| | 104.21.64.6 | 200 OK | 13 kB |
URL User Request GET HTTP/2IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeHTML document, ASCII text, with very long lines (1757) Hash4a61d6110b83a46c768c746701ecd05b bad8abdcda2e98cddd470c79a3f146afe8873699 72f97be78bbf79130737e066ec6cab2dfd32c9489ad56a07d37d9c514c3e9f14
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:01:14 GMT
content-type: text/html
last-modified: Fri, 05 Apr 2024 01:07:18 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UVE85r0Kiei%2BR8tDnz6OE9YPCjYOjOUCkIfmvXIE1Ow1hrnZchut6hGdtH0nE7NcCDt9lm19ck6PXHAAeoJ9R%2F4Qp6cE768ziTFRNsWAxdnKNVywF18a3mLRWwMgw3Lao84%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4cf685956a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| telegrom-zc.com/crypto.worker-CfCshcpI.js | 104.21.64.6 | 200 OK | 25 kB |
URL GET HTTP/3telegrom-zc.com/crypto.worker-CfCshcpI.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash0efdde008dca467f870e5a41e96006d5 ebadf267c3d3eb15b3ef6d7d0a07dec87b95d0f5 db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /crypto.worker-CfCshcpI.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:16 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10d02"
expires: Fri, 26 Apr 2024 00:15:46 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 17130
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPnsKUk3QmubzZO1qFZxAUUFD1f0PemQYyZ3B6kkA8qPLXlt9t0ygTWaTZ06GIaRrTJ%2Frye0KocdemnclV7YeJRsxx%2B7yTrDsawRPkHByD%2BcaA%2Fs0xlsPjshSd4sLuz5PE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4df0a7bb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/login.js | 104.21.64.6 | 200 OK | 1.6 kB |
IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash398bff249884b24556227cdfce5e17c8 f78c5034909456eb6e8ee84f51f3ffe996b597c0 6473c3e2474e4642f9f5c6b932db6b21d43758188b693fe8e2359f117d5f1b41
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /login.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:15 GMT
content-type: application/javascript
last-modified: Fri, 05 Apr 2024 01:04:18 GMT
vary: Accept-Encoding
etag: W/"660f4e12-122b"
expires: Fri, 26 Apr 2024 05:01:15 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cYDhk0zxcEd3fg9Uz%2FCBrMc6MCEWFsvrOeBV%2Fk1%2FYMXsz6p9PHY2jkCCaWmgf%2BOoGmjMZkvfW4Wi3FyR318zlFWhehPKBlL%2B6vcg5Jv7n4DIN%2B5M1ywG2cMSBB4pt%2BGy3NY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4d4eac3b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/index-zu6iQa6e.js | 104.21.64.6 | 200 OK | 59 kB |
URL GET HTTP/3telegrom-zc.com/index-zu6iQa6e.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (62777) Hashf50da1b030a791cee103899815ff958a 0985034c990409c0ec2f5f44d41adbf510eb709a 95da12467f4a2b799546b83f27f8f845c393343ba58cf3c9a9e635a02a3a82e7
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /index-zu6iQa6e.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:15 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-20df7"
expires: Fri, 26 Apr 2024 05:01:14 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I1lVyz0MC5Lk1neEA61dOXlN%2B7c0Yql0Zu95L%2BSSBOv7r%2BaUeI3AicxjQ7EJAZOf7iELCTHgBKZhP37dlD6RGpCtWuoGfUC2SG451DxvW4aoY9y6OrzOzbh3hD4qWsnlcpg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4d4eac2b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry | 104.21.64.6 | 200 OK | 1.0 kB |
URL GET HTTP/3telegrom-zc.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: image/png
content-length: 1012
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-3f4"
