Report - bruneihot.mt-me.com/

Report Overview

Submitted URL
bruneihot.mt-me.com/
IP
172.67.142.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-03-28 18:04:33
Access
public
Website Title
VIDEO VIRAL BRUNEI 18+
Final URL
bruneihot.mt-me.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bruneihot.mt-me.com	unknown	unknown	No data	No data	6.2 kB	147 kB	172.67.142.1
telegram.org	5408	2003-12-15	2013-12-18	2024-03-28	436 B	2.2 kB	149.154.167.99
encrypted-tbn0.gstatic.com	unknown	2008-02-11	2013-05-31	2024-03-28	492 B	31 kB	216.58.207.238

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram
2024-03-28	medium	bruneihot.mt-me.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	bruneihot.mt-me.com/	193 B	2023-03-07	2024-04-27
Pretty URL bruneihot.mt-me.com/ IP 172.67.142.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:31:07 Last Seen2024-04-27 13:18:54 Times Seen3314 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

	bruneihot.mt-me.com/file/js/tgwallpaper.mineccb.js	3.0 kB	2023-03-07	2024-04-27
Pretty URL bruneihot.mt-me.com/file/js/tgwallpaper.mineccb.js IP 172.67.142.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:07 Last Seen2024-04-27 13:18:54 Times Seen5090 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

	bruneihot.mt-me.com/	0 B	2023-03-07	2024-04-27
Pretty URL bruneihot.mt-me.com/ IP 172.67.142.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 16:23:44 Times Seen37123157 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (15)

URL IP Response Size

bruneihot.mt-me.com/file/css/telegram0116.css

172.67.142.1

200 OK

54 kB

URL GET HTTP/3
bruneihot.mt-me.com/file/css/telegram0116.css
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
ASCII text, with very long lines (1267)
Size
54 kB (53832 bytes)
Hash
b3fd0030266137eaa8da43673ac0ee92
a4b03dd5d1166e6d234955b89b7c0fdedb864118
b9efbe5d820d9076dd1611d0f1cad78fa323bd28ee95a48e6e6f8c366f04afb6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /file/css/telegram0116.css HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 18:04:09 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 04 Apr 2024 12:29:16 GMT
last-modified: Fri, 07 Jul 2023 16:03:18 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 20093
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OGzZOcBjzSyTfl1UCbmEE1cbqowyd6Za3JiYEe5zzHkDGNfST2Fbq6tJraPLUPfrG6Ttp7aIfViOB3wQJ2Y0b6yO%2FBc3AmytgBlvkdO8PL5pfestwOLMsPhUWP0xjGYbr68hI7Ln"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86b98a825eba0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/code.jquery.com/jquery-3.5.1.min.js

172.67.142.1

404 Not Found

8.3 kB

URL GET HTTP/3
bruneihot.mt-me.com/code.jquery.com/jquery-3.5.1.min.js
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
8.3 kB (8322 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /code.jquery.com/jquery-3.5.1.min.js HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 18:04:11 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1RIwv6Uo5hE%2BXVZ2vgxjWWme679E2uMIdVpDy%2B%2FF8Eg4r7IEBeTPQNKOkpMlsmRdpS%2FKMx%2FKVhujuKwgUp4hX%2FteBNQso8PPpFFLBHoG1pGOLVGpIn8KPiUx52YoaFMUlCVX5MXn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b98a824eb50b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

172.67.142.1

7.8 kB

URL
bruneihot.mt-me.com/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
172.67.142.1:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
data
Size
7.8 kB (7837 bytes)
Hash
638df0b5380be64b41d3ebf91d612f08
759353436d96ec03d91e3581888fba3b9b3db601
bb2d326334b74efdefd749952e872fa0e15d08833aa517d7f751fd6c7264d7c0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/file/css/font-robotoc4ca.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 18:04:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HFHqDRNd8kIC1gA33PMxBgwHSCnYqbM9s%2Fi%2BShffTFMeEgY8HhT1CCrQICRiWBE0kTlGWxxY7tQFshygRs%2BUza0zl%2BuxjTXtA2t4fkXllr53RyN8%2FSMmmEDAPD9hxpASQqrMcr7H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b98a8c9dea0b49-OSL
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/

172.67.142.1

200 OK

9.3 kB

URL User Request GET HTTP/2
bruneihot.mt-me.com/
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
HTML document, ASCII text, with very long lines (9667), with no line terminators
Size
9.3 kB (9276 bytes)
Hash
5bbd42d1886880d190643b97e5534ce0
92a5c890fe070d6b21d3b1b1f90b2d608628b3e8
5252085ea71c96b90b164b5668fdd83548e6ffed321f66ef8edc04755fb188eb

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 18:04:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fao4xqe7NCXpzbn3ElD7M%2Fkc9kZwSbRtsdFGNgBPpV%2F5eOXkMroW4FOAd%2FonQNPS8rydWbjMXY9hND9faDTspSCgc0jVwirrDoPZLSNmNodC0woF%2BVjHJsVVMTnAwJASGN9r9kUa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86b98a77fa325699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bruneihot.mt-me.com/file/css/bootstrap.mineccb.css

