJQhe70MIZzeBxHhgPOjy76","tlshash":"b21302551c1402e7666eded4f48902bc3f6632fdad50ea133a66cd236e390c5be352ac","first_seen":"2026-05-29T21:17:07.665346Z","last_seen":"2026-05-30T00:52:53.664387Z","times_seen":3,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/01/Which-browsers-does-the-Telegram-web-version-support-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/01/Which-browsers-does-the-Telegram-web-version-support-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 07 Jan 2026 13:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695e64f1-1105c\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0F1ZtXz%2FPxD4wlpLSFg7qk1OnltYxx2dZYDhTlAaajZ%2BhpHR7q2xbpnYNgetC32lsVJSpV%2B0bMJabkjq%2BFTHmOl87EQ6%2FsYVVHTC4Mp9GoD2h9P4eBzWGqwC%2FJgjLLQkN2g%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a400883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69724,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"e76ecba9a611090417be0085c0e40159","sha1":"efe748435e1c18ee4cd1cbfe9437daa46cc14f8e","sha256":"3f147d27387d6f3e35c917e0c5418c42b2a3af0e5276e050a8b1abc02ddb8019","sha512":"d50d018dd7137f32d8a72c00db267ab9f5319a13af3ef5da3f66f4630b2d60dc991699ca6b0beba2b48443b2ffbbbc50e0dc9b2dc4c30ee5871321254c5001c2","ssdeep":"1536:IdDjpbBvgmYPY5GnipF0qX/5h5xrSsblGVl2qxQJVwxB52sEgdsbA:iDjDvgmNGiX0Y/D5xfBNyMNgdr","tlshash":"fd630293ae28f5f3baa61254fe1b00285136a65679797310953a1ce4bdbcc601ecf73c","first_seen":"2026-05-29T21:17:07.667044Z","last_seen":"2026-05-30T00:53:47.43962Z","times_seen":4,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-sleek-modern-digital-workspace-featuring-a-close-up-view-of-a-smartphone-displaying-the-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-sleek-modern-digital-workspace-featuring-a-close-up-view-of-a-smartphone-displaying-the-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 13 Feb 2026 12:09:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698f147e-bed2\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3SdnL3RZHEOx9KmK6Wxtw%2B4QS7B58%2BafoOZd5BWdBhELYBDDFEikFtjX1D0FJW%2Br5hvZSWFzr4bi%2FwY0Rbz3ad9HKoR9jOOFa7d0JgYc5qTS3xvFAEmLAcRHR68BoCvMT3Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f9a440883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48850,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"36c538589441706dd7ca886a711144b4","sha1":"7982bed72c9c190b90a03707b2d3c5add6c664af","sha256":"762c04376956fe705417a6a4a5a04fe17f699eece35feb3b3f1b73dbaad76053","sha512":"10b8479a06ff05665479c26f5632d34f04f1f4328792010a78c02acfedb42d064d2102f5401f09025979d024dcbb8f724d37c1f7503f88046b9fed2b26356ba8","ssdeep":"768:Ihkciwt2NSUL4QVCL+8PMuKk1os3iZwqGZyYC2cycCHPHUzrlI7HXvl6Xu8vYtRw:Int2N7ELvwKR2OCVdMHUdI73tahA/w","tlshash":"dd23f2b23f00112708441f3cdbe39b57d586494a90a0f4cecfb756ebba31589785abd9","first_seen":"2026-03-14T14:45:02.443573Z","last_seen":"2026-05-30T00:53:47.419422Z","times_seen":5,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/css/style.css?ver=7.0","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/css/style.css?ver=7.0 HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 21 Nov 2025 06:43:20 GMT\r\nvary: Accept-Encoding\r\netag: \"69200a08-128b\"\r\nexpires: Sat, 30 May 2026 05:39:00 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nZM6mHo6Z6l5Ss%2FK2VZIOeHVj1zh6yvGI%2BsPKlAJnq09FIH6GQ4zMQvOPs0Lksjvnm6RtXMKdrG8Wo3J7Unws9nL6jj6y5WXUBSYPiccEmdQ5F2xH7J6ZpbSzaDyqr66Ino%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f3a150883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4747,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"5769ba15948adbb500a7bdddecb09156","sha1":"3bd630d2e09ae99068e0d8b8e04a28f90e16cea4","sha256":"845b52dc27d5f1b2848d02a833fc814ed8cb5671b22d94ada414fd951062f5b2","sha512":"3905da20d859d7da86874fa79fcec0ddcecb64a6d0a4b855dd7ab18d9131f569d88cf369c8771e9c17ff8131e7ccb70d64a7c5d89f3d4bf3fbfe85022289dae6","ssdeep":"96:1kFJu8/ruHn6RpSAaoNACaPiZZBAY9684m4k:SFE8/ruH6RpSmZaPiZZKY9684m4k","tlshash":"e4a1228751b22b08a417d6250fb9575f21acc017e50fe6bdbe6d7218cfc71c426b139a","first_seen":"2026-03-14T14:45:02.452543Z","last_seen":"2026-05-30T00:53:47.414249Z","times_seen":5,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/zhongwen_a.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/zhongwen_a.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:12:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea322-5cb\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FbzzOLNdk%2BXpN5MADxpAfFWjjDh40x6t8fvPqVPiLARS%2FOahdaL5b%2BghygbQRnPVr7E4gv1kDttxIRHJ93asGTFnCv4UR16hZWUNk6aLuip3EVb0zZj82V8liTLDOdp3Iy4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a240883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1483,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 24, 8-bit/color RGBA, non-interlaced","md5":"5ef37dda1cf34c87e1d8df3d3ad892d3","sha1":"e3409fd1acf4a44ed0d5a0655aae8dc036e49a14","sha256":"3f4916d4dd945744b333087f7dce11b59455de86127eb34bf45970b59ab5187c","sha512":"b532e9ca5a7716f7b2c77f1acd460a81095cd2e63bf0c434c1c87285d22908239886742ee1d80df3bc0f37d8f6d7a51a151b8226d49038e10b3b5cb3e119cfdc","ssdeep":"","tlshash":"6e31659cea705d42ccada4d224f302715d234894f794e1b86acedc224d126bd546dbdb","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:53:47.439161Z","times_seen":458,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/2.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/2.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2640\r\nlast-modified: Fri, 29 May 2026 05:42:57 GMT\r\netag: \"6a192761-a50\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D8j%2Bx1yrgGcoOasPCFywYUI8sI4WeST9%2FtgmcQxqRZN%2F5F%2BynAg22QfGgH5aAy0Z7J0J7FRDJUXECflV7wHwCN3RWH2ziGj3bJhwQxPhDnA5XGYJeJ1bcmTTh57KPoTDRCM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a2c0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2640,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 197x176, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"347861f86a4dc498709de21945c12e36","sha1":"b337c010a79bf1643cf25c8d909304b421386b35","sha256":"78a87ffbe0b869236c183f462515c7d391f6356833f6cc2eea6ad550670423b7","sha512":"5fdbe8f2b64c72b70ee00dd51a418b081bed842882b6cad9d5cd8021c28d3d0fe04d9635bbed8625333e23dcaaa63e3c55fd69a4ee1e109cc023b8c62f97c648","ssdeep":"","tlshash":"6c513e4edec951854572cfec32681619781ffcc6c654e2cfda657c56b0088d752482d5","first_seen":"2026-05-29T21:17:07.695047Z","last_seen":"2026-05-30T00:53:47.442323Z","times_seen":4,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/6.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/6.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2896\r\nlast-modified: Fri, 29 May 2026 05:42:56 GMT\r\netag: \"6a192760-b50\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z9s0cUGBYFyFGllIhlivjSaQNV6PgiafYxdgiBxFSeHXxheIX0Cefmbrh0TWKZ6tl%2FTfGFIdSX8l5xuHo3ed1B8eU2xWhyvP09hO%2FIscvOHbwfr9w8Uj8SOTjlYsevqDeN4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a300883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2896,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 231x182, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7e7a54effefe135d6c2841cc009c01f8","sha1":"a30aeed1346b29f79c53caad3780de510914a005","sha256":"44c39980cd4a09d9aa5e92da2837a7877499cef3b54e40a42b612e3978547c1a","sha512":"af26736a7e55991acc0187c03b5629c0d9067087b8c331bd968fa4dfa2b55dd3d920f1e1b9e8497f85700457f161f0838ab798798320e4c35b89a0a35b878753","ssdeep":"","tlshash":"d6513bee4191460ae12877a94d121601f92c2bf4602dc9e12013286df37ba6df61c077","first_seen":"2026-05-29T21:17:07.696201Z","last_seen":"2026-05-30T00:53:47.413214Z","times_seen":4,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/04/b45a062b35bd65111ccdb2913413ef06-1024x682.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/04/b45a062b35bd65111ccdb2913413ef06-1024x682.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 16 Feb 2026 11:30:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6992fff0-cca6\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yPCFU%2FSTJbf6zE8seOFE%2BkwPg0QTotERVwFPtQCsi6ppS9DDm0gAqpDEZp%2FmjsA9JDAeYDpJ3ifPrUHN0hr1VbBvazuLJPwABK%2BwT%2Fp6XVuMkZAjRF2Oke2XWUJECPRq8fo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a3a0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52390,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x682, components 3","md5":"d77214710b12012852c03e9319e72722","sha1":"a75dceeb03969b05eb6e27c6f7e81f42dd1c6fb8","sha256":"cd8bfdbdaf9a223cf8c76be74157267b49c7369d6624e7d331b8e1cdc4d276a6","sha512":"7af7fe633e7517e903680621f0f55c8589856fd856a7592402ead6541f008c0fede15836388b91ead34f17e98a37777f7f42f73c7c3cd543cb1fe3b533997d59","ssdeep":"1536:XmKDjuyTTQxWV/qTsBDQ6bTLG+PhtqiqDzGjL7qLPd:BNTQx2NDFjVZtqnDzGjL7qLPd","tlshash":"b133d0ab2c852903995ccba2be638d0f6825970cf811719d271addfe7ae41dc60ac16d","first_seen":"2026-05-29T21:17:07.697313Z","last_seen":"2026-05-30T00:53:47.42529Z","times_seen":4,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/81cd5dfe470f97d1fb55826b5295c96a-1024x576.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/81cd5dfe470f97d1fb55826b5295c96a-1024x576.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 52144\r\nlast-modified: Sat, 14 Feb 2026 11:05:34 GMT\r\netag: \"699056fe-cbb0\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p%2B696srx3IUicqpz3UGnRhyzoylp5vDu3cxtHPrX0GOLfO377slFBUXNW6a0DhpK75dHB6EtDFXVr%2BubIhNBBU6v8o2FcVeTbXca63%2FjPudDptGxfIyFLn3SiBOETuX82Us%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f8a3e0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52144,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x576, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"07388c56e9ab03cf6f9a2cf43b755426","sha1":"fb90a5265b3ad488da2ca568aefbeecd588dac42","sha256":"6e5ab3c3af981cd9c14b61b38ba20351904f145617410769cba6052a540cc9ef","sha512":"517c9da25cf13680da8a6ec2badcf0ce8fed67d0fa2e7e4d2ec2c3455651862f8443b7390648f9f523d63de60da68706d438c7f1af3505f249f56144f436893b","ssdeep":"1536:J8PlXYLPyh795rWjz9IAR79iiwmZ8ojbZ9vH1tcBwwqB:Js+GJ95rWjaAR79itmZ39P1SBwwqB","tlshash":"fc33f205f1ae3b61d0b64b7e0df06f774425aa0678791fa054e42f399f380ed4ec4666","first_seen":"2026-05-29T21:17:07.698618Z","last_seen":"2026-05-30T00:53:47.415858Z","times_seen":4,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/01/5050660113-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/01/5050660113-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 05 Jan 2026 15:12:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695bd4e3-c2a3\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WERI86UcpdGK3TxIuD9DIKT%2FuKEZC9AX%2FCW1M%2FRwretoke06i1BG9E5XvfsWKHBEWOo3Qse1CZSKMPkCmI3NqKA50oMTia0%2BJQHUUhFs%2BuKWTU8DaGonTzyQQQZwik5BSy0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f9a490883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49827,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"853a0471c42ff2c7f71ef998b572d489","sha1":"f2a490e1e30839ad8cc81247025755a86f2d4a61","sha256":"0787750c05cc93f8f2c88c2d2818df3afc3c16ae5da8a103ea2d75d08a56d142","sha512":"ad8bd00c831e7957b9c972ad1bd433ef932ac6b2189a9e9c2c151ae3324fb5e57fd1f08ef0df49c3eae04baaa9a280937a3bce76d0dec13c4250f1183daa6f64","ssdeep":"1536:I7dYWgAv0QYPvZPnBuV8aYLwO9XgLevDAPTb:iPgI0QYPvlnk8fLwxE8P","tlshash":"8f23f29e0925e7e9755b0f32e84934ff47b825f55644500a5a30bfbe837eee14b220c6","first_seen":"2026-03-14T14:45:02.41596Z","last_seen":"2026-05-30T00:52:53.749309Z","times_seen":4,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 28 Aug 2023 16:14:22 GMT\r\nvary: Accept-Encoding\r\netag: \"64ecc7de-15601\"\r\nexpires: Sat, 30 May 2026 05:39:00 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a72nXZwrJ9igXWMRFt2a3ojJfxVywxYSOsL0W9G7JstF%2FAk6ZVl5awliDvn1AjNaF%2BJh3B4m15Th9pWs4HEZ%2BhWlZHmKA9OlqUKVt8FigxwuJsOUG7MyKwwHRnWCbpRoO7M%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a1e0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-06-24T01:13:25.44844Z","times_seen":925121,"resource_available":true,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-modern-professional-workspace-scene-depicting-the-theme-of-unblocking-a-Telegram-account.-In-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-modern-professional-workspace-scene-depicting-the-theme-of-unblocking-a-Telegram-account.-In-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 15 Feb 2026 07:59:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69917ccb-11fef\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lSdfERATu%2Fnxtf%2Fo%2FR7HpRXcrXdMs%2B0Dxz7NxY%2FYiygoyXq40%2B%2FlSdFYzvI8EOBVNCCZHd5jHNdg7vbxG%2Fprpb5s2UGYFY3eShAscBWOdycYbqOJZyJ1RVdxmcmYJuJCjm8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f7a360883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73711,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"e5f836edef31f305930b52118c524c9c","sha1":"7c663f01c9128e8493c927aa4a619f295c1aa59b","sha256":"6fd324b198bdb91e14d160c1fcd3fd43d8d2641cf40b954932351d4128408880","sha512":"30b6ae28494d648fa950367b616ebf6a5dad23ec85f0dc0c44054ef573a3e201f332ea92340f3fcec2a242bc25ac155b2469b4d54071027a2040d9948d9b9a7a","ssdeep":"1536:IypsJEowrQgwSh1ME5erYjxkgRcNv1IaavV5867t2+jPzQ5U:tO5wUe1MGGgRcNv1UvMePjzQ6","tlshash":"f67302e50f342b881d762b1a154984b0bcc074def93569debf34ca6add248c4f07b996","first_seen":"2026-05-29T21:17:07.701324Z","last_seen":"2026-05-30T00:53:47.412409Z","times_seen":4,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v833ccba57c9e4d2798f2e76cebdd09a11778172276447","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Apr 2026 18:57:25 GMT","end":"Thu, 16 Jul 2026 19:57:22 GMT"},"fingerprint":{"sha1":"AB:25:45:8F:55:B6:2B:26:B5:B1:EF:90:E0:60:64:9C:56:47:0F:B5","sha256":"47:83:31:CC:5E:02:0E:51:A7:52:AC:83:1B:8A:A8:4C:74:11:A5:F1:61:8D:C5:6D:29:3C:9D:6A:C9:29:AF:7F"}}},"request":{"raw":"GET /beacon.min.js/v833ccba57c9e4d2798f2e76cebdd09a11778172276447 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://telegram-xz.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 21:16:42 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2026.5.0\"\r\nlast-modified: Thu, 07 May 2026 16:44:36 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: a038858fbfaa56af-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33228,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (33228), with no line terminators","md5":"3ec2f610910f9dfd8e87975604e5e34c","sha1":"10d61ee41e8fe816ca08616159d7b6b8294a2011","sha256":"aca73fc574e12740e3368860b88a284d01b643456f3ed6a06322ecb47750563f","sha512":"e7b30399c71c25762d3671fe662070cc2e236f6aef815084a2460df8bfe72e598ef2b7d84ff808a56d80e7af6227fddbfb45046ac8218ee647fe66b7c08b3f11","ssdeep":"384:qVCILwCiUg1IX33sDycq+AgMXUQKxrhxIZOGNG620vbgZLTE5egwolSV0yuuokwz:AwCiUqHmcd/5xdKZdt8Z3Cer2yuuDPQB","tlshash":"6ce219e9b595713613f350b2406f220bb33a7562588e8018e22bd7c16c78eded267f6d","first_seen":"2026-05-07T16:46:10.96487Z","last_seen":"2026-06-24T01:10:47.605529Z","times_seen":31356,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":20,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/1646289963408995.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:43.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/1646289963408995.