expires: Sat, 25 May 2024 17:01:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQWe8GARmF0BSrFw%2BLFO2ejaDDhFuD7B7Pg0qoZ90hHcHf50%2F5fBZhhAkKdV5h%2Bm48K5ROj1DNbOAwvkcONc6JjG3zJ1w90kCUUndB%2F3vZLx4UZVL3nS%2BJHgaM4SXpkayVY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4e1ccd1b52d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 104.21.64.6 | 200 OK | 9.0 kB |
URL GET HTTP/3telegrom-zc.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: image/png
content-length: 9024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2340"
expires: Sat, 25 May 2024 17:01:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UClNjNVkaGvRCiNm7676nZ0XwdkrRWD02qFCe%2BTWnPJwHD%2BN1s2xuUnSv1qJefvDOQ%2BxTsNXLBQNb%2BozaB2jU6ntmcQgA16QuKTlYnbX%2BzNoeeMRv5SJbGfgkroto7N4gwM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4e1cccfb52d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/pageSignQR-BuEZqNkj.js | 104.21.64.6 | 200 OK | 2.8 kB |
URL GET HTTP/3telegrom-zc.com/pageSignQR-BuEZqNkj.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeJava source, ASCII text, with very long lines (5017) Hashc1216adcb6764e759cd5998ef61b0a5c 5ea307b65b6c15b15b061016c0950a9d842aeff7 11f97697956f29406c3ce66d8d6d67e357e7620a4592f1c9a4d4f6a60deab89f
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-BuEZqNkj.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1630"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hKntj0ux%2Bwwoioz9aHsFPm0f4yLKk9sMOBsQBH3P2w22nnFspIXilyx8U%2BcJiOBKJVk9y1seCPQ2zX%2Fy8ZX8mc%2F47h9hhUGOGoeJc7K7TULbSZ6kEyE4VvalngxkkjYf5aw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4e42f02b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-zc.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ASxkpHDMqDkfLVJEAupG6A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 17:01:17 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Mx2aAM8Dz5BJsC3u7Dja8qmTtRU=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-zc.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ju1LpipkY/5dkljE4pwQWg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 17:01:18 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sT/e6/VOimOXklU/NElUoj77xH0=
Sec-WebSocket-Protocol: binary
|
|
| telegrom-zc.com/textToSvgURL-Cnw_Q8Rw.js | 104.21.64.6 | 200 OK | 12 kB |
URL GET HTTP/3telegrom-zc.com/textToSvgURL-Cnw_Q8Rw.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (306) Hash3f6402acb182a218e34ebe26b03fcd23 2601dfbce5087a38142e34596e5b094c7760dc80 88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-165"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQXslfaSvCRkQAnMjzQiJKvKrlCNvd0qQCSsVFwE80cndIrSgmdLgcQZyYDbJ4%2FXqMcBatW4G17%2Fy0T37gvhDrSj6Dt9CyJBOgSSftVGd7NGV%2FdkvrOAIuLXhfKPcmgfjRA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4e42efeb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/lang-CQhMF3zZ.js | 104.21.64.6 | 200 OK | 45 kB |
URL GET HTTP/3telegrom-zc.com/lang-CQhMF3zZ.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeUnicode text, UTF-8 text, with very long lines (14604) Hash202f3aa9967436024f13078cdc6e7bf3 ec2f96fd70174080f758a5f8cdc28c2dcf2c0b31 dd12733aeb807f4e3e15388ca87e049d50b4dc006e5cb6b8d75edc981c4a387d
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /lang-CQhMF3zZ.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:16 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1d820"
expires: Fri, 26 Apr 2024 05:01:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYqdnHN%2BJxiXfBhqWlC8UwBad2S1fRcqaRqIXUarbp9Iv%2FiiyUpcPg4xpg9%2FngZH%2B0FFxd5yRCl9A5MTwUo9pcEI5Vm7qfqYdq88YoLNgITVITKKMgh1xs%2F191ccox5PyyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4df4abcb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 104.21.64.6 | 200 OK | 11 kB |
