| telegrambaxx.pages.dev/crypto.worker-b2b2021e.js | 172.66.47.128 | 200 OK | 0 B |
URL GET HTTP/3telegrambaxx.pages.dev/crypto.worker-b2b2021e.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /crypto.worker-b2b2021e.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: sharedworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-None-Match: W/"860187db15075ef93d9f1f93f6ce3e29"
TE: trailers
HTTP/3 304 Not Modified
date: Thu, 18 Apr 2024 19:01:05 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2FZ4MRIrUoskdl5suwHcwPiZ9U2JIehB13knJ6UXr09MdeEGGTcJ%2FBzw55WAYfzovmahFH2DVUu9rGCBCJ5LiGpTqEwHvy784y8Fpw1gtxii1l8lBHTtleqA8y9kn7DMZLV%2BqM5DScT6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c7d965b4ee-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 172.66.47.128 | 200 OK | 9.0 kB |
URL GET HTTP/3telegrambaxx.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: image/png
content-length: 9024
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c35bd3231a46b7b8c79b2578bdec4987"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOMJVwXaElwOIQL7cPGu%2FPzuDVQDoVn4DABUJD6ps6vpfhIE7FndZbLufdrsuYf2IKPacD1rRFaKdong2EUeRqmem8C1rl3VBno%2BmogmxpqvpUuX4FnDZc7iwWvhTCCW%2Bwi8Lfw132wM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c829d1b4ee-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry | 172.66.47.128 | 200 OK | 1.0 kB |
URL GET HTTP/3telegrambaxx.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: image/png
content-length: 1012
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "164bab244d543d9719126be57e7b82f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JXNnN6h5bwPRHH1CIIbIVTxTi22%2FeZQPs%2BE3Rsla4rY5X2to%2FNR0F4Z53hGmHHffgQdQ0Dp2gxosuFqonNnxUKdGsVJKM9fdtdn0Ii929FbloJxiE7OlY92pZVfhJtUsMoR4kN4Ph%2BDu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c829d2b4ee-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/pageSignQR-3ec2680d.js | 172.66.47.128 | 200 OK | 2.8 kB |
URL GET HTTP/3telegrambaxx.pages.dev/pageSignQR-3ec2680d.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeJava source, ASCII text, with very long lines (5538) Hash77ff88e190b7aa6e83e2a85159663605 04509f3fc32864877cdcd563979f3159cdb71706 0a69ec2e289e2c58ac11a4ea727652749d1348a23144118ece9047bdae38c6ae
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-3ec2680d.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3fd69c4c6df759fe9157ac8b8e641095"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TiXvtGG2W%2FetvaHf2ksG1Mof20BRjEaWJgfsZgyQ5%2BmuFP8scobhqDCVbB2hWX9mFSzZJKcqccFCVoHJ4fB5giSmQQgajllEzMGXcjFd8gWEMJx3FU%2FoKnM7xD41FGdGnxq7U68Wjyqg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c86a17b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/button-a9a2d121.js | 172.66.47.128 | 200 OK | 3.4 kB |
URL GET HTTP/3telegrambaxx.pages.dev/button-a9a2d121.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeJava source, ASCII text, with very long lines (7369) Hashbf3d0d489ee5fe7a6b60a52d8b0029bb ccdce24c583761aec923f61ff0af0e1f6103cdc9 8bd15c2493c0464e1a3b46685a23fc1f59dd5bdf27e5ac09d48bc0fe27e52014
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /button-a9a2d121.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ebade2dbf20c926759fb45ba379b8347"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4SjNLTDG7%2Fzn61mF%2FHkevnJuYEwueZ2JZCZOBAzmIWMM1eRjh6yYht9tuFjP%2F3Xvxn5xc%2FOw6d2hCddrJy3I7Y1%2FuBZ%2BBJzWDyYd%2BN0ZSUksC79RCd4yEyWeG4q4%2FWLEYLBjYOK30GL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c8fac4b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/page-e73ef7e4.js | 172.66.47.128 | 200 OK | 4.6 kB |
URL GET HTTP/3telegrambaxx.pages.dev/page-e73ef7e4.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeASCII text, with very long lines (9973) Hashd2c1421214af33d9f24b639356538756 c3ddcaa0916df3be36a23e4971119ff03bd7b258 a5086c994cb0c2bc71c6ef6cb36bb6af87f439c59dc923f59c5fe9b468765b5f
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /page-e73ef7e4.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9863bf3c6880827c9fa2d12b7f24d67c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=84F8xbH%2FrKaU5JzuTdlz6owmw6zxTnbYH4hwSgUGur9WdAqy0vNv71nP8YUjjSArzqjZtmV1gxozBTFhPvuMI7v7cKAQbsLNdkpt338PdvMn7hJeXbzkHhZlHrt%2Faw3D%2FLq4mb4FCN5H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c85a05b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 172.66.47.128 | 200 OK | 11 kB |
URL GET HTTP/3telegrambaxx.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://telegrambaxx.pages.dev/index-70fb3a96.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fan5pyoM2ysDfubnGD5awuxlbICgTizgywGjJz%2FlS6oSyqAkVVWVRZWbSiN3siuqm%2F2x14pw1nJ48k2%2FaIMJKfHKmaZ%2BTl%2BZD9GAavXeqiSsy3usBJrcaV3uyIJBAHalqiwrysGQwaiR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c9ebb4b4ee-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 172.66.47.128 | 200 OK | 11 kB |
URL GET HTTP/3telegrambaxx.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://telegrambaxx.pages.dev/index-70fb3a96.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dI2NUlnQJKb3gJDhvhnMSMNumivbZSNpQDlbPCyAWiOixiLs4JAgjjbk9TUhssl06UCM1uMc%2FySfP%2FmjTva%2BT6Y3TL9OyefG9n09fuK5Mbvj7PXxtL1LsV9swB9toKuFQRLfECIacxb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c9ebabb4ee-OSL
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrambaxx.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Al7CB6SENvfoQcgXnrSv4w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 19:01:06 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: epXqhP/ocws+gXumB9Ka6oPjCsg=
Sec-WebSocket-Protocol: binary
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
Content-Length: 0
Origin: https://telegrambaxx.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrambaxx.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4ScidbXu7du8AreQnZsdCQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 19:01:06 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 48jO1XmwDxzVcCN2se0+nq6k+qs=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrambaxx.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rylZSVK4h1P9j87hsxGKbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 19:01:06 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kPfjZSVEU9Fs3S1jTxXwa0zby/w=
Sec-WebSocket-Protocol: binary
|
|
| telegrambaxx.pages.dev/putPreloader-339e0b30.js | 172.66.47.128 | 200 OK | 699 B |
URL GET HTTP/3telegrambaxx.pages.dev/putPreloader-339e0b30.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeASCII text, with very long lines (736), with no line terminators Hashb53d58ed77817df30735430f412d28cd 940913dd75c3288daca4c9858ea116952e6d0a4f 98a57eb73e78a62401b1f2dad8728e8773a033d53b6644ba741528b4a6783018
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-339e0b30.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a43b9973f5550aeb9e15bbf1457e4608"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbXiizY%2BuAIjUwg8gZat1%2BbcbFT9XyYhPBGXMCKAb0Uv3ElUcMbWIYObzptoPinzLMRQizTLfnf6UJPOoBCvzcjav%2BaxXwzzN5nqp8ha7z180icGAQ8D%2FYAlP9%2Fut%2BChMAT%2BbWKOO0Af"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c8fac6b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/index-257913ec.js | 172.66.47.128 | 200 OK | 109 kB |
URL GET HTTP/3telegrambaxx.pages.dev/index-257913ec.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
Size109 kB (109303 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /index-257913ec.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"626ca76ee4270b1d69a7ed1b66aaa678"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dDvi8fogZWsWNW5aDdJGJXxhuO45RItpnY5gLdJDp7U949gtKZbh9MxXFQRt%2Fldnke2v5i0GBEu1t9yHYIj6LF86eRd%2BKN0rM6wAwyYLW1wQrRZDx6qVPHGTVmkR8PGL7nxAnBUIp2Qd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c5cf6ab4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/lang-5a385cdb.js | 172.66.47.128 | 200 OK | 83 kB |
URL GET HTTP/3telegrambaxx.pages.dev/lang-5a385cdb.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /lang-5a385cdb.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"41ed5bd498697b7a3dc987814297f5a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E0gEjCSgs8o1h1qL%2Bzwu7G%2BJ3IDj%2FHKwYA8dJKejNVIZwIsC6cF0EIy56ZcihBg3SU4SIxxwEnKIQG8539KCP%2FKI4QR%2FIhm%2BeW3ayjzBN5hyRbyPTS7DcsGMD6vgg0BltjnhIevLN71h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c78926b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js | 172.66.47.128 | 200 OK | 357 B |
URL GET HTTP/3telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeASCII text, with very long lines (361), with no line terminators Hashea2a87dc9755781a19e407ae7bc5dc0d 41a7d07495e01e09e53eb51215ccf778c3aea92f 0a6994411c1666d1f665895c1d61536c24b0f0f5f9176f81d839c5316ea3d1be
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"745425261de7a48f7926db2f3e90629a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGEJt6o0vhofNZq8px7aabH25t1Om0wg5uhar3jB3ZWxHfVQc3%2Fh1nzy8KVyHl9MlDj3OJO3mlawh2zMXPAf9EPLNgH8CsY5qvNCqvTV4iN9L1E9YB1BDBqnZBK99N6Eoexhwrj3mZ%2Bb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c85a10b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/assets/img/logo_padded.svg | 172.66.47.128 | 200 OK | 1.1 kB |
URL GET HTTP/3telegrambaxx.pages.dev/assets/img/logo_padded.svg IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeSVG Scalable Vector Graphics image Hash4c0b48654a4881c325148a5e00964160 d7d21756c9dd4c1bf4d97087811745aad60506a0 7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/logo_padded.svg HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:07 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ddc17b460f3542cd68305d2c727dab6c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2FxSVXr6BEydxMJdVIJs8c2I5lOT0KWQNDKWACN4k3G7fUCg6mYaGyhzC%2BFrHRkX8Xn0ufNF%2BZ59b236QYTRK4JcqoDgo%2BYDwzd1YB92jKd7ZDU%2FXtLavjgml2COCz8WCBtwanpNmyho"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6d40ea1b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js | 172.66.47.128 | 200 OK | 357 B |
URL GET HTTP/3telegrambaxx.pages.dev/textToSvgURL-c6ebb454.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeASCII text, with very long lines (361), with no line terminators Hashea2a87dc9755781a19e407ae7bc5dc0d 41a7d07495e01e09e53eb51215ccf778c3aea92f 0a6994411c1666d1f665895c1d61536c24b0f0f5f9176f81d839c5316ea3d1be
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"745425261de7a48f7926db2f3e90629a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2rkbU9g5sjkFAkua4G6oWY4o0F1pRl4F7eNgtP1usy5%2FR3NMD7YU8RqP9PlT0BuZaQMzqzndGQFbI50UQ6BLUCbWVILIQZfQdN7Qp8VlHglX%2B%2FPxuSn%2Fx4kQViYgIGVqVWYMXSQSoAy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c8fac9b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/qr-code-styling-c40cd486.js | 172.66.47.128 | 200 OK | 66 kB |
URL GET HTTP/3telegrambaxx.pages.dev/qr-code-styling-c40cd486.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-c40cd486.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/pageSignQR-3ec2680d.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2024b4af6efb72a858b6bd36ad6cca0b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KRCbn9AVxBbBWOt7pjOEwNoaYH5gzujKkgsXegGPa%2BpRzF6Zh%2F%2Blf1Vq2vdGs9CkxVtohcQOS9Z7zLcZFdpbbmW3Po7dKBCutAsPGYQH%2B9JVe%2B%2BFlRMxw5G2FDsOF3er8exVyA0iy%2FxX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c94b14b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 172.66.47.128 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP172.66.47.128:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeHTML document, ASCII text, with very long lines (1757) Hashb76a59b43efb967dae7a76953b2bf4a8 d3de34a520433b6fc136bbd669fb32942de0f33d 29187d118413b1122f301970cf912828d190d1f0b4a2f8b9229a811016ba1e82
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"db55e7ba5feb9a3f67859b149302a12a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nlOgjwk6%2FR0SKiLTRYEj2QZi4VNlj%2F77zLtdAwBap%2B9cRv269h3CFED%2B3HrojAvvkBGWZeIzQnKyZb%2Br7YEOk39Bt37IspMVwQHlEMPCh2FAAPLisxgJIJOmdtTIgl5%2FCALgyopj7Qu8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c459ce568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| telegrambaxx.pages.dev/index-70fb3a96.css | 172.66.47.128 | 200 OK | 397 kB |
URL GET HTTP/3telegrambaxx.pages.dev/index-70fb3a96.css IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
Size397 kB (396827 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /index-70fb3a96.css HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ec6b87e9f7a9e296afb5672d942613db"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRCl5vxMo4se9Z%2B5gpurqaNfCggXKcRXzHHjlASimWgYXCe1JErRqF%2B3E7y3qNeyFGdhvAKKrUp%2BSLL4zQlqe%2BOMAoRHin%2BvqKSn0gK3fwcC1HXO6BxhvVLmHS0O%2FVbVtLD%2FyotoujJs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c5cf6cb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/langSign-66e8939d.js | 172.66.47.128 | 200 OK | 1.6 kB |
URL GET HTTP/3telegrambaxx.pages.dev/langSign-66e8939d.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeASCII text, with very long lines (1751), with no line terminators Hash0d55451ee39b2aa034b815696a9b13ad 6144047d9652181c02b1e107703a9851ba5838ae 6efafb0c9358c1754c8d06ee1049bae36ff61108eb534f6c79a94d8b62f5b8f2
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /langSign-66e8939d.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"5a29e5d9c312b68171d6e68b1381397b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gWs4F3JlnMx2C4ruGqHPlmBt3FSg%2Fth0JoXhLs4%2FeDEgnGgKwo%2B5sDcn6mB1hYO91xFQK6gAWzwcgVi8PTXnM%2FKEtDCfzz8KR%2FQmMry%2Fquoiyi28ZhiFLyGJJ4x9lVyxbfPx283iFL87"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c78927b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/countries-5301fc59.js | 172.66.47.128 | 200 OK | 24 kB |
URL GET HTTP/3telegrambaxx.pages.dev/countries-5301fc59.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /countries-5301fc59.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/index-257913ec.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e980704d431b4d599e68121466b55e1b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nkNNZ5CrBwFWISat6CbYwPScQSk2xUrKNB4Vpjx4furDXrsOXrKEwsXQkl%2BstUiBOs%2BGDtRLOhQsAHogSgoX24a1gA0chVF1vegqy5hs3dasauGlO4YeE%2BG7ffuldclrp%2B2RBQE1ve6N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c78928b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrambaxx.pages.dev/putPreloader-339e0b30.js | 172.66.47.128 | 200 OK | 699 B |
URL GET HTTP/3telegrambaxx.pages.dev/putPreloader-339e0b30.js IP172.66.47.128:443
Requested byhttps://telegrambaxx.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegrambaxx.pages.dev Fingerprint3B:4F:60:66:7D:1E:73:55:12:EC:3F:20:E5:2F:02:9F:66:1B:19:C6 ValidityFri, 01 Mar 2024 05:47:02 GMT - Thu, 30 May 2024 05:47:01 GMT
File typeASCII text, with very long lines (736), with no line terminators Hashb53d58ed77817df30735430f412d28cd 940913dd75c3288daca4c9858ea116952e6d0a4f 98a57eb73e78a62401b1f2dad8728e8773a033d53b6644ba741528b4a6783018
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-339e0b30.js HTTP/1.1
Host: telegrambaxx.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrambaxx.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:01:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a43b9973f5550aeb9e15bbf1457e4608"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JqeEXM4seGDaRp6U5dFcAD0UaFACGma%2FLHyiT4oECuuIg%2B0Jf28pzYNGWJ0noNPyGB8ZNfp%2FS%2BmU8jdv5jLZ2LzZxx%2B3sdbGLL0Ry8W36x7dz1ZKoyj35axZfxI5EmPaBfq6wYI16OvV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766e6c85a0db4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|