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:03:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea10e-2cb9\"\r\nexpires: Sun, 28 Jun 2026 05:33:00 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7Puj0odhn1s7KxNi3rzmRLedUjGbrdfEWSsL%2BYtDd%2BOvC13n%2B%2FRneP5Si5SLxKlMTXO88JQR555L58zS0jrXJXutGaRZH8qXm53cbnQBJczVMSx2vYzJ7PePhthQnxxRvzs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0388591ba8a0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11449,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"2c84be4c4dec401d09a64498cbbd382d","sha1":"1c7053b083d5e59ed5cb4912c5500f39beaf765e","sha256":"88afe4caad9d3ef9d7b4a5301d1b2b4378b54d233038079f0145e2f387f4eed9","sha512":"f0bdebd3923d8dceac9218df93808a0476aedf1a6ccd4274b7d9fdd429cbae2c8f1e36b244b169b9ad6bf3a17eb5ac2a92a0df3304799acda742955ae03f5bb0","ssdeep":"192:5UyKfZZ5JFHS1q5YLEusGFByfrNG9dOvER63Wya7wBXXool4FdoqU8qYyClRehi4:GySn5J81q59usG6DNsduY8BnVA+8qYyH","tlshash":"9632d0cf760b7f69704dc1a2c9929ff084d678673530dac85ab7a4f0ac8a70896d0e4c","first_seen":"2023-05-17T22:40:39Z","last_seen":"2026-06-19T08:45:26.615864Z","times_seen":1537,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-includes/js/wp-emoji-release.min.js?ver=7.0","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:43.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-includes/js/wp-emoji-release.min.js?ver=7.0 HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 03 Dec 2025 03:34:56 GMT\r\nvary: Accept-Encoding\r\netag: \"692fafe0-58ea\"\r\nexpires: Sat, 30 May 2026 05:39:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W00YEn0ES2kYjiH5%2FF7b2wEhEOCOBjVoxRSjHZM9INyHrCo9YDV9zfh2Ff0zpVKe9oAxsaYqQTzCh%2Bq1OYffjdFMsXBzXVYlk0H9NmYoSUBoqxHwFQmEf4pTBabReRclcF8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a03885922aa10883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22762,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19823)","md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-06-24T01:13:25.401793Z","times_seen":281065,"resource_available":true,"data":null}},"time_used":219,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/cdn-cgi/rum?","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:43.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 644\r\nOrigin: https://telegram-xz.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":644,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1746,\"startTime\":1780089401409,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2026.5.0\",\"timings\":2},\"pageloadId\":\"f70f5739-fe6e-4afd-bd01-ba814abfba8e\",\"location\":\"https://telegram-xz.com/\",\"nt\":\"navigate\",\"timingsV2\":{\"nextHopProtocol\":\"h2\",\"domainLookupStart\":29,\"domainLookupEnd\":30,\"connectStart\":30,\"connectEnd\":52,\"requestStart\":53,\"responseStart\":1078,\"responseEnd\":1079,\"domInteractive\":1753,\"domComplete\":2049,\"loadEventStart\":2049,\"loadEventEnd\":2050,\"transferSize\":13052,\"decodedBodySize\":66163},\"siteToken\":\"86e0f7e3896c4c4f8d1ac616d021bb18\",\"st\":2}"}},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://telegram-xz.com\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vAbkOO%2F0qWee1MibVxy9EnyXjVGvkYwT6ognFgnhkVdHAxbeGIBKgQ8X6uCQMIh%2FB%2FdvbZ2Ro%2Fg8GTKFKD6kFw%2FRDmEJgUI6wjMTUoqiAzPFd2%2Bbhya4338FBddJD92%2FSFk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: a0388593baf00883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-24T01:14:29.87514Z","times_seen":16666791,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/anzhuo_a.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/anzhuo_a.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:12:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea345-55d\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MmbjFHPlBGa61UfFu%2BeAZhnNZqNF13Vmz7BxeIDGYunlNZ7F%2FC1A6YW6qynl7yeciVwxSUTOe9fqOabvXH7TxV20APqjcrHFJNqDcorAS6aNCwF6nRSokvWYq2MZLNxlSCM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a270883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1373,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 24, 8-bit/color RGBA, non-interlaced","md5":"26b53d9d8fc5983abb803f30b2c431ac","sha1":"399fa06e7c366f1e3ecf08269cbcfc464a44759f","sha256":"32c9baf6e4b992c39c955da80e50c63080e9898e01f87b670dbc37b4e76db253","sha512":"d98af54144947bdfac4cc4a5bc516ea740ebd46a3ee60759c1e12e102dae43933d63b0178c584b6c72a0e01d769ae1680488599fc0d6418996792753a6110c8d","ssdeep":"","tlshash":"6821d51aea8025415c48cce275ea40b763364c8c8ad0f416beece9269d624f8686d4df","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:53:47.41184Z","times_seen":290,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/4.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/4.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3950\r\nlast-modified: Fri, 29 May 2026 05:42:55 GMT\r\netag: \"6a19275f-f6e\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JQdvGKykphSLy%2BtEOrutcQmIs1Cq70H3ZGBs1bpNLUz3VxB8lG8gufEPLuUAM93BVHGeKNgGqY4zk6uSyumOFzKHmP4p0OdnDrPmPQHj5oW934%2FzWZfE3ENlviMOp%2FZxSwg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a2e0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3950,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 261x197, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0e294b3898e0ba3a93c94bbdf9157b4a","sha1":"c3f0f50ceb0aa46f76bac2eb726a5351f95be07c","sha256":"f3aab0e0151a9963c2f2b348578e2a4d38fac3124cb4ef4e24f24625170e038c","sha512":"52d7580295b634a3397565741fdc9be5d906594070cfd8dd39311f8005d1419a0caf9d936ad3fa287395568866fdc4b8c05a703b862a1dce4d8016248ff680fb","ssdeep":"","tlshash":"88818da4a0e0b300ed266cb814f397f6270f2f2d85666318a01b307df8bc98bd167200","first_seen":"2026-05-29T21:17:07.70503Z","last_seen":"2026-05-30T00:53:47.4429Z","times_seen":4,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/9.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/9.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3830\r\nlast-modified: Fri, 29 May 2026 05:42:57 GMT\r\netag: \"6a192761-ef6\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uR1%2FVHRSb3QOWJGvziHl%2FaZPQKjY4oV%2BGjzg2G8oZZvwTU38znQCkg%2Bk8eswXdJUo6kKpbxPdkptcoR1HIMrHps8umipChvu8qRiKfObzFaMbe7uTZT1HG56bTb4%2BItW2KQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a350883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3830,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 193x181, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dff40e9e17b0e52f13e3ec9ed11f2b6a","sha1":"57802c23f34acbad19af1a09dbf40641a3e762c5","sha256":"993635432ba8fdd3ff60fc2ea80a74cc5158628bcadb01d94a2755d083b37fad","sha512":"ac279b18007990150b31f97902d2f925fb9fc1955ea173a2f8f8af0ab729657bb848916a4ddceafb28f5c370b0374f2663be0526971decc5c092fbe450dd9bfe","ssdeep":"","tlshash":"3e815c8df1290301da6cb5473fb26d07183ccba385a8de99197b856dcd841eb0dec6da","first_seen":"2026-05-29T21:17:07.706556Z","last_seen":"2026-05-30T00:53:47.431043Z","times_seen":4,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-digital-illustration-depicting-a-smartphone-displaying-a-Telegram-interface-with-a-prominent--1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-digital-illustration-depicting-a-smartphone-displaying-a-Telegram-interface-with-a-prominent--1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 15 Feb 2026 