URL GET HTTP/3telegrom-zc.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/index-BOAMyYaq.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:19 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b30"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGJz49XuJrkWrauAzIDpUe7uNf3sIQ3DrthsmQvvjmJvVIbvpMNNqpR%2FQQyv5S1%2BUhWiKghvhIuRSIX%2FGBOuVbaz9ulZv4w7TBwW1uHEVFn%2BXlLrf5J3eSmCObTcv3PIz1A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4f1da0eb52d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/countries-CzeCvYH8.js | 104.21.64.6 | 200 OK | 24 kB |
URL GET HTTP/3telegrom-zc.com/countries-CzeCvYH8.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /countries-CzeCvYH8.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:16 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-5e21"
expires: Fri, 26 Apr 2024 05:01:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xGoiLJN7ShJCpeSZoQ6u7yYQY4MoWs2VqK8Ff21lHj9nekmpTYY65oVgPg0HJ3VeRpIHpgKNrtxImd4I%2FkgiYak0f9VGUIwuERvccpqrHy2amHB9r%2FY3XnIbOalXe5rjp4A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4df4ac5b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/qr-code-styling-BqER1AUU.js | 104.21.64.6 | 200 OK | 66 kB |
URL GET HTTP/3telegrom-zc.com/qr-code-styling-BqER1AUU.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:18 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Fri, 26 Apr 2024 05:01:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k85GahKwOZQEyLUpr3s1YfG5LKdokK8O113HBPwcZM8LjkTW1lGkD1HGNX6gRPeM5Bzl%2FWlxHqww5fC8CUwTh%2FlPQNtA3mZhaW2Poqcr4UO4uBz3IW0oDt68jGYr3TDaWYQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4eaec7db52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 104.21.64.6 | 200 OK | 11 kB |
URL GET HTTP/3telegrom-zc.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/index-BOAMyYaq.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:16 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b08"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ep%2FwlF11uBqQOujC%2BMihtwh5KIFHVMrdnHvTvCHrpTj1gMEZ%2B3%2BIAnwkIq9OoP6sNz4PbgKdUj86clJEgXLvFSqyoP5Td8zXtmiQzPUcY%2BV%2B0LSaFoI%2FLrSg7pKJh5%2Bd3t4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4defa71b52d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/button-B3xQoZLZ.js | 104.21.64.6 | 200 OK | 8.8 kB |
URL GET HTTP/3telegrom-zc.com/button-B3xQoZLZ.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hashc1077e650e70abb26ed92cf8782b6a67 c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJulhFz5tbbC1MwNL5%2BSnR9TExHtCjK28GmDPye2NIuDGf2qKvZHndFjIzj3TTR%2Bj5uGO2exIUG%2Fa3TJwWudciRo%2BdMQHhCnRiV18wzDElL4UuwmcRkV37wnnUzwfpe4BC0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4e41ee9b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/_commonjsHelpers-Cpj98o6Y.js | 104.21.64.6 | 200 OK | 290 B |
URL GET HTTP/3telegrom-zc.com/_commonjsHelpers-Cpj98o6Y.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash2f62150f51e1c96c4a1f8fa5d6c72c2a d9529066ad04e0b66323fa0e7f12133bbc6940a4 e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:18 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-122"
expires: Fri, 26 Apr 2024 05:01:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UW6opPQRSfZtj%2BeJyEJjF1e9K8yO3fJSUF%2FIEv%2F0usfAm6%2BjnI1bna0WPJfWwC6yYY6o3dWK6Ybhzthz7bja3F0pjyDYpK%2BnEe5nJZOZFt6TLjtgU9Ml0LurtibEWbVO9Qw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4eaec80b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/index-BOAMyYaq.css | 104.21.64.6 | 200 OK | 512 kB |
URL GET HTTP/3telegrom-zc.com/index-BOAMyYaq.css IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
Size512 kB (512428 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /index-BOAMyYaq.css HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:15 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 04:25:17 GMT
vary: Accept-Encoding
etag: W/"660642ad-7d1ac"
expires: Fri, 26 Apr 2024 05:01:15 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gnh0v%2BrU6agKbK4%2BxbpeC0rCJlHEKQPoiJAZfstPRBtlxav6wWcYZOAI6JftRFQsmHIq5sI%2Bx1ljw7g%2FVMbaSq0ZjSSYBSaM5VfDP5Y%2Fg%2FAg32Wi1OMJ%2FXK4ZD6YxE3N0Jc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4d4eac4b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/page-g1hbv_Nl.js | 104.21.64.6 | 200 OK | 10 kB |
URL GET HTTP/3telegrom-zc.com/page-g1hbv_Nl.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (10306) Hashd440faca4d406ba2c6b1d5a02e0c2300 5b6d6948eb17a1d8901f9c0ceb4618c3a722f373 00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /page-g1hbv_Nl.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-286d"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5YT1u28PKM9VPrctBd2BjBNCAjaw%2BUVFxbB%2BS%2FNb%2F1HbxrwRw2shnP9eLzZcYXuSOWCeIVdmpwI9GCQDw%2BkCiIWg%2F%2BZW48fAYSdAsAOAhAhyH1cQO%2F08wDv4pg8P0wrNRA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4e41ee6b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/putPreloader-B4MN6Snw.js | 104.21.64.6 | 200 OK | 699 B |
URL GET HTTP/3telegrom-zc.com/putPreloader-B4MN6Snw.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash7bd6d90b050585f83f816a092429a8cb f08c4031eb56b8c0f16906fb09e217a3e0bbb424 7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xx4k6eEK66z6zaAo68SASnpq%2F2SrE5dixB%2B8ODAV49vGNfj%2B%2BLoRuHqFymdnlf5HS5jnmQg6tFh975xjyLQx%2FjK1pjuSmd59fKxiB69H%2F6JYqAFmcz%2FJ0pRFjDne4h0NgqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4e42efbb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/button-B3xQoZLZ.js | 104.21.64.6 | 200 OK | 8.8 kB |
URL GET HTTP/3telegrom-zc.com/button-B3xQoZLZ.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hashc1077e650e70abb26ed92cf8782b6a67 c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6jGhJCroPLvdRijepd2icgErqx4Z8XNe5679GGZTeDRa1BoAQpSyBOo%2F8%2BJTBTBL90IvAjv4NF5UsEySNHRa6KZqDPhXFaftSHWUec0ZiQ%2FziBz3ItVN7APiJPGl9FSUAM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4eacc4db52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/_commonjsHelpers-Cpj98o6Y.js | 104.21.64.6 | 200 OK | 290 B |
URL GET HTTP/3telegrom-zc.com/_commonjsHelpers-Cpj98o6Y.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash2f62150f51e1c96c4a1f8fa5d6c72c2a d9529066ad04e0b66323fa0e7f12133bbc6940a4 e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/qr-code-styling-BqER1AUU.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:18 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-122"
expires: Fri, 26 Apr 2024 05:01:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BkKIW5eeQ%2BKcVjdaDUjeSAZIZRJjCuwklmy184KpP42AgmpgPYbbq7NyBhintUPosW0BfMJAlhlKV4wEkXi%2BUxlvUhnq9SxJkmNaSyJ%2BJXluVEyLz19f%2BXN7qYors5hBxH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4f1b9feb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/page-g1hbv_Nl.js | 104.21.64.6 | 200 OK | 10 kB |
