Report - 42.194.telegrcmc.com/

Report Overview

Submitted URL
42.194.telegrcmc.com/
IP
45.64.52.116
ASN
#64050 BGPNET Global ASN
Submitted
2024-04-27 03:59:31
Access
public
Website Title
Telegram
Final URL
42.194.telegrcmc.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
176

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
42.194.telegrcmc.com	unknown	unknown	No data	No data	20 kB	2.8 MB	45.64.52.116
t.me	6552	2010-05-20	2015-06-29	2024-04-25	419 B	515 B	149.154.167.99
telegram.me	11938	2014-01-07	2013-10-13	2024-04-25	426 B	515 B	149.154.167.99
zws2.web.telegram.org	144268	2003-12-15	2021-06-24	2024-04-25	1.2 kB	438 B	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram
2024-04-26	medium	42.194.telegrcmc.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed
2024-04-27	medium	telegrcmc.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	telegram.me/_websync_?authed=0&version=10.4.5+A	4 B	2023-03-07	2024-05-08
Pretty URL telegram.me/_websync_?authed=0&version=10.4.5+A IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-05-08 12:25:29 Times Seen23575 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	42.194.telegrcmc.com/3748.0fa60c5a44d4b42a0115.js	9.8 kB	2024-01-25	2024-05-07
Pretty URL 42.194.telegrcmc.com/3748.0fa60c5a44d4b42a0115.js IP 45.64.52.116 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-25 07:46:59 Last Seen2024-05-07 06:27:10 Times Seen96 Hash 02161e4617efa57e5c0ab5ae61300dcd bc99b5da6161b06d78a7f88119cd45f2dd826fbe 46ff1f7377f83f6826433319f1a08efbebd39b4eef483c4924416a80df01a73c Loading...

	42.194.telegrcmc.com/6839.01a53cbedf5d86d252ec.js	46 kB	2023-10-19	2024-05-08
Pretty URL 42.194.telegrcmc.com/6839.01a53cbedf5d86d252ec.js IP 45.64.52.116 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-19 01:38:58 Last Seen2024-05-08 06:46:29 Times Seen144 Hash 2075f46f0950d8614b73045505b7aafc 34da1902bc42580deab249ac8ef5c4901d243a43 f693fccbb0f64594079d492db05d3bced69a6c6cab7514d4b78733570fd592a1 Loading...

	42.194.telegrcmc.com/compatTest.js	927 B	2023-07-27	2024-05-07
Pretty URL 42.194.telegrcmc.com/compatTest.js IP 45.64.52.116 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32:34 Last Seen2024-05-07 06:27:10 Times Seen189 Hash 8d3c978142adca439569a4e8e809f193 2b23f728dc23ca4fdaeaee01acd48cc316e1a278 c4691c694cc9ec2c292557bab2b88f1c7476b56b1eb4df50340264b0efb9db4f Loading...

	42.194.telegrcmc.com/redirect.js	325 B	2023-07-27	2024-05-08
Pretty URL 42.194.telegrcmc.com/redirect.js IP 45.64.52.116 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32:34 Last Seen2024-05-08 06:46:29 Times Seen225 Hash 17773b57b87a678c98e26a7cac72df6c 7422857aa75ee81cabcec2eed6c4a6168f363ee1 375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f Loading...

	42.194.telegrcmc.com/main.bcfddf515958c318bae6.js	383 kB	2024-03-20	2024-05-07
Pretty URL 42.194.telegrcmc.com/main.bcfddf515958c318bae6.js IP 45.64.52.116 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-20 16:46:41 Last Seen2024-05-07 06:27:10 Times Seen81 Hash 6c64bf843a757b3182f86021b4584267 0ac99edc6bf5c94961a61aea4c4ef38fc1e7fa37 96fc4ea1bec90c26a9bdbf53ced2d7e379c7c5bd478ffbcc100b16ef5b936617 Loading...

	42.194.telegrcmc.com/1915.7c097c4f98f78164d509.js	18 kB	2024-01-25	2024-05-07
Pretty URL 42.194.telegrcmc.com/1915.7c097c4f98f78164d509.js IP 45.64.52.116 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-25 07:46:59 Last Seen2024-05-07 06:27:10 Times Seen93 Hash da88a8550ef58d5fed48f5d54f88ee08 51fe5562057d56bfeda2d6bb6ed3ecb449cfd927 207f18121e4a48210dd0aff08d57b1fb9af346a17e38d57d60be15a7f5c733f4 Loading...

HTTP Transactions (48)

URL IP Response Size

42.194.telegrcmc.com/

45.64.52.116

200 OK

162 B

URL User Request GET HTTP/2
42.194.telegrcmc.com/
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 27 Apr 2024 03:59:07 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://42.194.telegrcmc.com/
Strict-Transport-Security: max-age=31536000

42.194.telegrcmc.com/

45.64.52.116

200 OK

3.2 kB

URL User Request GET HTTP/2
42.194.telegrcmc.com/
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3146), with no line terminators
Size
3.2 kB (3152 bytes)
Hash
f8177f8123cb7a333a038a05c08c2d90
07c3ec2157ab9be336271d6625d41c3e613b1e93
223da9c0eb6bcf6300baa6b79a0b994a9d14a2e04bb414b4f1bdcf4a482e6ba6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:10 GMT
content-type: text/html
content-length: 3152
last-modified: Sun, 10 Mar 2024 09:34:26 GMT
etag: "65ed7ea2-c50"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/compatTest.js

45.64.52.116

200 OK

927 B

URL GET HTTP/2
42.194.telegrcmc.com/compatTest.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text
Size
927 B (927 bytes)
Hash
8d3c978142adca439569a4e8e809f193
2b23f728dc23ca4fdaeaee01acd48cc316e1a278
c4691c694cc9ec2c292557bab2b88f1c7476b56b1eb4df50340264b0efb9db4f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /compatTest.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:10 GMT
content-type: application/javascript
content-length: 927
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
etag: "65a99438-39f"
expires: Sat, 27 Apr 2024 15:59:10 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/redirect.js

45.64.52.116

200 OK

325 B

URL GET HTTP/2
42.194.telegrcmc.com/redirect.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
ASCII text
Size
325 B (325 bytes)
Hash
17773b57b87a678c98e26a7cac72df6c
7422857aa75ee81cabcec2eed6c4a6168f363ee1
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /redirect.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:10 GMT
content-type: application/javascript
content-length: 325
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
etag: "65a99438-145"
expires: Sat, 27 Apr 2024 15:59:10 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/main.4087993f942398d56511.css

45.64.52.116

200 OK

109 kB

URL GET HTTP/2
42.194.telegrcmc.com/main.4087993f942398d56511.css
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
ASCII text, with very long lines (11172)
Size
109 kB (109237 bytes)
Hash
4c9d3e2cef6cc643e5cd75aa4d099ff4
98b0d570e4b6b5b3ec98667d826c052dadf92560
09cca783b2738e3dacfc2bf7fb8dab72c2b1886924b2af42474a2c336819ce6d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.4087993f942398d56511.css HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:10 GMT
content-type: text/css
content-length: 109237
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-1aab5"
expires: Sat, 27 Apr 2024 15:59:10 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/main.bcfddf515958c318bae6.js

45.64.52.116

200 OK

383 kB

URL GET HTTP/2
42.194.telegrcmc.com/main.bcfddf515958c318bae6.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size
383 kB (382665 bytes)
Hash
6c64bf843a757b3182f86021b4584267
0ac99edc6bf5c94961a61aea4c4ef38fc1e7fa37
96fc4ea1bec90c26a9bdbf53ced2d7e379c7c5bd478ffbcc100b16ef5b936617

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.bcfddf515958c318bae6.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:10 GMT
content-type: application/javascript
content-length: 382665
last-modified: Sun, 10 Mar 2024 09:34:26 GMT
etag: "65ed7ea2-5d6c9"
expires: Sat, 27 Apr 2024 15:59:10 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

t.me/_websync_?authed=0&version=10.4.5+A

149.154.167.99

24 B

URL GET
t.me/_websync_?authed=0&version=10.4.5+A
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.t.me
FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16
ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /_websync_?authed=0&version=10.4.5+A HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

telegram.me/_websync_?authed=0&version=10.4.5+A

149.154.167.99

24 B

URL GET
telegram.me/_websync_?authed=0&version=10.4.5+A
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.me
FingerprintCA:AA:65:FE:33:CD:9C:CC:BB:2D:14:C7:05:66:C5:F7:7C:8D:63:2E
ValidityWed, 20 Sep 2023 01:49:33 GMT - Mon, 21 Oct 2024 01:49:33 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /_websync_?authed=0&version=10.4.5+A HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

42.194.telegrcmc.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

45.64.52.116

200 OK

11 kB

URL GET HTTP/2
42.194.telegrcmc.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/main.4087993f942398d56511.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: font/woff2
content-length: 11016
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-2b08"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/1915.7c097c4f98f78164d509.js

45.64.52.116

200 OK

18 kB

URL GET HTTP/2
42.194.telegrcmc.com/1915.7c097c4f98f78164d509.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (18078)
Size
18 kB (18138 bytes)
Hash
da88a8550ef58d5fed48f5d54f88ee08
51fe5562057d56bfeda2d6bb6ed3ecb449cfd927
207f18121e4a48210dd0aff08d57b1fb9af346a17e38d57d60be15a7f5c733f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1915.7c097c4f98f78164d509.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 18138
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-46da"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/chat-bg-br.f34cc96fbfb048812820.png

45.64.52.116

200 OK

1.9 kB

URL GET HTTP/2
42.194.telegrcmc.com/chat-bg-br.f34cc96fbfb048812820.png
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced
Size
1.9 kB (1920 bytes)
Hash
ff2989744d4813c906047582226abd28
41b973276f7a99af05115b89b401aceb02f573c8
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/main.4087993f942398d56511.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: image/png
content-length: 1920
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-780"
expires: Mon, 27 May 2024 03:59:12 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/chat-bg-pattern-light.ee148af944f6580293ae.png

45.64.52.116

200 OK

273 kB

URL GET HTTP/2
42.194.telegrcmc.com/chat-bg-pattern-light.ee148af944f6580293ae.png
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
PNG image data, 1123 x 2307, 4-bit colormap, non-interlaced
Size
273 kB (272875 bytes)
Hash
3d558d8de7082a2b2355076c8988c3fd
d74980e29b0ec2f102b0dcd614503fd42a255b85
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/main.4087993f942398d56511.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: image/png
content-length: 272875
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-429eb"
expires: Mon, 27 May 2024 03:59:12 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2

45.64.52.116

200 OK

11 kB

URL GET HTTP/2
42.194.telegrcmc.com/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/main.4087993f942398d56511.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: font/woff2
content-length: 11056
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-2b30"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/6839.01a53cbedf5d86d252ec.js

45.64.52.116

200 OK

46 kB

URL GET HTTP/2
42.194.telegrcmc.com/6839.01a53cbedf5d86d252ec.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (45662)
Size
46 kB (45754 bytes)
Hash
2075f46f0950d8614b73045505b7aafc
34da1902bc42580deab249ac8ef5c4901d243a43
f693fccbb0f64594079d492db05d3bced69a6c6cab7514d4b78733570fd592a1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /6839.01a53cbedf5d86d252ec.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 45754
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-b2ba"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/3748.0fa60c5a44d4b42a0115.js

45.64.52.116

200 OK

9.8 kB

URL GET HTTP/2
42.194.telegrcmc.com/3748.0fa60c5a44d4b42a0115.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (9780)
Size
9.8 kB (9834 bytes)
Hash
02161e4617efa57e5c0ab5ae61300dcd
bc99b5da6161b06d78a7f88119cd45f2dd826fbe
46ff1f7377f83f6826433319f1a08efbebd39b4eef483c4924416a80df01a73c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3748.0fa60c5a44d4b42a0115.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 9834
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-266a"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/notification.mp3

45.64.52.116

206 Partial Content

11 kB

URL GET HTTP/2
42.194.telegrcmc.com/notification.mp3
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
Size
11 kB (10880 bytes)
Hash
eba09b6a457792c52fc610b5f9f974b3
95e6e0f7648e28ea21bc434054ea59aba3a35aea
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /notification.mp3 HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: audio/mpeg
content-length: 10880
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
etag: "65a99438-2a80"
strict-transport-security: max-age=31536000
content-range: bytes 0-10879/10880
X-Firefox-Spdy: h2

42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js

45.64.52.116

200 OK

556 kB

URL GET HTTP/2
42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
556 kB (556360 bytes)
Hash
562c98202f7f7745eec0141e5010ff6f
a8a736c0be8de6105661f14a03dc6f9e782260b8
a2329a4c48a539302f1a6566c983063ba7ea1980185562cac43ddf6cd04a8183

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8415.f3265a8085428f6feeb2.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 556360
last-modified: Thu, 21 Mar 2024 05:35:50 GMT
etag: "65fbc736-87d48"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2

45.64.52.116

200 OK

11 kB

URL GET HTTP/2
42.194.telegrcmc.com/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/main.4087993f942398d56511.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: font/woff2
content-length: 11056
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-2b30"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

45.64.52.116

200 OK

11 kB

URL GET HTTP/2
42.194.telegrcmc.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/main.4087993f942398d56511.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: font/woff2
content-length: 11016
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-2b08"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js

45.64.52.116

200 OK

10 kB

URL GET HTTP/2
42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (10206)
Size
10 kB (10260 bytes)
Hash
d96b12e394254b4db259f70bfc00576f
4fd81ec95104cf089b741d4173947e29c6a0432f
15356a2bffc180f7f43aea16f22b24cd3f44f88faac84703796eb4178ff0fe26

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4680.4c2ac3941aac89823979.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 10260
last-modified: Sun, 10 Mar 2024 09:34:26 GMT
etag: "65ed7ea2-2814"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js

45.64.52.116

200 OK

10 kB

URL GET HTTP/2
42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (10206)
Size
10 kB (10260 bytes)
Hash
d96b12e394254b4db259f70bfc00576f
4fd81ec95104cf089b741d4173947e29c6a0432f
15356a2bffc180f7f43aea16f22b24cd3f44f88faac84703796eb4178ff0fe26

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4680.4c2ac3941aac89823979.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 10260
last-modified: Sun, 10 Mar 2024 09:34:26 GMT
etag: "65ed7ea2-2814"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js

45.64.52.116

200 OK

10 kB

URL GET HTTP/2
42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (10206)
Size
10 kB (10260 bytes)
Hash
d96b12e394254b4db259f70bfc00576f
4fd81ec95104cf089b741d4173947e29c6a0432f
15356a2bffc180f7f43aea16f22b24cd3f44f88faac84703796eb4178ff0fe26

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4680.4c2ac3941aac89823979.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 10260
last-modified: Sun, 10 Mar 2024 09:34:26 GMT
etag: "65ed7ea2-2814"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js

45.64.52.116

200 OK

10 kB

URL GET HTTP/2
42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (10206)
Size
10 kB (10260 bytes)
Hash
d96b12e394254b4db259f70bfc00576f
4fd81ec95104cf089b741d4173947e29c6a0432f
15356a2bffc180f7f43aea16f22b24cd3f44f88faac84703796eb4178ff0fe26

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4680.4c2ac3941aac89823979.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:12 GMT
content-type: application/javascript
content-length: 10260
last-modified: Sun, 10 Mar 2024 09:34:26 GMT
etag: "65ed7ea2-2814"
expires: Sat, 27 Apr 2024 15:59:12 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js

45.64.52.116

200 OK

22 kB

URL GET HTTP/2
42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 21531
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-541b"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js

45.64.52.116

200 OK

22 kB

URL GET HTTP/2
42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 21531
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-541b"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js

45.64.52.116

200 OK

22 kB

URL GET HTTP/2
42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 21531
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-541b"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js

45.64.52.116

200 OK

22 kB

URL GET HTTP/2
42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 21531
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-541b"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js

45.64.52.116

200 OK

22 kB

URL GET HTTP/2
42.194.telegrcmc.com/5802.36a9971f58c808c4a974.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 21531
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-541b"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/8764.58763b7a689318950e51.js

45.64.52.116

200 OK

27 kB

URL GET HTTP/2
42.194.telegrcmc.com/8764.58763b7a689318950e51.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (27305)
Size
27 kB (27442 bytes)
Hash
0198d988a3400c6f4abdcd15352e954d
27b573f135096fc85ce78ddd2dae6071de71bcd5
b38c94050169465563c915a3ca347af2cbf5cb981995a5bc3bc88b5cfe017ba9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8764.58763b7a689318950e51.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 27442
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-6b32"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js

45.64.52.116

200 OK

140 kB

URL GET HTTP/2
42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 140234
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-223ca"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js

45.64.52.116

200 OK

140 kB

URL GET HTTP/2
42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 140234
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-223ca"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js

45.64.52.116

200 OK

140 kB

URL GET HTTP/2
42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 140234
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-223ca"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js

45.64.52.116

200 OK

140 kB

URL GET HTTP/2
42.194.telegrcmc.com/2041.5fe028b52e13d7a937b4.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 140234
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-223ca"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/1649.23ef32650e96d33d6586.js

45.64.52.116

200 OK

45 kB

URL GET HTTP/2
42.194.telegrcmc.com/1649.23ef32650e96d33d6586.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (44841)
Size
45 kB (44895 bytes)
Hash
d185f3823bb419e0227eb45b85facdca
b50068ba63e52fd9d71dbfa7cb42fe82a6f4af16
fbcc1367611f1d387d2b7340f92b66b4a0a5311742ec3d806d848692b98e78c9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1649.23ef32650e96d33d6586.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 44895
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-af5f"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

45.64.52.116

200 OK

66 kB

URL GET HTTP/2
42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 65630
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-1005e"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

45.64.52.116

200 OK

66 kB

URL GET HTTP/2
42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 65630
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-1005e"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

45.64.52.116

200 OK

66 kB

URL GET HTTP/2
42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 65630
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-1005e"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js

45.64.52.116

200 OK

66 kB

URL GET HTTP/2
42.194.telegrcmc.com/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:13 GMT
content-type: application/javascript
content-length: 65630
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
etag: "65ed60ac-1005e"
expires: Sat, 27 Apr 2024 15:59:13 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/rlottie-wasm.wasm

45.64.52.116

318 kB

URL
42.194.telegrcmc.com/rlottie-wasm.wasm
IP
45.64.52.116:0
ASN
#64050 BGPNET Global ASN

Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
WebAssembly (wasm) binary module version 0x1 (MVP)
Size
318 kB (317584 bytes)
Hash
ade36c82f1c7643da3ef1244ec008da5
19654576f8d08fee41f8dce3e8f21e61084b9589
f186efb3d724331c5d36813d3bbbe512630f9e199f4667f3c4aa43f3fec6cf14

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rlottie-wasm.wasm HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:14 GMT
content-type: application/octet-stream
content-length: 317584
last-modified: Fri, 08 Mar 2024 14:40:48 GMT
etag: "65eb2370-4d890"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/icon-192x192.png

45.64.52.116

200 OK

3.1 kB

URL GET HTTP/2
42.194.telegrcmc.com/icon-192x192.png
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Size
3.1 kB (3059 bytes)
Hash
1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /icon-192x192.png HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:14 GMT
content-type: image/png
content-length: 3059
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
etag: "65a99438-bf3"
expires: Mon, 27 May 2024 03:59:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/favicon.svg

45.64.52.116

200 OK

892 B

URL GET HTTP/2
42.194.telegrcmc.com/favicon.svg
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
SVG Scalable Vector Graphics image
Size
892 B (892 bytes)
Hash
d9ee2d4b0edd9f8ba2fb7242162c2c47
398522893cf2cdefb5176f11bc67eab31c2d7382
a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.svg HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:14 GMT
content-type: image/svg+xml
content-length: 892
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
etag: "65a99438-37c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

zws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
zws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://42.194.telegrcmc.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9g+8hy0hH2D2uQDEUFn2Vw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Sat, 27 Apr 2024 03:59:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mVkbvCWqaEHASTE4qSjkj7TXkP8=
Sec-WebSocket-Protocol: binary

42.194.telegrcmc.com/QrPlane.a921709f266564f65b7e.tgs

45.64.52.116

2.1 kB

URL
42.194.telegrcmc.com/QrPlane.a921709f266564f65b7e.tgs
IP
45.64.52.116:0
ASN
#64050 BGPNET Global ASN

Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
gzip compressed data, was "PlaneLogoPlain.json", last modified: Fri Dec 17 11:58:31 2021, from Unix
Size
2.1 kB (2101 bytes)
Hash
9fe5425a55be5cfd60c1ee5f2ca2c733
6055dbe3afe9575b921a9863534e91428a847021
486cbe566d05f023f3c72ec00b55f921deb1f7aed2efb630fe717425e2d98d0a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /QrPlane.a921709f266564f65b7e.tgs HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://42.194.telegrcmc.com/4680.4c2ac3941aac89823979.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:14 GMT
content-type: application/octet-stream
content-length: 2101
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-835"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/blank.8dd283bceccca95a48d8.png

45.64.52.116

200 OK

68 B

URL GET HTTP/2
42.194.telegrcmc.com/blank.8dd283bceccca95a48d8.png
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:17 GMT
content-type: image/png
content-length: 68
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-44"
expires: Mon, 27 May 2024 03:59:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/blank.8dd283bceccca95a48d8.png

45.64.52.116

200 OK

68 B

URL GET HTTP/2
42.194.telegrcmc.com/blank.8dd283bceccca95a48d8.png
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://42.194.telegrcmc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:17 GMT
content-type: image/png
content-length: 68
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-44"
expires: Mon, 27 May 2024 03:59:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

42.194.telegrcmc.com/blank.8dd283bceccca95a48d8.png

45.64.52.116

200 OK

68 B

URL GET HTTP/2
42.194.telegrcmc.com/blank.8dd283bceccca95a48d8.png
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://42.194.telegrcmc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:17 GMT
content-type: image/png
content-length: 68
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
etag: "65ec2788-44"
expires: Mon, 27 May 2024 03:59:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

zws2.web.telegram.org/apiws

149.154.167.99

101 Switching Protocols

0 B

URL GET HTTP/1.1
zws2.web.telegram.org/apiws
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://42.194.telegrcmc.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://42.194.telegrcmc.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9g+8hy0hH2D2uQDEUFn2Vw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Sat, 27 Apr 2024 03:59:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mVkbvCWqaEHASTE4qSjkj7TXkP8=
Sec-WebSocket-Protocol: binary

42.194.telegrcmc.com/system/tgdata/queryDeviceName

45.64.52.116

200 OK

49 B

URL GET HTTP/2
42.194.telegrcmc.com/system/tgdata/queryDeviceName
IP
45.64.52.116:443
ASN
#64050 BGPNET Global ASN

Requested by
https://42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
Certificate
IssuerLet's Encrypt
Subject*.telegrcmc.com
FingerprintE1:C1:D9:32:79:B3:5A:72:E4:A6:8B:CA:00:76:B5:54:66:64:94:74
ValidityMon, 18 Mar 2024 06:05:35 GMT - Sun, 16 Jun 2024 06:05:34 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with no line terminators
Size
49 B (49 bytes)
Hash
461e0c6c91131323847a3c2db59b0032
07eaaadefb9f23759afb67971f2d6de4272e33eb
c3aa7451d68034410585a1a33bc99f3ec1b973513a5cac25e278f6463f812b22

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /system/tgdata/queryDeviceName HTTP/1.1
Host: 42.194.telegrcmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42.194.telegrcmc.com/8415.f3265a8085428f6feeb2.js
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 03:59:14 GMT
content-type: application/json
x-cache: MISS
cache-control: no-cache
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (48)

URL User Request GET HTTP/2

IP

ASN

Certificate