07:59:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69917ce4-e587\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vXbxPrG7p40gFLFFCgA5%2B0diA7XJ5BFWvP%2FNvgaF8VU1llRLqMRJZtlS%2BxEzjtXb68BkULCd35S4d075M6twjk8Oog017YH9XaNgW56Iw%2BNZknPea5ltaji9kbbgo1CKgzI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a380883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":58759,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"baecc7196e3d72cbdbc53ca91fc75bb7","sha1":"0910e20b6875652ab4e56047f1a56cd40814e20d","sha256":"5c9a171ef0f0b9db9adf86c2d4db1ba17d04a299709a054831494f3ae5a8ec31","sha512":"ec4915f8137a85189ee95da799dd1bb022cf4cb4607409a82b5db9fdec8f75fdd6690854ffb082c4ed73c04e896177008393a8475417e16d8318b709ff0e2386","ssdeep":"1536:I2KnXIDCf+GYsOLc9TUSOTuAH8F4q1YydjeR:XKnXIef7rOLshquAUYkS","tlshash":"ec43123d6957adceb5439ee0fc5389158c4bed085d8da8486832dfa3f6096f22d0ac4d","first_seen":"2026-05-29T21:17:07.707904Z","last_seen":"2026-05-30T00:53:47.423478Z","times_seen":4,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-professional-office-desk-scene-featuring-a-computer-screen-displaying-the-Telegram-logo-and-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-professional-office-desk-scene-featuring-a-computer-screen-displaying-the-Telegram-logo-and-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 15 Feb 2026 10:04:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69919a3e-f7b3\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kb9FSqSbA%2BTYxfBTJBZHvqaO1S9ZGtEEtCwZ71buOAAMO%2BZEfi9bGYLEamM5hnHUxgpY%2FO2iSLFX%2Bueh2y717KnINO8j0Cy34%2BiHFnv8DNPpyUtGMgWV9bzgG7K9AyuXnhI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a3d0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63411,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"95e4815a3ab556b7adb9c89f24accac4","sha1":"93b1a6c3c230510809865d9cd9229414cd385d92","sha256":"8c06e94843c0e56a10c1d1cb44a9640effd88fd6b8cf34aa0c2fb664b471c17b","sha512":"b1d1cec1cb1f35c512136710cb23e49d6ef575e08c8a1e571729f91ff03c92cb8b93270bbf5b250c2d69ed046c84851c8624c306f439c58de4f51f7bfa1da069","ssdeep":"1536:I/+qbuK3CDEee6jurj8EezFnHJ7YE6NbD9j3poUV71z:A+qaD+guPIzFnHJ7YE6Nbxlb3z","tlshash":"0c53029863e27e1949e84d0eee2267fd85a43676890dfd6c1b21ebc600a57c8e205d1f","first_seen":"2026-05-29T21:17:07.709777Z","last_seen":"2026-05-30T00:53:47.418822Z","times_seen":4,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-modern-workspace-setting-featuring-a-sleek-laptop-open-on-a-wooden-desk-displaying-the-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-modern-workspace-setting-featuring-a-sleek-laptop-open-on-a-wooden-desk-displaying-the-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 13 Feb 2026 12:26:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698f186c-100f9\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PZroW8Cw44KI5yD%2BH8vYLaMswrvA813Ku0np7J%2BH2N3VgsBl%2Fpqx38qZbf5PZLt9mBKEAejeACthLmpzAgpmC%2BM0w847pqfGriY110wv3h0BRJCowpUmgPdm2PurYK6At7c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f9a430883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65785,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"00b21edd6452b8081dad40f176b0a575","sha1":"7a8cc4d7c688a304df9855e0cf7e813264368f9c","sha256":"20b3e0eceba340e10014cd282d6343b3e68510a7d7217a872902a45fac9ce20c","sha512":"7cb0d0f93f653c3020189669d7fd6e081e2ce2579dc03623ef530c78763dab9038332aa9411098f732d7e2a2f8e5bc12934e2a75955ab98f544478ba797bfa6a","ssdeep":"1536:IUL4gWospcKE4frgEqrPUe958LPH/8IgzX4wDbjj1vBzeI:fL4rptrgEgMmKVuP1","tlshash":"e253023f5ee0a4929ccecd95f2f4602bbd425ca0edbd491a0140db3954e24cdd786b2a","first_seen":"2026-03-14T14:45:02.423022Z","last_seen":"2026-05-30T00:53:47.443424Z","times_seen":5,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/01/eyestetix-studio-_rqDHdrKIJs-unsplash-scaled-1-1024x576.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/01/eyestetix-studio-_rqDHdrKIJs-unsplash-scaled-1-1024x576.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 42850\r\nlast-modified: Wed, 07 Jan 2026 13:48:36 GMT\r\netag: \"695e6434-a762\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d0hXgYTN%2BrorDxuKcsOATpudQ824eHT3zra45oZX8LD%2BQ85R38atQSilcI9mmCd01MZO5h4Vs4eeKfTJNVjH7lb%2FOQlggX6pcqZXRq0b%2BC54MwUVtDplLiuYeK3P2q7Wwd4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f9a4a0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42850,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x576, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2b5ae5ec8d04dbd86ae44b7ff420cc17","sha1":"4a16c4f6560f72642b4ec504b6cc467dcecfdbcd","sha256":"8b8dc2861914ed2db2612359de44eff702a5eb7b3a71048ebe5807ec8307e9ff","sha512":"7bb876a835209a14021f99f338f1e47281adf060bb847bc56bf0d87b99eccf9d63d8ed2735401a353892a4985e442720453d57ea19aa24cf1719d876db3e744a","ssdeep":"768:Be9Vhbsi6qrZM+4KjfV2C9ojK3WNa2tAKkJRxlLNr+sp67TYeMyREEazy+lEgw:MVsi5ZMpuV2tjKmNa6aomVe7qNzyh","tlshash":"8513f177726efa3c41a6580ccc3994315522b2d7ac674cb7ee1c7626e0aa88fc744dc6","first_seen":"2026-03-14T14:45:02.424933Z","last_seen":"2026-05-30T00:52:53.743578Z","times_seen":4,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2025/11/cropped-favicon-192x192.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:43.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-favicon-192x192.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 21 Nov 2025 08:26:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69202227-498b\"\r\nexpires: Sun, 28 Jun 2026 05:33:00 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=6,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CaulGPLyTzB72q6zP4DqhCXL%2BTFm%2FaRMP45kPbKAkNEgJyqAC0BwyMEZtJNQvasuqwhKxKk3k2NL%2FmGh2Qr14PP%2FdYwJzcWws5st%2FFDxIWyhBra10nVccejyQBfUqQhuE%2Bc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a03885939ae30883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18827,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"656b27b3ef6583d72abc52fa26866567","sha1":"ef2945d2c8bf634b3049ca1c75e9ddbf5b22833b","sha256":"1c2860b76ddb40bb7e9b1da79c00a09084e3ddcdb30910decd72fde3ced422fc","sha512":"6f32ae8d2f39a89f84612a7274011ab4b01b7b37fa7fe94733e9a20f2047c8e832672728e442b8689541f29db1a6d8f1a296239b62ee4d6164be705f84a73d02","ssdeep":"384:HIRqzDDAQ0jOZup/HRjsbX6vY/TYfylrdKsbH1NZbJJV/:HVDDpqOyHdoX6uTQ2xKsHj/","tlshash":"8982e1cdd235799e80bdeb9346f87c2094e87ea467103be9ba687cd860046cade51d44","first_seen":"2024-08-19T15:11:04.573809Z","last_seen":"2026-05-30T00:53:47.435394Z","times_seen":47,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/pingguo.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/pingguo.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:13:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea367-502\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xPl9BZnIEDuCiyMHuriLnlpo3pz54mMvvMsOIptwHpzrxQkArWHCDhk4RhiEx3v9w%2F%2FOyEAx0TQCdTE2IU0aBdF4sq73fOdEzN2wDRlmcrW783jZZTFMkuDJnENyXmH0o9I%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f7a290883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1282,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced","md5":"1ad800a637bb5abab82cb874736a4314","sha1":"9ae8acd3aed4e4728ebba2e8fc9aa6f57ae741f4","sha256":"f2ced12d8b4a6f16578faf0a46f2665d6e1c8cc23bdcac64ab3e04afaf8f2aae","sha512":"5b3f2c58d1d820a16f76b7d015f0858c8bd77dae49de14a4732613e1835f5754856e1a6396b098173d52f037ed037f2bb84abbe28ef72056e5fd7df56eb69b11","ssdeep":"","tlshash":"0a2162aaaea02842a0c4e5c160f51132be130581d5c0f1b2fe4ed1a76e747f58c1ebc7","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:53:47.427209Z","times_seen":290,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/pingguo_a.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/pingguo_a.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:13:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea367-4fa\"\r\nexpires: Sun, 28 Jun 2026 05:33:00 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ttChfAw1yLkoTSFgAPPeViHNWjvahQZNYayzHyLHZHIvv2ZqFj5gemndciNv6i8pcsNsFsWWjq%2FGBpc6JfFyoZpQ%2BKBYUqrNb%2B5c0hYR%2BimWm3ovXTnKvKZ50j02Vmljk3c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f7a2a0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1274,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced","md5":"3b92fb5f00b1c371fb5e6c5a5c1a6fac","sha1":"852dfbcfbd0702797fe29527e3bbb10d7bdd55bc","sha256":"d760ccd7e36938e74f5ba8cc916ca0a69eb772c08486a3846d5079b520761890","sha512":"07b108880c3e588770cfcf0dc13149c0a145acaa0039a8e8140fff4e197184e64d7fcb3fc0646a9be8cc820b6069fcb74e561f164bd35c37b063a6bcfdafe958","ssdeep":"","tlshash":"5321656bed5024819989a2c228e792756e460cd0edc2a075ed8bc8123d283fd451d7c7","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:53:47.422902Z","times_seen":290,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/3.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/3.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2816\r\nlast-modified: Fri, 29 May 2026 05:42:55 GMT\r\netag: \"6a19275f-b00\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Erx3QzFF0Qq09K2gry89Dv2ROhp4wNZwvzOF%2FkEPPLAlmxkdeqwMu4g6EDy4RjyQ2OYUOHcUmpG7vJYOF0eHPliZeMo2ix5QCm5Mzx462GOca56pr8iNzpj%2B4voraTE3TlQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a2d0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2816,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 239x175, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"30c68ba85c205c92e583f4cbdad8f929","sha1":"d4e816111be6e9cbb9b91f0a144867c1986375e1","sha256":"774d8d75eac35e349f863ff6ceafd6c296d9358f52a5f9c40986bffac95c91df","sha512":"3ca6f4f224ebd87d19b685b7a8990f280e6cdbaa019cd7de3989b87cff8b5e454373d5a563045d8a2eb8bdf4daf395c6c824cd6fb6685e0e281b2fa11c45ebd5","ssdeep":"","tlshash":"0d51399347443acbcd96b6a32c6577b69c4e08c3ce4b4821625f898642db1d0e75e8ac","first_seen":"2026-05-29T21:17:07.716069Z","last_seen":"2026-05-30T00:53:47.44014Z","times_seen":4,"resource_available":false,"data":null}},"time_used":628,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":628,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/7.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/7.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3454\r\nlast-modified: Fri, 29 May 2026 05:42:56 GMT\r\netag: \"6a192760-d7e\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JMItaeLOR7QZ5k0C5teXQS%2Bxsj5%2BJpngcaCpr1aSZCjQvTz%2FoGSNq%2Bo9kMmgAS4%2FCDR4uigfX45PaH%2FYkxIlUdxxY8o8oGWObPDYubSjg89Mg4JW5uyMyG7E0y84tyh%2Fddo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a310883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3454,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 205x175, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f99043e2321360d8dbeb8bcebcf0806d","sha1":"afa18eb687fdf8208bf58fa0ecc7d612df4679fe","sha256":"806b40904b9addaa53c443e792e66fee4d07344cc62b78adc3b1272102b82827","sha512":"061ce0501c5ba55b0b57601a2d5f683577ea81dc12f41243faef30772b14c479e565fcbaeb9604668ecd0a8f8d6839941039e3ef2fdf8ced6a5e0aa16e91f710","ssdeep":"","tlshash":"24616d4c136f2b452c0956dd5c920007915fdb2d6caa77c3b6ac7c1b21712876c773d8","first_seen":"2026-05-29T21:17:07.717017Z","last_seen":"2026-05-30T00:53:47.436915Z","times_seen":4,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/8.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/8.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2902\r\nlast-modified: Fri, 29 May 2026 05:42:57 GMT\r\netag: \"6a192761-b56\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eYJpxFCVa35MpE4w41ZxvQ4NDj0r663Dm8nSYBfEBexAi97f7xheL7xocEooy4pAgE2uVn%2BjkDMVMvfO7EEHlvu9PR6KmcoKvUFuwSmQr1PzmpMiRm%2Fa5JQV%2Fm5S10FaREk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a320883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2902,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 204x158, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"54ba92b2b26afb9407a57cbc95a82ead","sha1":"68e5ac15886f58c96c606b801cb5c219907bbfb8","sha256":"9a61adb2a28f48add5199c97a0cd4ccc25ed9aee55ede0eff790429876c73f54","sha512":"b2004b0064a6166f702d857f6d1e2e8598a6a950fd315b2d012c489f420ea1a4853058b7b792c74cfa4f9738ba45aab422f1d1e0a9deaf6b44718204f9997ddf","ssdeep":"","tlshash":"9a517d02c8218672732eccd2f1ceb1e070cf009ac4b20b50b97d5a430ede7c0851490c","first_seen":"2026-05-29T21:17:07.718305Z","last_seen":"2026-05-30T00:53:47.421161Z","times_seen":4,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-modern-customer-support-setting-featuring-a-professional-looking-customer-service-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-modern-customer-support-setting-featuring-a-professional-looking-customer-service-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 13 Feb 2026 12:44:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698f1c96-f253\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NIJxJorqGGIfEqVTRHd6zQGkVQ9JTncDyLgwJDkpE2S8wtccBxHxvodsANHqeJXFCBZq5%2Bfb50x9CXzhbI3X1%2Bm81rmkIoPpMYniYviDPqxigdCDp0jmKQzAlpT1RKtR7sE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a420883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62035,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"45a691e2cbe74c8cb9c32e13e99b9af3","sha1":"990bf377f369832c8287fda2a733a5762036370a","sha256":"d188c4c58782c066ffd4bc68820db1072b1325353328ced21db30483bbad0e8a","sha512":"8d2aa2ccce83e8f40df8e86d196605bd2adc6edbf96b01278640b743b4406b20fce94d61d7815632cb0ff9886d319ea5240619b6eedd57e0076703414b3e688e","ssdeep":"1536:IIZWEn1/cbox1lnXXjKazP+2BkbkYAL8juufuDpv:5sgeUnXzKab+24ELOov","tlshash":"6953f11e5c40f201d1625fbe398d9625221f731536df1a6b2834fae868a3a84fc1d7d8","first_seen":"2026-03-14T14:45:02.476196Z","last_seen":"2026-05-30T00:53:47.437471Z","times_seen":5,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/Telegra111-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/Telegra111-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 12 Feb 2026 12:19:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698dc563-e91e\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qbb%2FP2CPMHDcNQrGD%2FIU6q3G11xEkDlWLKRbSobq%2F5Qohijgp%2FJ%2BxX%2B9WNw5WYKVtNmHUMTiEX3xw2RlpFSqOtop50mlUes4RhzdnK%2FKsr5w8RHKxbIWHZsf67Qa1NAbLkw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f9a450883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":59678,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"6ce28f3817453602756e303f6dff5024","sha1":"c88ccdf45d29f2b54e000a51a8533f239bcd4bd8","sha256":"d01e5ad0f476815c86fda8fbfa4c63fcdc2004525182778d94b63800fdff340a","sha512":"531ba6bbf92d0597cb358edf2f0aca9c768887144d3c31011bc82a57752f5fb2d4f737b038a30dab1f8b76f9111b16b676dcce4ac4137fb86d077a243624ce2f","ssdeep":"1536:IynJadwJd7WKElu+2E0hooNWgZ9/EEc/+N:s8cBlgFCMPZ9/E1/A","tlshash":"0943025d9e8e89372882dd16d3c7d7431bcba1c21885f67a706b6be5fcd1bc0542ca18","first_seen":"2026-03-14T14:45:02.406119Z","last_seen":"2026-05-30T00:53:47.425996Z","times_seen":5,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-close-up-view-of-a-smartphone-displaying-a-Telegram-chat-screen-with-chat-messages-being-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-close-up-view-of-a-smartphone-displaying-a-Telegram-chat-screen-with-chat-messages-being-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 13 Feb 2026 13:07:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698f221a-dd07\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bd%2F4j0hSJ5suIkgoIR5hkPxepYoMywLOIj5A6aqpBZ%2F7Ordu1HR%2FVn%2F24HEf96yQxmFGhN00zU8BRhV1kb1ENpD0oL3cfxPYoIcUPlXmLBSd2Zcyuo1IGKgAMADsG4DUEdo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f9a460883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56583,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"eb664dd06c804fb070b48da6b3cd06e2","sha1":"25ce123cd561df5a31947007157099fc2cfdc481","sha256":"6b9761fbac0d2c32da4881fb60621efe880d0e18088e54d16a5ac692ab10864d","sha512":"a4d3c72680d04d4a297890ab78886c4afc2eb57e23c143046c02e1e30744afcbcba80d4d174c93559a919e0601e950bc9d92ef4ef2a761119963f2c01f388728","ssdeep":"1536:I6MRVmzXK+p+rt2cDpYjIZqcdLClQkBF0Z:a+zXKmcDpDZpsldBFW","tlshash":"f64302c96940b2bf6e6377b461331c5fd8ec5c883de4404a2effa06541039dae6b921b","first_seen":"2026-03-14T14:45:02.465392Z","last_seen":"2026-05-30T00:53:47.440695Z","times_seen":5,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-29T21:16:41.