Report - telegrambaxx.pages.dev/

Report Overview

Submitted URL
telegrambaxx.pages.dev/
IP
172.66.44.128
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 19:01:31
Access
public
Website Title
Telegram Web
Final URL
telegrambaxx.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
120

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
venus.web.telegram.org	47739	2003-12-15	2017-01-29	2024-04-18	431 B	521 B	149.154.167.99
telegrambaxx.pages.dev	unknown	unknown	No data	No data	9.1 kB	756 kB	172.66.47.128
kws2.web.telegram.org	49675	2003-12-15	2021-06-23	2024-04-17	1.7 kB	654 B	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram
2024-04-18	medium	telegrambaxx.pages.dev/	Telegram

PhishTank

Scan Date	Severity	Indicator	Alert
2024-03-01	medium	telegrambaxx.pages.dev/crypto.worker-b2b2021e.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry	Other
2024-03-01	medium	telegrambaxx.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry	Other
2024-03-01	medium	telegrambaxx.pages.dev/pageSignQR-3ec2680d.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/button-a9a2d121.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/page-e73ef7e4.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2	Other
2024-03-01	medium	telegrambaxx.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2	Other
2024-03-01	medium	telegrambaxx.pages.dev/putPreloader-339e0b30.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/index-257913ec.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/lang-5a385cdb.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/assets/img/logo_padded.svg	Other
2024-03-01	medium	telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/qr-code-styling-c40cd486.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/	Other
2024-03-01	medium	telegrambaxx.pages.dev/index-70fb3a96.css	Other
2024-03-01	medium	telegrambaxx.pages.dev/langSign-66e8939d.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/countries-5301fc59.js	Other
2024-03-01	medium	telegrambaxx.pages.dev/putPreloader-339e0b30.js	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed
2024-04-18	medium	telegrambaxx.pages.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	telegrambaxx.pages.dev/page-e73ef7e4.js	10 kB	2023-10-29	2024-04-24
Pretty URL telegrambaxx.pages.dev/page-e73ef7e4.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-24 06:51:59 Times Seen17 Hash d2c1421214af33d9f24b639356538756 c3ddcaa0916df3be36a23e4971119ff03bd7b258 a5086c994cb0c2bc71c6ef6cb36bb6af87f439c59dc923f59c5fe9b468765b5f Loading...

	telegrambaxx.pages.dev/button-a9a2d121.js	7.4 kB	2023-10-29	2024-04-24
Pretty URL telegrambaxx.pages.dev/button-a9a2d121.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-24 06:51:58 Times Seen10 Hash bf3d0d489ee5fe7a6b60a52d8b0029bb ccdce24c583761aec923f61ff0af0e1f6103cdc9 8bd15c2493c0464e1a3b46685a23fc1f59dd5bdf27e5ac09d48bc0fe27e52014 Loading...

	telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js	357 B	2023-10-29	2024-04-30
Pretty URL telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-30 18:58:46 Times Seen136 Hash db363d8053c3aa976b2e2162860d6932 fef1a8b065868caacf63184d97c10aaf10ec6a28 62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663 Loading...

	telegrambaxx.pages.dev/pageSignQR-3ec2680d.js	5.6 kB	2023-10-29	2024-04-24
Pretty URL telegrambaxx.pages.dev/pageSignQR-3ec2680d.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-24 06:51:58 Times Seen9 Hash 77ff88e190b7aa6e83e2a85159663605 04509f3fc32864877cdcd563979f3159cdb71706 0a69ec2e289e2c58ac11a4ea727652749d1348a23144118ece9047bdae38c6ae Loading...

	telegrambaxx.pages.dev/qr-code-styling-c40cd486.js	66 kB	2023-08-29	2024-04-24
Pretty URL telegrambaxx.pages.dev/qr-code-styling-c40cd486.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-29 04:08:58 Last Seen2024-04-24 06:51:58 Times Seen213 Hash 507abdddf8a6083dd32cfd55e8dd9c77 7bb27293c0e040b92aa79925df938bc5ae810bff 48d812700c5555c6823724cb0ce93936e5067175e37a41b6f3edd1ceecea2bfc Loading...

	telegrambaxx.pages.dev/index-257913ec.js	109 kB	2023-10-29	2024-04-24
Pretty URL telegrambaxx.pages.dev/index-257913ec.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-24 06:51:58 Times Seen7 Hash 2b75f84114c64a48ae191f606ef8109d 0fe4042e0e6feb74298a99d54fea52786c380a70 3b46907a63e08809a49768249a103d30695944d0cd374f642c7685cb44a4f50d Loading...

	telegrambaxx.pages.dev/lang-5a385cdb.js	83 kB	2023-10-29	2024-04-24
Pretty URL telegrambaxx.pages.dev/lang-5a385cdb.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-24 06:51:58 Times Seen7 Hash 4d37b6f6343a465f397e1fc748f3aa6f 36c19c35d86ea22582a85f6b2a73159e8da710a5 034b0ca7b8d221f94f845944b7613c4740e8ace07848f55b5b24f8d1c9af2622 Loading...

	telegrambaxx.pages.dev/langSign-66e8939d.js	1.6 kB	2023-10-29	2024-04-30
Pretty URL telegrambaxx.pages.dev/langSign-66e8939d.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-30 18:58:46 Times Seen99 Hash b1fb189d8c6640ca34096506a34baaa4 cb811e89f3c08f1d90eda051a29760fa1165e4d8 7285632faf1a90db84b6da17536028924fd77630408e7ba20172637dd2b7fe32 Loading...

	telegrambaxx.pages.dev/countries-5301fc59.js	24 kB	2023-08-29	2024-04-30
Pretty URL telegrambaxx.pages.dev/countries-5301fc59.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-29 04:08:58 Last Seen2024-04-30 18:58:46 Times Seen374 Hash dff89d22ad674afafcc150af3a75d51f 3e103a40939f3e33f2ed2d2ac340dbd049b8dca1 7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80 Loading...

	telegrambaxx.pages.dev/putPreloader-339e0b30.js	699 B	2023-10-29	2024-04-24
Pretty URL telegrambaxx.pages.dev/putPreloader-339e0b30.js IP 172.66.47.128 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-24 06:51:58 Times Seen11 Hash c45c524cd173c84436b69a2f496abf68 0f5fdae5cbc792070561a1f817167ba9a3b1a1c4 3c79832d5037073878feadbc4979dd8128f6e709e736661c3614ed3b2fd5ca90 Loading...

HTTP Transactions (24)

URL IP Response Size

telegrambaxx.pages.dev/crypto.worker-b2b2021e.js

172.66.47.128

200 OK

0 B

URL GET HTTP/3
telegrambaxx.pages.dev/crypto.worker-b2b2021e.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /crypto.worker-b2b2021e.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: sharedworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-None-Match: W/"860187db15075ef93d9f1f93f6ce3e29"
TE: trailers

HTTP/3 304 Not Modified
date: Thu, 18 Apr 2024 19:01:05 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2FZ4MRIrUoskdl5suwHcwPiZ9U2JIehB13knJ6UXr09MdeEGGTcJ%2FBzw55WAYfzovmahFH2DVUu9rGCBCJ5LiGpTqEwHvy784y8Fpw1gtxii1l8lBHTtleqA8y9kn7DMZLV%2BqM5DScT6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c7d965b4ee-OSL
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry

172.66.47.128

200 OK

9.0 kB

URL GET HTTP/3
telegrambaxx.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (9024 bytes)
Hash
87fecdadac0beb95f9b7c87b3b3236f0
822f92446c0033a32462aa21208efaef1f0d8c3c
25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: image/png
content-length: 9024
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c35bd3231a46b7b8c79b2578bdec4987"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOMJVwXaElwOIQL7cPGu%2FPzuDVQDoVn4DABUJD6ps6vpfhIE7FndZbLufdrsuYf2IKPacD1rRFaKdong2EUeRqmem8C1rl3VBno%2BmogmxpqvpUuX4FnDZc7iwWvhTCCW%2Bwi8Lfw132wM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c829d1b4ee-OSL
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry

172.66.47.128

200 OK

1.0 kB

URL GET HTTP/3
telegrambaxx.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.0 kB (1012 bytes)
Hash
e3ce05eb00b3215df220efaf0fd06e21
d1533966f79dc2984c34317035f31cf3c91298c9
0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: image/png
content-length: 1012
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "164bab244d543d9719126be57e7b82f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JXNnN6h5bwPRHH1CIIbIVTxTi22%2FeZQPs%2BE3Rsla4rY5X2to%2FNR0F4Z53hGmHHffgQdQ0Dp2gxosuFqonNnxUKdGsVJKM9fdtdn0Ii929FbloJxiE7OlY92pZVfhJtUsMoR4kN4Ph%2BDu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c829d2b4ee-OSL
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/pageSignQR-3ec2680d.js

172.66.47.128

200 OK

2.8 kB

URL GET HTTP/3
telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
Java source, ASCII text, with very long lines (5538)
Size
2.8 kB (2781 bytes)
Hash
77ff88e190b7aa6e83e2a85159663605
04509f3fc32864877cdcd563979f3159cdb71706
0a69ec2e289e2c58ac11a4ea727652749d1348a23144118ece9047bdae38c6ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pageSignQR-3ec2680d.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3fd69c4c6df759fe9157ac8b8e641095"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TiXvtGG2W%2FetvaHf2ksG1Mof20BRjEaWJgfsZgyQ5%2BmuFP8scobhqDCVbB2hWX9mFSzZJKcqccFCVoHJ4fB5giSmQQgajllEzMGXcjFd8gWEMJx3FU%2FoKnM7xD41FGdGnxq7U68Wjyqg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c86a17b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/button-a9a2d121.js

172.66.47.128

200 OK

3.4 kB

URL GET HTTP/3
telegrambaxx.pages.dev/button-a9a2d121.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
Java source, ASCII text, with very long lines (7369)
Size
3.4 kB (3385 bytes)
Hash
bf3d0d489ee5fe7a6b60a52d8b0029bb
ccdce24c583761aec923f61ff0af0e1f6103cdc9
8bd15c2493c0464e1a3b46685a23fc1f59dd5bdf27e5ac09d48bc0fe27e52014

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /button-a9a2d121.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ebade2dbf20c926759fb45ba379b8347"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4SjNLTDG7%2Fzn61mF%2FHkevnJuYEwueZ2JZCZOBAzmIWMM1eRjh6yYht9tuFjP%2F3Xvxn5xc%2FOw6d2hCddrJy3I7Y1%2FuBZ%2BBJzWDyYd%2BN0ZSUksC79RCd4yEyWeG4q4%2FWLEYLBjYOK30GL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c8fac4b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/page-e73ef7e4.js

172.66.47.128

200 OK

4.6 kB

URL GET HTTP/3
telegrambaxx.pages.dev/page-e73ef7e4.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
ASCII text, with very long lines (9973)
Size
4.6 kB (4630 bytes)
Hash
d2c1421214af33d9f24b639356538756
c3ddcaa0916df3be36a23e4971119ff03bd7b258
a5086c994cb0c2bc71c6ef6cb36bb6af87f439c59dc923f59c5fe9b468765b5f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /page-e73ef7e4.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9863bf3c6880827c9fa2d12b7f24d67c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=84F8xbH%2FrKaU5JzuTdlz6owmw6zxTnbYH4hwSgUGur9WdAqy0vNv71nP8YUjjSArzqjZtmV1gxozBTFhPvuMI7v7cKAQbsLNdkpt338PdvMn7hJeXbzkHhZlHrt%2Faw3D%2FLq4mb4FCN5H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c85a05b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

172.66.47.128

200 OK

11 kB

URL GET HTTP/3
telegrambaxx.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://telegrambaxx.pages.dev/index-70fb3a96.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fan5pyoM2ysDfubnGD5awuxlbICgTizgywGjJz%2FlS6oSyqAkVVWVRZWbSiN3siuqm%2F2x14pw1nJ48k2%2FaIMJKfHKmaZ%2BTl%2BZD9GAavXeqiSsy3usBJrcaV3uyIJBAHalqiwrysGQwaiR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c9ebb4b4ee-OSL
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

172.66.47.128

200 OK

11 kB

URL GET HTTP/3
telegrambaxx.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://telegrambaxx.pages.dev/index-70fb3a96.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dI2NUlnQJKb3gJDhvhnMSMNumivbZSNpQDlbPCyAWiOixiLs4JAgjjbk9TUhssl06UCM1uMc%2FySfP%2FmjTva%2BT6Y3TL9OyefG9n09fuK5Mbvj7PXxtL1LsV9swB9toKuFQRLfECIacxb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c9ebabb4ee-OSL
alt-svc: h3=":443"; ma=86400

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrambaxx.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Al7CB6SENvfoQcgXnrSv4w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 19:01:06 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: epXqhP/ocws+gXumB9Ka6oPjCsg=
Sec-WebSocket-Protocol: binary

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
Content-Length: 0
Origin: https://telegrambaxx.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrambaxx.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4ScidbXu7du8AreQnZsdCQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 19:01:06 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 48jO1XmwDxzVcCN2se0+nq6k+qs=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrambaxx.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rylZSVK4h1P9j87hsxGKbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 19:01:06 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kPfjZSVEU9Fs3S1jTxXwa0zby/w=
Sec-WebSocket-Protocol: binary

telegrambaxx.pages.dev/putPreloader-339e0b30.js

172.66.47.128

200 OK

699 B

URL GET HTTP/3
telegrambaxx.pages.dev/putPreloader-339e0b30.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
b53d58ed77817df30735430f412d28cd
940913dd75c3288daca4c9858ea116952e6d0a4f
98a57eb73e78a62401b1f2dad8728e8773a033d53b6644ba741528b4a6783018

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-339e0b30.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a43b9973f5550aeb9e15bbf1457e4608"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbXiizY%2BuAIjUwg8gZat1%2BbcbFT9XyYhPBGXMCKAb0Uv3ElUcMbWIYObzptoPinzLMRQizTLfnf6UJPOoBCvzcjav%2BaxXwzzN5nqp8ha7z180icGAQ8D%2FYAlP9%2Fut%2BChMAT%2BbWKOO0Af"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c8fac6b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/index-257913ec.js

172.66.47.128

200 OK

109 kB

URL GET HTTP/3
telegrambaxx.pages.dev/index-257913ec.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type

Size
109 kB (109303 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-257913ec.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"626ca76ee4270b1d69a7ed1b66aaa678"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dDvi8fogZWsWNW5aDdJGJXxhuO45RItpnY5gLdJDp7U949gtKZbh9MxXFQRt%2Fldnke2v5i0GBEu1t9yHYIj6LF86eRd%2BKN0rM6wAwyYLW1wQrRZDx6qVPHGTVmkR8PGL7nxAnBUIp2Qd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c5cf6ab4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/lang-5a385cdb.js

172.66.47.128

200 OK

83 kB

URL GET HTTP/3
telegrambaxx.pages.dev/lang-5a385cdb.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type

Size
83 kB (82641 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lang-5a385cdb.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"41ed5bd498697b7a3dc987814297f5a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E0gEjCSgs8o1h1qL%2Bzwu7G%2BJ3IDj%2FHKwYA8dJKejNVIZwIsC6cF0EIy56ZcihBg3SU4SIxxwEnKIQG8539KCP%2FKI4QR%2FIhm%2BeW3ayjzBN5hyRbyPTS7DcsGMD6vgg0BltjnhIevLN71h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c78926b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js

172.66.47.128

200 OK

357 B

URL GET HTTP/3
telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
ASCII text, with very long lines (361), with no line terminators
Size
357 B (357 bytes)
Hash
ea2a87dc9755781a19e407ae7bc5dc0d
41a7d07495e01e09e53eb51215ccf778c3aea92f
0a6994411c1666d1f665895c1d61536c24b0f0f5f9176f81d839c5316ea3d1be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"745425261de7a48f7926db2f3e90629a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGEJt6o0vhofNZq8px7aabH25t1Om0wg5uhar3jB3ZWxHfVQc3%2Fh1nzy8KVyHl9MlDj3OJO3mlawh2zMXPAf9EPLNgH8CsY5qvNCqvTV4iN9L1E9YB1BDBqnZBK99N6Eoexhwrj3mZ%2Bb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c85a10b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/assets/img/logo_padded.svg

172.66.47.128

200 OK

1.1 kB

URL GET HTTP/3
telegrambaxx.pages.dev/assets/img/logo_padded.svg
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1069 bytes)
Hash
4c0b48654a4881c325148a5e00964160
d7d21756c9dd4c1bf4d97087811745aad60506a0
7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/logo_padded.svg HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:07 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ddc17b460f3542cd68305d2c727dab6c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2FxSVXr6BEydxMJdVIJs8c2I5lOT0KWQNDKWACN4k3G7fUCg6mYaGyhzC%2BFrHRkX8Xn0ufNF%2BZ59b236QYTRK4JcqoDgo%2BYDwzd1YB92jKd7ZDU%2FXtLavjgml2COCz8WCBtwanpNmyho"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6d40ea1b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js

172.66.47.128

200 OK

357 B

URL GET HTTP/3
telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
ASCII text, with very long lines (361), with no line terminators
Size
357 B (357 bytes)
Hash
ea2a87dc9755781a19e407ae7bc5dc0d
41a7d07495e01e09e53eb51215ccf778c3aea92f
0a6994411c1666d1f665895c1d61536c24b0f0f5f9176f81d839c5316ea3d1be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"745425261de7a48f7926db2f3e90629a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2rkbU9g5sjkFAkua4G6oWY4o0F1pRl4F7eNgtP1usy5%2FR3NMD7YU8RqP9PlT0BuZaQMzqzndGQFbI50UQ6BLUCbWVILIQZfQdN7Qp8VlHglX%2B%2FPxuSn%2Fx4kQViYgIGVqVWYMXSQSoAy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c8fac9b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/qr-code-styling-c40cd486.js

172.66.47.128

200 OK

66 kB

URL GET HTTP/3
telegrambaxx.pages.dev/qr-code-styling-c40cd486.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type

Size
66 kB (66272 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-c40cd486.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2024b4af6efb72a858b6bd36ad6cca0b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KRCbn9AVxBbBWOt7pjOEwNoaYH5gzujKkgsXegGPa%2BpRzF6Zh%2F%2Blf1Vq2vdGs9CkxVtohcQOS9Z7zLcZFdpbbmW3Po7dKBCutAsPGYQH%2B9JVe%2B%2BFlRMxw5G2FDsOF3er8exVyA0iy%2FxX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c94b14b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/

172.66.47.128

200 OK

14 kB

URL User Request GET HTTP/2
telegrambaxx.pages.dev/
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
HTML document, ASCII text, with very long lines (1757)
Size
14 kB (13596 bytes)
Hash
b76a59b43efb967dae7a76953b2bf4a8
d3de34a520433b6fc136bbd669fb32942de0f33d
29187d118413b1122f301970cf912828d190d1f0b4a2f8b9229a811016ba1e82

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"db55e7ba5feb9a3f67859b149302a12a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nlOgjwk6%2FR0SKiLTRYEj2QZi4VNlj%2F77zLtdAwBap%2B9cRv269h3CFED%2B3HrojAvvkBGWZeIzQnKyZb%2Br7YEOk39Bt37IspMVwQHlEMPCh2FAAPLisxgJIJOmdtTIgl5%2FCALgyopj7Qu8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c459ce568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

telegrambaxx.pages.dev/index-70fb3a96.css

172.66.47.128

200 OK

397 kB

URL GET HTTP/3
telegrambaxx.pages.dev/index-70fb3a96.css
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type

Size
397 kB (396827 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-70fb3a96.css HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ec6b87e9f7a9e296afb5672d942613db"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRCl5vxMo4se9Z%2B5gpurqaNfCggXKcRXzHHjlASimWgYXCe1JErRqF%2B3E7y3qNeyFGdhvAKKrUp%2BSLL4zQlqe%2BOMAoRHin%2BvqKSn0gK3fwcC1HXO6BxhvVLmHS0O%2FVbVtLD%2FyotoujJs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c5cf6cb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/langSign-66e8939d.js

172.66.47.128

200 OK

1.6 kB

URL GET HTTP/3
telegrambaxx.pages.dev/langSign-66e8939d.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
ASCII text, with very long lines (1751), with no line terminators
Size
1.6 kB (1646 bytes)
Hash
0d55451ee39b2aa034b815696a9b13ad
6144047d9652181c02b1e107703a9851ba5838ae
6efafb0c9358c1754c8d06ee1049bae36ff61108eb534f6c79a94d8b62f5b8f2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /langSign-66e8939d.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"5a29e5d9c312b68171d6e68b1381397b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gWs4F3JlnMx2C4ruGqHPlmBt3FSg%2Fth0JoXhLs4%2FeDEgnGgKwo%2B5sDcn6mB1hYO91xFQK6gAWzwcgVi8PTXnM%2FKEtDCfzz8KR%2FQmMry%2Fquoiyi28ZhiFLyGJJ4x9lVyxbfPx283iFL87"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c78927b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/countries-5301fc59.js

172.66.47.128

200 OK

24 kB

URL GET HTTP/3
telegrambaxx.pages.dev/countries-5301fc59.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type

Size
24 kB (24097 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /countries-5301fc59.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e980704d431b4d599e68121466b55e1b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nkNNZ5CrBwFWISat6CbYwPScQSk2xUrKNB4Vpjx4furDXrsOXrKEwsXQkl%2BstUiBOs%2BGDtRLOhQsAHogSgoX24a1gA0chVF1vegqy5hs3dasauGlO4YeE%2BG7ffuldclrp%2B2RBQE1ve6N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c78928b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrambaxx.pages.dev/putPreloader-339e0b30.js

172.66.47.128

200 OK

699 B

URL GET HTTP/3
telegrambaxx.pages.dev/putPreloader-339e0b30.js
IP
172.66.47.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrambaxx.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrambaxx.pages.dev
Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6
ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
b53d58ed77817df30735430f412d28cd
940913dd75c3288daca4c9858ea116952e6d0a4f
98a57eb73e78a62401b1f2dad8728e8773a033d53b6644ba741528b4a6783018

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-339e0b30.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a43b9973f5550aeb9e15bbf1457e4608"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JqeEXM4seGDaRp6U5dFcAD0UaFACGma%2FLHyiT4oECuuIg%2B0Jf28pzYNGWJ0noNPyGB8ZNfp%2FS%2BmU8jdv5jLZ2LzZxx%2B3sdbGLL0Ry8W36x7dz1ZKoyj35axZfxI5EmPaBfq6wYI16OvV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c85a0db4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML