Report - telegrom-aa.com/index.html

Report Overview

Submitted URL
telegrom-aa.com/index.html
IP
35.187.202.196
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2024-05-08 04:46:00
Access
public
Website Title
Telegram
Final URL
telegrom-aa.com/index.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
58

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
telegrom-aa.com	unknown	unknown	No data	No data	13 kB	2.8 MB	35.187.202.196
t.me	6552	2010-05-20	2015-06-29	2024-05-07	414 B	515 B	149.154.167.99
telegram.me	11938	2014-01-07	2013-10-13	2024-05-06	421 B	515 B	149.154.167.99
zws2.web.telegram.org	144268	2003-12-15	2021-06-24	2024-05-04	585 B	220 B	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-05-07	medium	telegrom-aa.com/index.html	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram
2024-04-21	medium	telegrom-aa.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	telegrom-aa.com/main.aabebbf743db639f8932.js	390 kB	2024-05-08	2024-05-08
Pretty URL telegrom-aa.com/main.aabebbf743db639f8932.js IP 35.187.202.196 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 06:46:08 Last Seen2024-05-08 06:46:08 Times Seen1 Hash 939c075d35c30477ef6012431c475581 432c7b4b85bb1d9040d66d0b7987d714217b23ab aa92fb372adea2595fa3f8e4bd549616409ba3e4064550ddb42b0a2b2296dbb5 Loading...

	telegrom-aa.com/1915.44f46b9209d4c21e2dae.js	18 kB	2024-02-22	2024-05-17
Pretty URL telegrom-aa.com/1915.44f46b9209d4c21e2dae.js IP 35.187.202.196 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-22 12:46:05 Last Seen2024-05-17 20:45:16 Times Seen36 Hash fd4abffe4de6fa1955cb7c9df7c0a808 860f583e5ef2f6ddcc0c464fb4a87d7e6eb955b8 166b9c140da17864486aaa8e6d53ad4169ffaac1b2101c73680550f9331c926f Loading...

	t.me/_websync_?authed=0&version=10.9.3+A	4 B	2023-03-07	2024-05-19
Pretty URL t.me/_websync_?authed=0&version=10.9.3+A IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-05-19 21:12:03 Times Seen24083 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	telegrom-aa.com/3748.5272039f5f8250321d3c.js	9.8 kB	2024-04-20	2024-05-17
Pretty URL telegrom-aa.com/3748.5272039f5f8250321d3c.js IP 35.187.202.196 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 09:54:06 Last Seen2024-05-17 20:45:16 Times Seen10 Hash 885138bc45767a147e081f761df5e18d 92ce9a73d252e2dba3715c4ace35cdf7cd70221a c334c34db4e98bfe612cb4f7c7f0c2aa7b2e968ecbc17bcd151fa516f068b7a1 Loading...

	telegrom-aa.com/redirect.js	325 B	2023-07-27	2024-05-17
Pretty URL telegrom-aa.com/redirect.js IP 35.187.202.196 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32:34 Last Seen2024-05-17 20:45:16 Times Seen275 Hash 17773b57b87a678c98e26a7cac72df6c 7422857aa75ee81cabcec2eed6c4a6168f363ee1 375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f Loading...

	telegrom-aa.com/compatTest.js	2.2 kB	2024-02-24	2024-05-17
Pretty URL telegrom-aa.com/compatTest.js IP 35.187.202.196 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:46:30 Last Seen2024-05-17 20:45:16 Times Seen37 Hash b328e15f89116105372eddac365cb6f2 da1979ab60b891ec53dd318be90a09a83124bd87 22c6b05f0b138dddb5711fdb998be90abf8093e271085bda6448bd6bc72c95d2 Loading...

HTTP Transactions (32)

URL IP Response Size

telegrom-aa.com/redirect.js

35.187.202.196

200 OK

325 B

URL GET HTTP/2
telegrom-aa.com/redirect.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
ASCII text
Size
325 B (325 bytes)
Hash
17773b57b87a678c98e26a7cac72df6c
7422857aa75ee81cabcec2eed6c4a6168f363ee1
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /redirect.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:35 GMT
content-type: application/javascript
content-length: 325
last-modified: Fri, 26 Apr 2024 13:17:24 GMT
etag: "662ba964-145"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-aa.com/index.html

35.187.202.196

200 OK

5.1 kB

URL User Request GET HTTP/2
telegrom-aa.com/index.html
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
gzip compressed data, from Unix
Size
5.1 kB (5120 bytes)
Hash
b41b6e82c167bd3bbf8d9deb3d86a2ed
5b7d0c35e5b9b9210e5f65d5e1edb8bb28075d28
ff19f32a6f3105233fb58291ff992f108adb017e0c40dad6065cb59dc7638f18

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /index.html HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:34 GMT
content-type: text/html
last-modified: Fri, 26 Apr 2024 13:17:20 GMT
vary: Accept-Encoding
etag: W/"662ba960-c05"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

35.187.202.196

200 OK

11 kB

URL GET HTTP/2
telegrom-aa.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/main.d18ca2f45f759d388cc8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: font/woff2
content-length: 11016
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
etag: "6624a040-2b08"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

t.me/_websync_?authed=0&version=10.9.3+A

149.154.167.99

24 B

URL GET
t.me/_websync_?authed=0&version=10.9.3+A
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerGoDaddy.com, Inc.
Subject*.t.me
FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16
ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /_websync_?authed=0&version=10.9.3+A HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 08 May 2024 04:45:36 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

telegram.me/_websync_?authed=0&version=10.9.3+A

149.154.167.99

24 B

URL GET
telegram.me/_websync_?authed=0&version=10.9.3+A
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.me
FingerprintCA:AA:65:FE:33:CD:9C:CC:BB:2D:14:C7:05:66:C5:F7:7C:8D:63:2E
ValidityWed, 20 Sep 2023 01:49:33 GMT - Mon, 21 Oct 2024 01:49:33 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /_websync_?authed=0&version=10.9.3+A HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 08 May 2024 04:45:36 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

telegrom-aa.com/chat-bg-br.f34cc96fbfb048812820.png

35.187.202.196

200 OK

1.9 kB

URL GET HTTP/2
telegrom-aa.com/chat-bg-br.f34cc96fbfb048812820.png
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced
Size
1.9 kB (1920 bytes)
Hash
ff2989744d4813c906047582226abd28
41b973276f7a99af05115b89b401aceb02f573c8
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/main.d18ca2f45f759d388cc8.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: image/png
content-length: 1920
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
etag: "6624a040-780"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-aa.com/telegram-logo.1b2bb5b107f046ea9325.svg

35.187.202.196

200 OK

932 B

URL GET HTTP/2
telegrom-aa.com/telegram-logo.1b2bb5b107f046ea9325.svg
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
SVG Scalable Vector Graphics image
Size
932 B (932 bytes)
Hash
67edaaf1408d2278db9f10fbc5690ada
5cf2b6ba80881a1a8d48963a094d0d410022932a
ade1ddec66f6e98e30d8a56b01e7dd9d2c84a8f4dac51bc88d2ab5bc6e5d1a62

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /telegram-logo.1b2bb5b107f046ea9325.svg HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/main.d18ca2f45f759d388cc8.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: image/svg+xml
content-length: 932
last-modified: Sun, 21 Apr 2024 05:12:33 GMT
etag: "6624a041-3a4"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-aa.com/chat-bg-pattern-light.ee148af944f6580293ae.png

35.187.202.196

200 OK

273 kB

URL GET HTTP/2
telegrom-aa.com/chat-bg-pattern-light.ee148af944f6580293ae.png
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
PNG image data, 1123 x 2307, 4-bit colormap, non-interlaced
Size
273 kB (272875 bytes)
Hash
3d558d8de7082a2b2355076c8988c3fd
d74980e29b0ec2f102b0dcd614503fd42a255b85
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/main.d18ca2f45f759d388cc8.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: image/png
content-length: 272875
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
etag: "6624a040-429eb"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-aa.com/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2

35.187.202.196

200 OK

11 kB

URL GET HTTP/2
telegrom-aa.com/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/main.d18ca2f45f759d388cc8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: font/woff2
content-length: 11056
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
etag: "6624a040-2b30"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-aa.com/notification.mp3

35.187.202.196

206 Partial Content

11 kB

URL GET HTTP/2
telegrom-aa.com/notification.mp3
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
Size
11 kB (10880 bytes)
Hash
eba09b6a457792c52fc610b5f9f974b3
95e6e0f7648e28ea21bc434054ea59aba3a35aea
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /notification.mp3 HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: audio/mpeg
content-length: 10880
last-modified: Fri, 26 Apr 2024 13:17:24 GMT
etag: "662ba964-2a80"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-range: bytes 0-10879/10880
X-Firefox-Spdy: h2

telegrom-aa.com/icon-192x192.png

35.187.202.196

200 OK

3.1 kB

URL GET HTTP/2
telegrom-aa.com/icon-192x192.png
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Size
3.1 kB (3059 bytes)
Hash
1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /icon-192x192.png HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:37 GMT
content-type: image/png
content-length: 3059
last-modified: Fri, 26 Apr 2024 13:17:24 GMT
etag: "662ba964-bf3"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-aa.com/favicon.svg

35.187.202.196

200 OK

892 B

URL GET HTTP/2
telegrom-aa.com/favicon.svg
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
SVG Scalable Vector Graphics image
Size
892 B (892 bytes)
Hash
d9ee2d4b0edd9f8ba2fb7242162c2c47
398522893cf2cdefb5176f11bc67eab31c2d7382
a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /favicon.svg HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:37 GMT
content-type: image/svg+xml
content-length: 892
last-modified: Fri, 26 Apr 2024 13:17:24 GMT
etag: "662ba964-37c"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-aa.com/5802.36a9971f58c808c4a974.js

35.187.202.196

200 OK

112 kB

URL GET HTTP/2
telegrom-aa.com/5802.36a9971f58c808c4a974.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27305)
Size
112 kB (112262 bytes)
Hash
68bab7778fe98fe6571621dc2245bf40
6d8ed5604e081436583002ed9cddc9450caed858
9351c6cc94ae0b318ac8663e3f7030235850f674c1899aac94574cfaf575fc0d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:37 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-541b"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/4680.ada59101339a3bbf9b7d.js

35.187.202.196

200 OK

367 kB

URL GET HTTP/2
telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
gzip compressed data, from Unix
Size
367 kB (366733 bytes)
Hash
6e45d8b89683dd902c03a3474f5f9828
267d1500dc5e0fa59eb50ec248b4e33810dc521f
bb8c7b28fad9a4c882e9d6a37249950d09614dba6d9f046365a7234b41419307

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /4680.ada59101339a3bbf9b7d.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:39 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 13:17:20 GMT
vary: Accept-Encoding
etag: W/"662ba960-2828"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/2041.5fe028b52e13d7a937b4.js

35.187.202.196

200 OK

140 kB

URL GET HTTP/2
telegrom-aa.com/2041.5fe028b52e13d7a937b4.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-223ca"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/2041.5fe028b52e13d7a937b4.js

35.187.202.196

200 OK

140 kB

URL GET HTTP/2
telegrom-aa.com/2041.5fe028b52e13d7a937b4.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-223ca"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

35.187.202.196

200 OK

66 kB

URL GET HTTP/2
telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:33 GMT
vary: Accept-Encoding
etag: W/"6624a041-1005e"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/8764.58763b7a689318950e51.js

35.187.202.196

200 OK

27 kB

URL GET HTTP/2
telegrom-aa.com/8764.58763b7a689318950e51.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (27305)
Size
27 kB (27442 bytes)
Hash
0198d988a3400c6f4abdcd15352e954d
27b573f135096fc85ce78ddd2dae6071de71bcd5
b38c94050169465563c915a3ca347af2cbf5cb981995a5bc3bc88b5cfe017ba9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /8764.58763b7a689318950e51.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:37 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-6b32"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/1649.23ef32650e96d33d6586.js

35.187.202.196

200 OK

45 kB

URL GET HTTP/2
telegrom-aa.com/1649.23ef32650e96d33d6586.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (44841)
Size
45 kB (44895 bytes)
Hash
d185f3823bb419e0227eb45b85facdca
b50068ba63e52fd9d71dbfa7cb42fe82a6f4af16
fbcc1367611f1d387d2b7340f92b66b4a0a5311742ec3d806d848692b98e78c9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /1649.23ef32650e96d33d6586.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:37 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-af5f"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/3748.5272039f5f8250321d3c.js

35.187.202.196

200 OK

9.8 kB

URL GET HTTP/2
telegrom-aa.com/3748.5272039f5f8250321d3c.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (9947), with no line terminators
Size
9.8 kB (9834 bytes)
Hash
55d7b71bb689959a883f0d78bccf2a9e
1f584429578811dcda9de9ae013fb2511a525add
a285d5f6e3956dbde80fa1e7d70ff951eb7fc8dfc03f706948b6bc0886479072

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /3748.5272039f5f8250321d3c.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:39 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-266a"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/main.d18ca2f45f759d388cc8.css

35.187.202.196

200 OK

110 kB

URL GET HTTP/2
telegrom-aa.com/main.d18ca2f45f759d388cc8.css
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type

Size
110 kB (109490 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /main.d18ca2f45f759d388cc8.css HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:35 GMT
content-type: text/css
last-modified: Sun, 21 Apr 2024 05:12:33 GMT
vary: Accept-Encoding
etag: W/"6624a041-1abb2"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/1637.4e152ba1442aa7b8ddcc.js

35.187.202.196

200 OK

306 kB

URL GET HTTP/2
telegrom-aa.com/1637.4e152ba1442aa7b8ddcc.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type

Size
306 kB (305661 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /1637.4e152ba1442aa7b8ddcc.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:37 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 16:12:27 GMT
vary: Accept-Encoding
etag: W/"662a80eb-4a9fd"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

zws2.web.telegram.org/apiws

149.154.167.99

101 Switching Protocols

0 B

URL GET HTTP/1.1
zws2.web.telegram.org/apiws
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-aa.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Fb9l9spnJWBhm2u6YgPKIA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 08 May 2024 04:45:38 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3kRp2WGnSPvrqGahmeH4THh13nc=
Sec-WebSocket-Protocol: binary

telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

35.187.202.196

200 OK

66 kB

URL GET HTTP/2
telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:33 GMT
vary: Accept-Encoding
etag: W/"6624a041-1005e"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/2704.b5b88dc0595bf28f328d.js

35.187.202.196

200 OK

256 kB

URL GET HTTP/2
telegrom-aa.com/2704.b5b88dc0595bf28f328d.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type

Size
256 kB (255651 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2704.b5b88dc0595bf28f328d.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 13:17:20 GMT
vary: Accept-Encoding
etag: W/"662ba960-3e6a3"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/compatTest.js

35.187.202.196

200 OK

2.2 kB

URL GET HTTP/2
telegrom-aa.com/compatTest.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (2307), with no line terminators
Size
2.2 kB (2245 bytes)
Hash
b792e6991f514bc5008dcd7f2e42963b
81c34ba1b4d273df45b0a5980c8d7c677e63ba31
7ba328c8eb841cc060c30835a2c4bc2cbd08a35c8377df7bae6722d12d1f3307

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /compatTest.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:35 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 13:17:24 GMT
vary: Accept-Encoding
etag: W/"662ba964-8c5"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

35.187.202.196

200 OK

66 kB

URL GET HTTP/2
telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:33 GMT
vary: Accept-Encoding
etag: W/"6624a041-1005e"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

35.187.202.196

200 OK

66 kB

URL GET HTTP/2
telegrom-aa.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:33 GMT
vary: Accept-Encoding
etag: W/"6624a041-1005e"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/2041.5fe028b52e13d7a937b4.js

35.187.202.196

200 OK

140 kB

URL GET HTTP/2
telegrom-aa.com/2041.5fe028b52e13d7a937b4.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-223ca"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/main.aabebbf743db639f8932.js

35.187.202.196

200 OK

390 kB

URL GET HTTP/2
telegrom-aa.com/main.aabebbf743db639f8932.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type

Size
390 kB (389685 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /main.aabebbf743db639f8932.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:35 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 13:17:20 GMT
vary: Accept-Encoding
etag: W/"662ba960-5f235"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/1915.44f46b9209d4c21e2dae.js

35.187.202.196

200 OK

18 kB

URL GET HTTP/2
telegrom-aa.com/1915.44f46b9209d4c21e2dae.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/index.html
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type

Size
18 kB (18166 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /1915.44f46b9209d4c21e2dae.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:36 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-46f6"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-aa.com/2041.5fe028b52e13d7a937b4.js

35.187.202.196

200 OK

140 kB

URL GET HTTP/2
telegrom-aa.com/2041.5fe028b52e13d7a937b4.js
IP
35.187.202.196:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-aa.com
Fingerprint1C:8F:56:8F:90:2F:22:F7:BD:C1:07:14:B8:E6:97:77:7C:6B:32:75
ValiditySun, 28 Apr 2024 07:43:02 GMT - Sat, 27 Jul 2024 07:43:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: telegrom-aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-aa.com/4680.ada59101339a3bbf9b7d.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:45:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 05:12:32 GMT
vary: Accept-Encoding
etag: W/"6624a040-223ca"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (32)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2