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 21:16:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-edge-cache: cache,platform=wordpress\r\nlink: \u003chttps://telegram-xz.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lDo%2FKI%2Bk1Ld9Uzg%2BxdY2hNc9Rh6jLL99nvqeBIlhz2%2F2OMpYN4g%2FVZT80FT6Hvyz7SXeCYC%2BLwQubNpP1%2FFZ4UriXgHT0Blgy30E81UYR0QQktkvU%2FXt5mnq98fNEamdGvI%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=9,cfOrigin;dur=1008\r\ncontent-encoding: br\r\ncf-ray: a03885872bd18be6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Yoast SEO:26.4","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress:7.0","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}],"data":{"size":66163,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9139)","md5":"d2d807cb757c2b2f45ded74185859ce9","sha1":"6352c8eac813b5f4076910df8ea9167091fc1897","sha256":"8f84c59061587118f10a1fceef8b6ba257277d647e670f53d6c6ed8f0cbf1b55","sha512":"4cefa6354a8f8ce134e6b3349913f89f128ec5aa160669089201ee5bfa5d9734c94fe8a4e8da1f193c735476ca4fd914fc40ae49eb7d35af278af13cc024d3bd","ssdeep":"768:GZW8Zdyp6V6Y6+xkfXZyaOwVE2Duo0sCyU:Qnypm6Y6+x0p7OuE2DpU","tlshash":"dd53b87613f8802375cac6ea1166f72bbf51e107ee0a6346b1bc29495fd2dd34a6321c","first_seen":"2026-05-29T21:17:07.722874Z","last_seen":"2026-05-30T00:53:47.429729Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1072,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":1025,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/css/bootstrap.min.css?ver=7.0","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/css/bootstrap.min.css?ver=7.0 HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 20 Nov 2025 05:02:45 GMT\r\nvary: Accept-Encoding\r\netag: \"691ea0f5-cf02\"\r\nexpires: Sat, 30 May 2026 05:39:00 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oqi1sFVtpZ0GcxlNjcsjjkhft%2FVoDs4oleovtuuwE3jN4pZlmTkOtroO5bCLA7OHWsT9PsuuMm9ftcRGgaCUZE%2BNZHKLQuJIfIJQqa5wTcsMgMqFgkR3aLJOAjQAb4%2FCeAU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f3a130883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52994,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"9b49deda6a930d1f8ed017070536053a","sha1":"3a6bdeb35f53a8df4293e14f92f415247bb90212","sha256":"74e0d2c2383becc7f600a4be3e84758360a0b16a7979c8c48d37f83916700aff","sha512":"761c49711a458819a7a966f2e0a0b354facdd12b1857c757e4d05d620c18cba73979552c14a7bbded1b402275d87a531078ea09daab306dd706141b6aaf98252","ssdeep":"768:isH26AFXnrCmdUngBVRl7FSZwQXFb/WUjaZQJqCbnwStUOVUPIU4:isHRA5rCOUngBntuTBoCZ","tlshash":"6e33a411d7f23d85211b825c5bfe57913b2a1053ca0dce3a7e6f23948f4e5a446b2f8a","first_seen":"2023-10-08T02:03:40Z","last_seen":"2026-06-04T19:54:50.416828Z","times_seen":304,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 09 Jun 2023 04:49:24 GMT\r\nvary: Accept-Encoding\r\netag: \"6482af54-3509\"\r\nexpires: Sat, 30 May 2026 05:39:00 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7FzFqvzYRjAzak1e8YiA%2BQSCiNNiXTFy%2BvoAL7Pm11S42ZASvV5Lwju2qLjnZ%2Fj%2F5RJlheSKwtr21ROgNOUeIqJzqrZbmNStzZc6EhS09dJbJy151yuzAtcOjtPa8B%2BIBMs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a210883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-06-24T01:13:25.44201Z","times_seen":851266,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/1.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/1.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2566\r\nlast-modified: Fri, 29 May 2026 05:42:57 GMT\r\netag: \"6a192761-a06\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1THMgWyxID68J%2FmY61yKHYaXWOk90vd2C6B7yT5jL6naGZgX2DGce1tdwC%2Bi2vlLrKfF6vYxzjPaOxBNA0FsWbiDY1jz%2BDQpksYRhS2GRzrdPVGJ8XD7XiwOu0TxdHIOtM8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a2b0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2566,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 183x162, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c5496d02617aea09033da5d1e50faac4","sha1":"4a9616051da42e971d9bd4bf6923bea4f0e2a293","sha256":"4687df2244e4d8cb031ba51a918c9433e895a83d937c6b86951d5d9e905a08db","sha512":"5e38f4efd51cbd95b8b41d8f19f249a20c9ebe26bb49408dbbe27cefd4d051a046907002df79f376643512738caa878bdd7570f0e9fa2046c11c2bacafb7d6d0","ssdeep":"","tlshash":"68514c2ac500e7af6c64439167a7de9008efe9f78a009618b584f1e38a44f821a0c74e","first_seen":"2026-05-29T21:17:07.724747Z","last_seen":"2026-05-30T00:53:47.436393Z","times_seen":4,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/5.webp","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/5.webp HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3022\r\nlast-modified: Fri, 29 May 2026 05:42:56 GMT\r\netag: \"6a192760-bce\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fVhDFmiWIxutDvmI9O1CLc3PZ7uexjvwQV3GzSVY%2F5MwEyvTjplCL0%2FEncxYD6n6Bu%2FwKTOaMYyS3tZCPt02CIwjVqeUk8fwhIfxokvYgqQ8BwBLs4PMrhMpbvU4vuCoUH0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a038858f7a2f0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3022,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 194x169, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bc2ca135a286acaba3498ecacf54619b","sha1":"e58d1f03ad6cf3b17eb85b1272f24f12a517244b","sha256":"37e62198d3749e9f52d2069997c436447d2182dc0a16557285a51b9afa0adeb6","sha512":"0d655052a6b9b466d874c54c8c93c981ba15ee4a07b2d55d7afbc30e31ff3e58dee1bb991bfb3ee11ba9dc8378a940b36ea5b3f79892f09b445fde0ea2cd4a72","ssdeep":"","tlshash":"1b517e696ab5db143405fb1d8e31e00c7910241794a5fc4aafe7dd48f622c44d392dc1","first_seen":"2026-05-29T21:17:07.725796Z","last_seen":"2026-05-30T00:53:47.430353Z","times_seen":4,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/td_laptop.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/td_laptop.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:03:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea111-2e526\"\r\nexpires: Sun, 28 Jun 2026 05:33:00 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L2qkMZp%2BWKkRmACUoVW4COTL4L3eFPWA40LIeExUrU66i%2F5uIASKwDNAWF0Gl5g%2B4A7jifmn5CNgU%2F70Q2f6cE2%2BuEvR9GiznPTd5vPOVpbvgzj21ozE%2BK%2FgtH8cI1V2ZTU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a220883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":189734,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced","md5":"40d4266e5aadc87cceec1ab420dc2692","sha1":"266c56990a106b6e9efb0f9ef2a1a752aa6fa0fc","sha256":"3a1d4890b3e91a01c20c65b75f1ae028e3c445cad1fd2d249dd0868876dfe4b4","sha512":"7de32defdd87034f29930a7a32915100c2a109a80c79eed4c0a5f3127d1101fe0bf59b41cb4c5807f6fea29a7721ebe74c55a8a4942c4ef67edc40b860f46277","ssdeep":"3072:qKCCO9mMyY1K6SCUQB4AxtinSEItHFDukVnxJQTu6r6R7NApp4rFDwGIQ:nzOkMy97CRR3Ljn5n2uYgGkKQ","tlshash":"ce04222d40b240c7bd1bea21a1f82f73233836206aadfb73b43e9d429cb76554d1156b","first_seen":"2023-08-06T11:12:12Z","last_seen":"2026-06-21T07:28:43.333493Z","times_seen":1305,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/anzhuo.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/anzhuo.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:12:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea345-560\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tvrXX%2BDtc3cpwxn9KM7Yy7n%2B2rJHEu47Dtdxm82J7kEgqzEMlNTLOk91L5ApV6aA2XaRr1TolRJmFpwdH1l91kNLeWfzcPg8sl5tCyrB2gF53VHYgWUtR5tRMtwlBCDusCk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a260883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1376,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 24, 8-bit/color RGBA, non-interlaced","md5":"dbd5ea2180e785f76e3f626318254bd0","sha1":"7a65c468f485ba692102b375f0dbb937c11b4649","sha256":"5788136b28395c74f558d5254ca03559f2f333d4dca6f659986f0f8db54ad2c1","sha512":"732e2a8551ed9897388e01c683ece48405ad493085c26d2ec2cf91a829a0e89292e41e173d5fd7cd4f391c794c61a2e4c3b6163ba6280046c88abdc5c6b0cfb5","ssdeep":"","tlshash":"d3214168e8d06cc39789be8230f651268d634dc0dd90f4a4a68ed8161e6d1b419995cb","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:53:47.415278Z","times_seen":290,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/apple-768x512.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/apple-768x512.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:12:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea347-3e3bf\"\r\nexpires: Sun, 28 Jun 2026 05:33:00 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rMmBIMvelwjhza7R4YMvllY3bulI0XWViM6u8Mr85xbxXOMJBlNDw7KUXqULbserG66MzsHg0PUnn9T0A4Z%2F4OKHeJmJwXmyWeYSnNWr5yhjuIn3ZaBNSAlM6Rd7gbBGtTE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f7a280883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":254911,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 768 x 512, 8-bit/color RGBA, non-interlaced","md5":"64d61a21bafad4355d3c314b678beb26","sha1":"93cc5e065053834be5da3392e2076e80b7892d03","sha256":"294ab18442242a5a048ff4d24c85ea061f9828c3bb0e30673ccb98885e859d38","sha512":"ab5f60419970591c5bac568e8852368a0157dfc5bd7a59ffd474c17a48753c716a2eb032340166651c6c485bff30f81245e76d55af6ec3f1dea90c1c77e54e55","ssdeep":"6144:IfPptcB+ncP+snmHmeuYUGwOQOLCsJrL/0/8wzr/90W8UQ:I25mHmbKwOxLCsJ9s2oQ","tlshash":"8744231136c18c2cddf747b5c8e2ec8a78377828e3aad41c157eaee9119ac55d052fe8","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:52:53.666594Z","times_seen":310,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/04/W01123333669586206.jpg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/04/W01123333669586206.jpg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 16 Feb 2026 05:18:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6992a8a8-ae4e\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5TFFotoqO%2FFCBfAZmR3hJNtljPVvD5yj%2FqpUTMCHHxcq4C%2F23O96U3mLUmlHOXz5OZo5OH%2BaIUutW9CcRGT8Vmmd2UWRFzKEmBkW8UJbY%2F25zmWHuI1sprf6%2F1rWSGkSMNM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a3c0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44622,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 630x354, components 3","md5":"cbbbf58b9b19a379a210d4877d504655","sha1":"d1baff440570b4822224c57766e090edf5a53917","sha256":"84893480e7dc3a2c47fae4bd08ac9f071885e10880b021752700ed2cff9d6b69","sha512":"70b312fb54217a1b32503f741835e3afc9192c60b3ba58b82ce51556b27bf1f7717fb7365a8ff19acf5456b83f07d36c36553b32e013eb51b0135b81287d727d","ssdeep":"768:96qzF9sMEJVhF3HPZ3zcBBItQNnMgIYLRgkdoURLgYaMtnuwR/SE6tU4E/PEwjID:96qzFyDNNcBeONjfgkCUVLnuwR/+O4EI","tlshash":"2413f1f3f2567b834f8d26229a59bf2254529f49cdcce4d629020318ce4aa50f16d7bf","first_seen":"2026-05-29T21:17:07.729539Z","last_seen":"2026-05-30T00:53:47.427898Z","times_seen":4,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/01/Telegram-Web-Version-Features-1024x585.jpeg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/01/Telegram-Web-Version-Features-1024x585.jpeg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 07 Jan 2026 15:00:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695e74f9-f3ed\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tHWdh4hLzKzBMcz2JFV5JFfUKjwXzv2%2B1dd5gPGC2Xs83ySzFmQ7pwUfOUWRQF9%2BSAvv372ZlC8%2B5CcDlXmnxYclFqtUrA3qlYYhYgIswak%2FBQ6GpEhcRTeAmFQ%2BwacHt40%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f8a3f0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62445,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x585, components 3","md5":"7370aa1971848bdce2c755134b708c2e","sha1":"79050eb58212972876972cb7701a31bb0107be3b","sha256":"4a5e9190e82ca8ba552670ed3d4729a05c4e3621a38623d7f4d039f8ef6b1562","sha512":"aa54b8b892904aca9799f96784344e76bcfd145121d091afb6a2c938bec24b6cfe50c1073616f39800bd12d2a61ff0eba383e131ac23dea6dad5de48d0e334fc","ssdeep":"1536:IZ8m+zsfpRl/8t2l9XdtKyFTFeAp7zEqwasY:q8jsfl/uSXbKwTFeAVE3Y","tlshash":"5053027f1311c3e204cc9e570900d4ead40b96507eb6e7bf7f32fea0a56886d9b58648","first_seen":"2026-05-29T21:17:07.730544Z","last_seen":"2026-05-30T00:52:53.760132Z","times_seen":3,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/js/faq-schema-ultimate-public.js","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/js/faq-schema-ultimate-public.js HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: application/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nlast-modified: Thu, 20 Nov 2025 05:02:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Sat, 30 May 2026 05:39:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\netag: W/\"691ea0fd-349\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=05ZNW2qwa0Q2F555MyCx849Gtu7wwC6KSm6DejLjm8kul%2FVM5G2sshQA3MXJxl0D%2F%2FPXml3Oz0R5A9nBsb4u0dWSI9H60qoxG%2Be9Okz5hHkYS5BVW0DXXVSnVIn7JXXvNJQ%3D\"}]}\r\ncf-ray: a038858f9a4b0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":841,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"49cea0a781874a962879c2caca9bc322","sha1":"72c1650de2b93ef320d2db873fbb473fe360269c","sha256":"57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37","sha512":"7ebf5da4637794cdab0d199e8b0550e9230a1550804a4ce7fc723a8881e16d12327b9c40bceecff54ece29dde71bf41e63e8510adf0827c4cd13c2392e6250a6","ssdeep":"","tlshash":"63011ecefbc22622c0337ab85def739873ba902581d66ec42850013c562193f8067cdc","first_seen":"2023-03-07T01:03:06Z","last_seen":"2026-06-23T23:16:19.473166Z","times_seen":20665,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2025/11/cropped-favicon-32x32.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:43.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-favicon-32x32.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 21 Nov 2025 08:26:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69202227-4cc\"\r\nexpires: Sun, 28 Jun 2026 05:33:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=6,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4Fd7qwMyU4gRynqZtWxS1vqxva02bHhvXiJoQUThe6fZRnsTlxbEORKzr%2FJ4QhI4Tn3lWgVgNj%2BRiwgvtdVZ4%2FgwRi0TRneFeeSr4RR5gQQrvDAREsyyvdS2SVv19n68rqk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a03885939ae40883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1228,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"1265f3a4c1b7c6344fb75af63936bf6a","sha1":"06689cbc8c4ab1e94ff05cc7851e806c877a61e6","sha256":"a6b8f28b60a19e8cea355a45a11b05fac90c89fd12ae63a9223821997af3693c","sha512":"1ebf41bbf31226ec50253a0be5014a8b5fa7684cf4ef984a0f0f4739ff9c62000f6b2a3f661553f26324dc1eb9effbb13921ce5f9d59dd7db7d3099434a4105b","ssdeep":"","tlshash":"f521b7e6c6af64b1610a0702ad0701e179e3daa2986d950d8b7ed92c9e35d16044de70","first_seen":"2024-08-19T15:11:04.600178Z","last_seen":"2026-05-30T00:53:47.438656Z","times_seen":47,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/page/2","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:43.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /page/2 HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncf-edge-cache: cache,platform=wordpress\r\nlink: \u003chttps://telegram-xz.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NNYw4t3PmxG9dX8eKoqUdfXnuFTq8PV5Sz3mU%2FhN78XpVgk28aNqYSg2WzMvu5eZe9%2B%2Bt9B2nyJDiyF6eoBGVraWMG%2BQSC4btmLuv%2FM5G%2B2gNMMPANgSxT670elq%2BtNH7%2FI%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: a0388593aaef0883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Yoast SEO:26.4","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WordPress:7.0","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":65788,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9139)","md5":"7adada99e7604d789a1b79c01018b9ec","sha1":"60b2c18cf5a2b313f538ea9c7d63cd37ec507a53","sha256":"1ac437ad04f0a03d3a32388e22764366a57ab917d4adc5d3d2af286d20999a8b","sha512":"9bcc98239c2f3219c96053684681cab5410914bd6db63c12fa54f0d5a975447a73774e50cd39e103c5c5410323f705e497c6d3833cfe8064fdc145b799b7540f","ssdeep":"768:NZW8Zdyp6V6B6+xkfXZyaOwVE2Duo0sCT:Dnypm6B6+x0p7OuE2DY","tlshash":"c553a77613f8802375cac6ea1166f72bbf51e107ee0a6346b1bc29495fd2dd34a6321c","first_seen":"2026-05-29T21:17:07.733027Z","last_seen":"2026-05-30T00:52:53.759276Z","times_seen":3,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/css/telegram.css?ver=7.0","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/css/telegram.css?ver=7.0 HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 20 Nov 2025 16:12:19 GMT\r\nvary: Accept-Encoding\r\netag: \"691f3de3-1604f\"\r\nexpires: Sat, 30 May 2026 05:39:00 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xXkmnrUG1RFOs%2FJA00FwvTuuQ8uTs3rup6SONvzeRW29lw6JgNXr%2F2U8%2FmEUcs0Ox9CQb1Ult9qL8vlVQhkwxx4i2kIEjeOSnuC7wKhN1Z%2FrB6x0Ru7syZb8VteHlKBuIIs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f3a140883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90191,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1269)","md5":"43f0d6c25a274670c453b21bc6b294f6","sha1":"0ed988160811fa59c3681d4e1ab4af2bc389cdda","sha256":"fdab3d6f921881bc803a523b822609487c1f97deb3a71e01e2bc0ef38dcdb80d","sha512":"b9daff0d1071c93efd8c01ddae65d8f72534f9a8d4ab0d70e8f0314c003374178427d4a798889397357edba17e06393691ce31dd2668aee32131c31151a9520d","ssdeep":"1536:ZJnp7Tx8dMydl6Qi1qbibuz8/A9AHdHeE7IKgFo:ZJnp7T/qOqb6","tlshash":"dc93a49a8eb71904742f81686fffd742323d4083a54acd7dbb857648cf85ae441a3f89","first_seen":"2026-03-14T14:45:02.427985Z","last_seen":"2026-05-30T00:53:47.422368Z","times_seen":5,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/android-768x512.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/android-768x512.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:12:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea345-33649\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AyqFE34SPc7xQGN75XEEQFcHRv7fL%2F5JMQsvWkr2lh9hM9CITEYW5owKK3jGuYvi8AWG4yQIfFewtHcmBX%2BjNYK0EKZw1FRwstpJmGlX%2Fb36q3S4QyabMRBbLEWcTxJYgJ0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a250883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":210505,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 768 x 512, 8-bit/color RGBA, non-interlaced","md5":"fd093a0a931f4a017811311412c9271b","sha1":"ea04eb557d2e98a4ba4c576e91e54586a57f45e1","sha256":"8ae4c9dfaedd3be0a3324abfdf858093b55ae08c30582177b0a774b2f2ac2d1b","sha512":"67ccde69fcbb3cbdf1765749363cefd0e6fb19d89de97ee04b5b36ce340a0364eafe269b753191ff855c228baff5cfb114b6a0ea9aa2d1412f274e8ea13873b7","ssdeep":"3072:y9uaNyEjlkHoafn4kHwZB8gpmI84iLMQnMRy8+o8gymUcGZcAop0gi1Np5aJY7Ji:y8aFPrh8JjNnM1nq2x0giJ5DJ24mAyp","tlshash":"ac2423c1f612656e660638cac602ce1517e73b8701316326650bfa435d236bbec5cbeb","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:52:53.713668Z","times_seen":314,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/uploads/2026/02/A-cozy-dimly-lit-room-featuring-a-person-sitting-at-a-desk-engrossed-in-using-the-Telegram-app-1024x585.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/uploads/2026/02/A-cozy-dimly-lit-room-featuring-a-person-sitting-at-a-desk-engrossed-in-using-the-Telegram-app-1024x585.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 12 Feb 2026 11:40:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698dbc47-b8829\"\r\nexpires: Sun, 28 Jun 2026 05:33:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dJZdw0EoygAO21A2XNuFFQch%2BQ1Nk%2Bu%2FzicfmYl4DjxLsQVKAStKx08JVn5gSNvjU6rGqkMF1o2ZJyFx0eXjiSG3m7N7USbzA6mzgg6JjKVwRldMMkQjJxu%2Bzhj53C%2Fch6o%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f9a480883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":755753,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 585, 8-bit/color RGBA, non-interlaced","md5":"3dd89f6e6585200c97592440d3fb0f70","sha1":"0e62e06a9bf30329455f8e0ffccc529c80342437","sha256":"7c236ea5bb440403cdbb528bc6df190f3a56f2061758351b4a6b6961fbe521db","sha512":"4182db7909572491c423b1c24476dd3338cb0110778cf2c77ef206d53db701139ec9a0f9f666455468edf7b0f859d7cfc7ffbaa1245bcb03e5a2f3b1f5e57039","ssdeep":"12288:q+hyaJvVvarZ++e9kxmcoQ6br3CvsSQpXVzyeCT8a5yEylPGWmWNg60ENyxQfQoc:q+CrZ++Pmc2i090nTt5yVxGW3g2ya/Gj","tlshash":"d0f4337fac6ae563af5ad25100bc8568358cbc827f2751d3b7aed04421dd0c73998eb8","first_seen":"2026-03-14T14:45:02.436263Z","last_seen":"2026-05-30T00:53:47.441721Z","times_seen":5,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/zhongwen.png","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/zhongwen.png HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 20 Nov 2025 05:12:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691ea322-5ca\"\r\nexpires: Sun, 28 Jun 2026 05:33:00 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a7a2Id5O9%2BGbO21pyPDU5LV0ZKyz947cZAknUb%2FR65w0%2FfrlTNawpqat8h1XNgS0%2FvNCbiMUieRB6U0u29A%2BfvMb0u%2BdV3KVSULOIKswkdKCDQRmHI9OwgfeRXqFiMjicOw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a038858f6a230883-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1482,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 24, 8-bit/color RGBA, non-interlaced","md5":"1039e4724e6e71df55fdd19af799eadb","sha1":"258cd0a3d5307ac1159f28919fd0589cddaa0c27","sha256":"7918a824b075102848e36cf7640770ca9a92dfcfddf962c9da857e635b0ac83d","sha512":"499dae3760bf7ed0f13501b3217b80c15816981a8482ac67f5379b94b945cf36255c86a2557aea98705487b31a31b35195254313a54b1e2bbb2e392f89003c2c","ssdeep":"","tlshash":"1031c7e9e6e022c2208eb45268fe8239ed134a414dc4e4f2b8efd9170d651e5842ded5","first_seen":"2023-10-12T13:27:09Z","last_seen":"2026-05-30T00:53:47.424101Z","times_seen":290,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram-xz.com/wp-content/themes/telegram-theme/assets/images/default-news.jpg","fqdn":"telegram-xz.com","domain":"telegram-xz.com","tld":"com"},"ip":{"addr":"104.26.14.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram-xz.com/","date":"2026-05-29T21:16:42.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram-xz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 May 2026 14:55:38 GMT","end":"Sat, 08 Aug 2026 15:54:23 GMT"},"fingerprint":{"sha1":"48:D4:53:D2:2A:35:8C:77:1A:64:79:F8:34:AA:33:37:F7:CC:BD:50","sha256":"AC:33:46:56:10:00:E6:78:59:01:D0:9A:5C:17:22:0C:69:6C:B6:ED:54:53:E5:E4:B0:A8:98:3E:8C:B3:A5:5D"}}},"request":{"raw":"GET /wp-content/themes/telegram-theme/assets/images/default-news.jpg HTTP/1.1\r\nHost: telegram-xz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram-xz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Fri, 29 May 2026 21:16:43 GMT\r\ncontent-type: text/html\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DylIFbS024731GhgHlhi4i71JkOqjUFHiEi5BS5mNGCo8%2BFgWbNhS8elUt5rCUgpGl6vBWB97gWkuVF%2Fr%2FL3Juyma9X9wP7kvd8P4doz5VquKgEguiR0RRhrMDrCYFGyTC0%3D\"}]}\r\ncf-ray: a038858f8a370883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-24T01:14:54.403899Z","times_seen":281090,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"telegram-xz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}