172.67.142.1

200 OK

42 kB

URL GET HTTP/3
bruneihot.mt-me.com/file/css/bootstrap.mineccb.css
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
ASCII text, with very long lines (42164)
Size
42 kB (42523 bytes)
Hash
c2656e265ef58a9cc9f4b70b15da5fb9
85c5ebdb89d4574d72688c2650d4b84b9b09770a
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /file/css/bootstrap.mineccb.css HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 18:04:09 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 04 Apr 2024 12:29:16 GMT
last-modified: Fri, 07 Jul 2023 16:03:08 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 20093
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6bbv6L6d8Re3lP3WK6QIk5lwRSVr23dYaKi2CCXPKNdYpkRutds2TD%2B1YSUXKI2MQZLbQIn1FYBeCKZuvyCBn9ermHanWfnp%2Fspqo0QHFkMcfW4u88q%2FpkBI%2BnlA3oWbNYHwK3im"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86b98a824eb80b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/file/css/font-robotoc4ca.css

172.67.142.1

200 OK

7.0 kB

URL GET HTTP/3
bruneihot.mt-me.com/file/css/font-robotoc4ca.css
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
ASCII text, with very long lines (7236), with no line terminators
Size
7.0 kB (7048 bytes)
Hash
cef6c02bdb4e9d76e2c12a06555de854
91b0cbd7539650d53d908785a074584c8e18a576
d408c8b4c89457754f4632707c1ec58b5c2f4c9970429b80f6efad5b7f6f7ea8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /file/css/font-robotoc4ca.css HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 18:04:09 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 04 Apr 2024 12:29:16 GMT
last-modified: Fri, 07 Jul 2023 16:03:10 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 20093
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VaSqmqJD5Y%2FdL38hRtJcYyqx9e%2BnqzRgOMJiaHAuLaMBGduOnSVSwMz465cRgBFv7dqpSzr8L22PHcFw%2BSd6JPirlhg3xQwhOLsgeAUbG1QiSNk9G%2FgRvmWEVEc0bZN9VHgeJPUb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86b98a824eb60b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/external.html?link=http://telegram.org/img/tgme/pattern.svg?1

172.67.142.1

404 Not Found

1.3 kB

URL GET HTTP/3
bruneihot.mt-me.com/external.html?link=http://telegram.org/img/tgme/pattern.svg?1
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
HTML document, ASCII text, with very long lines (1285), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
94f08a3a6562f7f079c4f5a67b7260e2
cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823
44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /external.html?link=http://telegram.org/img/tgme/pattern.svg?1 HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/file/css/telegram0116.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 18:04:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=su9oXIJU5%2FraUPrejyeU1L9EejsYxpqWAZbVrCLFOTXp924aNewnenHwQkVK3EEBeLhJ6RQBhjKCgBY%2FJ%2FsTRyOK8ZxAWKc8Nj%2BKzcEwceg2C0w%2B1lBVuGj2wRNTBxLM3MRkzuYA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b98a8c7dca0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

172.67.142.1

404 Not Found

1.3 kB

URL GET HTTP/3
bruneihot.mt-me.com/external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
HTML document, ASCII text, with very long lines (1285), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
94f08a3a6562f7f079c4f5a67b7260e2
cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823
44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/file/css/font-robotoc4ca.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 18:04:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9GuIZxiBlB0keXYU3TpKxtNDVNR6nvuLuRdd%2FiGQWNwmSsFMJdWUYx0u8PTW1f7eZim%2BTBfkQ2xrkUOss9mvfoXcB3wujL5X8ZjqH2AVoU96MHa1QmjGdvozR67kXsmpqHDMGv90"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b98a8c9de90b49-OSL
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

172.67.142.1

404 Not Found

1.3 kB

URL GET HTTP/3
bruneihot.mt-me.com/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
HTML document, ASCII text, with very long lines (1285), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
94f08a3a6562f7f079c4f5a67b7260e2
cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823
44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/file/css/font-robotoc4ca.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 18:04:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HFHqDRNd8kIC1gA33PMxBgwHSCnYqbM9s%2Fi%2BShffTFMeEgY8HhT1CCrQICRiWBE0kTlGWxxY7tQFshygRs%2BUza0zl%2BuxjTXtA2t4fkXllr53RyN8%2FSMmmEDAPD9hxpASQqrMcr7H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b98a8c9dea0b49-OSL
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/file/img/apple-touch-icon.png

172.67.142.1

404 Not Found

1.3 kB

URL GET HTTP/3
bruneihot.mt-me.com/file/img/apple-touch-icon.png
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
HTML document, ASCII text, with very long lines (1285), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
94f08a3a6562f7f079c4f5a67b7260e2
cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823
44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /file/img/apple-touch-icon.png HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 18:04:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsYOJdTliwwW%2BG0E%2Fo3RJnuaSMlP4Iq%2FujWsv5406s8qLp6JF4u695CsmfvsJdFvwKkno4szGfVxfpEXJm1gLbJnwLCzkrxeoyK5fVcRIjmUhjpNmqn4pSm2cVwBovyyvWcaVGhW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b98a8e8f290b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