URL GET HTTP/3telegrom-zc.com/page-g1hbv_Nl.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (10306) Hashd440faca4d406ba2c6b1d5a02e0c2300 5b6d6948eb17a1d8901f9c0ceb4618c3a722f373 00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /page-g1hbv_Nl.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-286d"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4EmU5aQJKJ2EUeBEkyKdTYsaeLYllV%2F%2BBgiaJEyaToomv9wrQBSq3ZtKCPC9cLXib5tC7lHtd%2BlvalCD35e3qk4oMJZ9qh9Met3vxpQc0N9dhGzm8frrmbSpi7w2yrg5Xoc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4eacc4cb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/qr-code-styling-BqER1AUU.js | 104.21.64.6 | 200 OK | 66 kB |
URL GET HTTP/3telegrom-zc.com/qr-code-styling-BqER1AUU.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:18 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Fri, 26 Apr 2024 05:01:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E6oeyeOlArLtIS2SHkP6vHTvbCOAmCop%2Fax%2F%2FI0DWHMwHJeymHcmPlKFolz7tbz6zGUcnpNySdfxg17byEKuPJdxps5XN9H72INNGsJ8EwvGQ3NjZ7LOtX%2B6BegsunQlYxQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4eafc85b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/langSign-CN-ja8rh.js | 104.21.64.6 | 200 OK | 1.8 kB |
URL GET HTTP/3telegrom-zc.com/langSign-CN-ja8rh.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (1930), with no line terminators Hash3eb4b75460039dd8bb5a35a881d65086 c976473a33457220fadca83956b846ec3da6423d d6a82edc505002cfe31c9cc06788cb0b3ea1c5c3fb93bfaef6d9fa6f1f69bee5
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /langSign-CN-ja8rh.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:16 GMT
content-type: application/javascript
last-modified: Fri, 05 Apr 2024 08:07:57 GMT
vary: Accept-Encoding
etag: W/"660fb15d-6d9"
expires: Fri, 26 Apr 2024 05:01:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hz2YONSyI2qCCDCRJBO9cC%2BH%2FNCkaawpiS%2FfB%2F437%2BXG1orCfUVywS9CsezziChFxv0r0ldwo6OzuxnS57kGgP5s1RFDu0wmZigKwBWh%2FIJay5OmsH2C6%2FPuqSIvUHoLP4E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879fe4df4ac1b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/putPreloader-B4MN6Snw.js | 104.21.64.6 | 200 OK | 699 B |
URL GET HTTP/3telegrom-zc.com/putPreloader-B4MN6Snw.js IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash7bd6d90b050585f83f816a092429a8cb f08c4031eb56b8c0f16906fb09e217a3e0bbb424 7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Fri, 26 Apr 2024 05:01:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Soj5uGqdA0rQEPAtU56ClyWem8VBZqqhVmwO2NdxVVN%2BVCYO3dGh9JIgLL%2BKlMtavVHzcAQZ7klKQYJeMOAI9pAiT4Lxnogju1%2B9wZD1ywKfXL9BFcXg%2FROdFEgzOZQ8Wyc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4eacc4fb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-zc.com/assets/img/logo_padded.svg | 104.21.64.6 | 200 OK | 1.1 kB |
URL GET HTTP/3telegrom-zc.com/assets/img/logo_padded.svg IP104.21.64.6:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-zc.com FingerprintB1:BE:F5:24:BF:BF:46:0B:6B:78:98:E7:18:E7:E6:61:25:B3:52:20 ValidityMon, 08 Apr 2024 11:52:41 GMT - Sun, 07 Jul 2024 11:52:40 GMT
File typeSVG Scalable Vector Graphics image Hash4c0b48654a4881c325148a5e00964160 d7d21756c9dd4c1bf4d97087811745aad60506a0 7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/logo_padded.svg HTTP/1.1
Host: telegrom-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:01:20 GMT
content-type: image/svg+xml
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: W/"66059e32-42d"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gs4%2B2A4rORODgo7ClVnPy14jzZcWCW89dEqFYQL3qyxQmAdPLM82a8l6vjPgZdUk6QE25Ig2LRRSbLUvw%2BCFIm69Dh1hmxdREYu5YqbE8k1kNX8Ph9HWPN3B7qLFkBjbc6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fe4f50cb4b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|