1.9 kB

URL GET HTTP/2
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1896 bytes)
Hash
5caca7ae1cffb3da0b06150a15020005
04cfb934f238d33209406393a3fbf78454815739
1ea747a06fbc240c2594a8c523cb248bbda4784f0fcad9d0f06334f1a378604f

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 28 Mar 2024 18:04:12 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Mon, 01 Apr 2024 18:04:12 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

bruneihot.mt-me.com/ast/css/main.html

172.67.142.1

404 Not Found

1.3 kB

URL GET HTTP/3
bruneihot.mt-me.com/ast/css/main.html
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
HTML document, ASCII text, with very long lines (1285), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
94f08a3a6562f7f079c4f5a67b7260e2
cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823
44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /ast/css/main.html HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 18:04:10 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3adRyAC2yZyJefa1%2Bsi%2BTRRx6rlNhxjqQ1DgZNoU4%2F6ckpSgPnjg4FmmF58tDeOHUomqG8oAYIXD%2BIgbKN%2Bavuh7d8aC6WNhrtPYbgJyVp2ckepMIEYdVzJ86O9kkmpDphoNtOxs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86b98a824eb30b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/file/css/watermark.css

172.67.142.1

200 OK

104 B

URL GET HTTP/3
bruneihot.mt-me.com/file/css/watermark.css
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
ASCII text, with no line terminators
Size
104 B (104 bytes)
Hash
67874335471aa420e1656b72fe759a06
2ea83f40d873934064b86f48664eb0c05b31244f
1067b485ad7b76ed9339332cd5e7f5b922e0a210dc390d38a272598889cd2c72

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /file/css/watermark.css HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 18:04:09 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 04 Apr 2024 12:29:16 GMT
last-modified: Sun, 16 Jul 2023 01:33:21 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 20093
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ap39m%2FhGLBz7k5gWXozgg5KuwiAJpcZ%2Fss%2Fp0notdIiuoeffRCuYq7mG9TQJVPxmQuH7WP9LNoELhaXoqwOXv6l%2FMzatnys62x0Kme%2BZpG3ZpNXGCskcVZISZBDtBH%2FQC9CW%2FG3%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b98a825ebe0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bruneihot.mt-me.com/file/js/tgwallpaper.mineccb.js

172.67.142.1

200 OK

3.0 kB

URL GET HTTP/3
bruneihot.mt-me.com/file/js/tgwallpaper.mineccb.js
IP
172.67.142.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmt-me.com
Fingerprint38:E2:18:E1:3D:FE:C3:C8:89:D1:B0:0B:1C:90:5C:2A:61:DF:C8:3C
ValidityThu, 14 Mar 2024 04:51:46 GMT - Wed, 12 Jun 2024 04:51:45 GMT

File type
ASCII text, with very long lines (2998), with no line terminators
Size
3.0 kB (2979 bytes)
Hash
f03422dc797fd26a3834b1ec041128ed
a6e88f4fe48b749c2b7360e8e004f64b6cfffb1a
046ec6b7909d0ca5cc6ef271a1b57b2f2be0bd88e3495fd8c496f1524e8ffaac

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /file/js/tgwallpaper.mineccb.js HTTP/1.1
Host: bruneihot.mt-me.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 18:04:11 GMT
content-type: text/javascript
last-modified: Fri, 07 Jul 2023 16:02:50 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WBCPqyT8904pEr4AfaNnMK5QkiyzprFqiBEzAIMduFcaz6U9AkYFMpZWD3Em33NyPBhbtN5J4mMvAyEugJsCdlcEYfVF%2Fzegj1Et%2FAi3xyRoX21IDZMtKUHEU%2Find26GpZZ5fzEB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86b98a825ebc0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSm309nqAC9lAu_6qwv-Hnjrxt45Vj3UgK9hg&usqp=CAU

216.58.207.238

200 OK

30 kB

URL GET HTTP/2
encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSm309nqAC9lAu_6qwv-Hnjrxt45Vj3UgK9hg&usqp=CAU
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
https://bruneihot.mt-me.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 495x619, components 3
Size
30 kB (30307 bytes)
Hash
b9d75af74ba81de8625308f6e2e9b30c
a9d014590252a8c7c34f3f0eed380dc1c1fc8d17
10e8696929ed611e9a685fb0348000f2d0a9377b94fbe21d632ad25dcf97ba16

HTTP Headers

GET /images?q=tbn:ANd9GcSm309nqAC9lAu_6qwv-Hnjrxt45Vj3UgK9hg&usqp=CAU HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bruneihot.mt-me.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 30307
date: Thu, 28 Mar 2024 18:04:12 GMT
expires: Fri, 28 Mar 2025 18:04:12 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 24 Dec 2021 22:15:27 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN