Report - web-tg.pages.dev/

Report Overview

Submitted URL
web-tg.pages.dev/
IP
172.66.47.142
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 17:51:44
Access
public
Website Title
Telegram Web
Final URL
web-tg.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
144

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kws2.web.telegram.org	49675	2003-12-15	2021-06-23	2024-05-09	2.3 kB	872 B	149.154.167.99
web-tg.pages.dev	unknown	2020-09-02	2023-10-18	2024-04-14	10 kB	637 kB	172.66.47.142
venus.web.telegram.org	47739	2003-12-15	2017-01-29	2024-05-09	1.2 kB	1.6 kB	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram
2024-04-23	medium	web-tg.pages.dev/	Telegram

PhishTank

Scan Date	Severity	Indicator	Alert
2024-02-28	medium	web-tg.pages.dev/index-BeYJJEeR.css	Other
2024-02-28	medium	web-tg.pages.dev/crypto.worker-CfCshcpI.js	Other
2024-02-28	medium	web-tg.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry	Other
2024-02-28	medium	web-tg.pages.dev/	Other
2024-02-28	medium	web-tg.pages.dev/countries-CzeCvYH8.js	Other
2024-02-28	medium	web-tg.pages.dev/page-B5gB1Huq.js	Other
2024-02-28	medium	web-tg.pages.dev/pageSignQR-1FI3Fawx.js	Other
2024-02-28	medium	web-tg.pages.dev/lang-BCgOdnD3.js	Other
2024-02-28	medium	web-tg.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry	Other
2024-02-28	medium	web-tg.pages.dev/qr-code-styling-BqER1AUU.js	Other
2024-02-28	medium	web-tg.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2	Other
2024-02-28	medium	web-tg.pages.dev/qr-code-styling-BqER1AUU.js	Other
2024-02-28	medium	web-tg.pages.dev/langSign-CN-ja8rh.js	Other
2024-02-28	medium	web-tg.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2	Other
2024-02-28	medium	web-tg.pages.dev/button-CBz3tFXn.js	Other
2024-02-28	medium	web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js	Other
2024-02-28	medium	web-tg.pages.dev/assets/img/logo_padded.svg	Other
2024-02-28	medium	web-tg.pages.dev/index-Bs_pbBJq.js	Other
2024-02-28	medium	web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js	Other
2024-02-28	medium	web-tg.pages.dev/putPreloader-BpnKbxyo.js	Other
2024-02-28	medium	web-tg.pages.dev/putPreloader-BpnKbxyo.js	Other
2024-02-28	medium	web-tg.pages.dev/button-CBz3tFXn.js	Other
2024-02-28	medium	web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js	Other
2024-02-28	medium	web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed
2024-05-10	medium	web-tg.pages.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js	290 B	2024-03-27	2024-05-17
Pretty URL web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-05-17 20:46:40 Times Seen23 Hash bbbefd4e3c7c2ef2ae262565d6edf65e fbdb4413462ae109c237c5fc96e91212a27f9131 7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48 Loading...

	web-tg.pages.dev/langSign-CN-ja8rh.js	1.6 kB	2024-03-27	2024-05-20
Pretty URL web-tg.pages.dev/langSign-CN-ja8rh.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-05-20 21:07:25 Times Seen6 Hash 054003aa2409ae8f0e3e0544fb866703 76688a6f30f9b80feed14652886ab5f9ce90bb00 2b3cb7fcd5a7cba31f0932276d0673437bb4d8ba9fcfcc3602ec85ea60458ae4 Loading...

	web-tg.pages.dev/page-B5gB1Huq.js	10 kB	2024-05-10	2024-05-10
Pretty URL web-tg.pages.dev/page-B5gB1Huq.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-10 19:51:45 Last Seen2024-05-10 19:51:45 Times Seen2 Hash cadf3a357cd55b6c891d47deee8faabd bb8c327354f60a6c484fabf34bfb0e4a30108a09 a378e2549ad9efa791c068cf217fc433ada08343db82c733ab68fefd156d1494 Loading...

	web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js	357 B	2024-03-27	2024-05-20
Pretty URL web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-05-20 21:07:24 Times Seen40 Hash 3f6402acb182a218e34ebe26b03fcd23 2601dfbce5087a38142e34596e5b094c7760dc80 88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998 Loading...

	web-tg.pages.dev/button-CBz3tFXn.js	8.8 kB	2024-05-10	2024-05-10
Pretty URL web-tg.pages.dev/button-CBz3tFXn.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-10 19:51:45 Last Seen2024-05-10 19:51:45 Times Seen1 Hash f33a14a71f86d828a546a35b4cb025b6 bd127ee85da1bde1969c6e3a9dbb4ff6639e9abc 4fee7a7e918ed78bd6475d4ba6675c4f0cbeacec3cd0f2c6a03e8cb79e21db83 Loading...

	web-tg.pages.dev/putPreloader-BpnKbxyo.js	699 B	2024-05-10	2024-05-10
Pretty URL web-tg.pages.dev/putPreloader-BpnKbxyo.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-10 19:51:45 Last Seen2024-05-10 19:51:45 Times Seen1 Hash 5ee42e33c1ea53abc3cd07cef166759d 897890809d81200b8c57f080c456d285e283e601 5d15751cef461b1405c2ff87ee33649710e2bd3274af3ac734572125b34d87dd Loading...

	web-tg.pages.dev/pageSignQR-1FI3Fawx.js	5.7 kB	2024-05-10	2024-05-10
Pretty URL web-tg.pages.dev/pageSignQR-1FI3Fawx.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 19:51:45 Last Seen2024-05-10 19:51:45 Times Seen2 Hash acfcf62d609b34dc7549386875bbceca 0d7d91a10f579bdfc5b177998c0f57b6b0f0c975 14de96daf11b253b444c6b4118f3223992831369c168c67910a1941ad8f172db Loading...

	web-tg.pages.dev/qr-code-styling-BqER1AUU.js	66 kB	2024-03-27	2024-05-17
Pretty URL web-tg.pages.dev/qr-code-styling-BqER1AUU.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-05-17 20:46:40 Times Seen22 Hash fea56d870467eee7980f4cfe0485c514 c4ee632b8825e210c494d34209a4d118a2b221a2 3a096f8810bd6d74877f45109b2f177acc1a452dedca404611dae397597440c4 Loading...

	web-tg.pages.dev/index-Bs_pbBJq.js	135 kB	2024-05-10	2024-05-10
Pretty URL web-tg.pages.dev/index-Bs_pbBJq.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 19:51:45 Last Seen2024-05-10 19:51:45 Times Seen1 Hash e9a68458217d8d7b3f066d3d2ca90187 96b1cca9dc93fd2b933390216c2bf82e5b273a60 fb6ccdd2c8a3f8ee9e88a6b2e43da5141d60e64c405c8bdc4534072639c5f14e Loading...

	web-tg.pages.dev/countries-CzeCvYH8.js	24 kB	2024-03-27	2024-05-20
Pretty URL web-tg.pages.dev/countries-CzeCvYH8.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-05-20 21:07:24 Times Seen32 Hash 24d43ec6ffdef8fdf4310a4a8b65b206 8974a9f0f2a76920b5080c3f239fe21396e4ce73 6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae Loading...

	web-tg.pages.dev/lang-BCgOdnD3.js	122 kB	2024-05-10	2024-05-10
Pretty URL web-tg.pages.dev/lang-BCgOdnD3.js IP 172.66.47.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 19:51:45 Last Seen2024-05-10 19:51:45 Times Seen1 Hash 10d1415908d6f7831d9692bc4752f70e cba246f85ce5d1b84058f0d9b1a65339303dd0a0 becfa07848d99ade45754c1a7d103c3d3467108b2d75dccb59e9cfaf00c89dbb Loading...

HTTP Transactions (31)

URL IP Response Size

web-tg.pages.dev/index-BeYJJEeR.css

172.66.47.142

200 OK

94 kB

URL GET HTTP/3
web-tg.pages.dev/index-BeYJJEeR.css
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
94 kB (93861 bytes)
Hash
cbe0ea547486c7c28e825536273123a4
54e5ff7331ab01c72f6fa8c4be44003b6bd68026
e1235be76880b2b3bae59f8c48fa0f700a64a5a243a9b9ce63a18325faaa7372

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-BeYJJEeR.css HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cf049539e0e6d0ba0e0c71083d1235b1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJNsGmt8v0wtiWrqNYtau%2FXN%2BBLeXKhU6tXEa68fmefV3qdBj%2Bgu9zx8%2FW2b%2FYUttktcKZIwMpsFtfzm7hYDvVRznTk7MnShvy1%2FCA2iqRxzMwYBz%2F0A8fvgaf5jRENTl0jq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cc6c781bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/crypto.worker-CfCshcpI.js

172.66.47.142

200 OK

24 kB

URL GET HTTP/3
web-tg.pages.dev/crypto.worker-CfCshcpI.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (24533 bytes)
Hash
0efdde008dca467f870e5a41e96006d5
ebadf267c3d3eb15b3ef6d7d0a07dec87b95d0f5
db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /crypto.worker-CfCshcpI.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d6f179bfe351477010122956c4305e14"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WiuuVtNSX1U30FrOkrlbb14J1dYLjNlSGBId2YePrWjQASFxbjRQo9jQCmOQuXwfPbJZPlUc4jMKYERI7TDokB%2FQRQRFnbVfwT%2F%2FIqjG5eOMDtnSA8iHpLRHQsTB4ZIEG6Z%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6ce7ef51bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry

172.66.47.142

200 OK

9.0 kB

URL GET HTTP/3
web-tg.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (9024 bytes)
Hash
87fecdadac0beb95f9b7c87b3b3236f0
822f92446c0033a32462aa21208efaef1f0d8c3c
25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: image/png
content-length: 9024
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c35bd3231a46b7b8c79b2578bdec4987"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UpLHr8mvGY2oZjrpQ2bwZP4eNXFm8gR1mVNfDM3aaPz0ceQ2N%2BcX2fwBWymhQekFHCIIWZSOdTgkexaZAPTlKwi1imObhzdTb4TOYYVthFYvehxTZovDcDG2TCrxuslJmpW2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cfe87d1bfe-OSL
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/

172.66.47.142

200 OK

5.9 kB

URL User Request GET HTTP/2
web-tg.pages.dev/
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
HTML document, ASCII text, with very long lines (1757)
Size
5.9 kB (5889 bytes)
Hash
f3ea1edb7850b34e7255a4afb36aa0da
e99ca8a54270484e082831b7aaa253cb3238abb6
7594f94e9b268bd1e4975c0d13f03cb334cc0ac9ab2eabbd4818039b999aa73f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"26f8260ebebc4f905bf8b19778c01f49"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qGRE0UNdRm86vri2LiWy97%2F2T50CmJKCSPNhT398YI1%2BNU0%2BlAL2Ryne%2BQW3Ob5z79lRD4wFUdfiVmFmpvKnNt1pk%2FTGhSISIXAUCjvMI2ajR2sNAOhFqT9DhHcsXEYuOPQJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6ca4d1456c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

web-tg.pages.dev/countries-CzeCvYH8.js

172.66.47.142

200 OK

33 kB

URL GET HTTP/3
web-tg.pages.dev/countries-CzeCvYH8.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
Unicode text, UTF-8 text, with very long lines (24043)
Size
33 kB (32680 bytes)
Hash
24d43ec6ffdef8fdf4310a4a8b65b206
8974a9f0f2a76920b5080c3f239fe21396e4ce73
6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /countries-CzeCvYH8.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/index-Bs_pbBJq.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"91c809dad43a47e6b5a4a68bc3011245"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHQf4xIFJWdRmF8mdrezzMSbYglYecOf5gHts01c%2BHXlxnKQNaiBpnQodOS2hsPnzBc7bSZfDet2fOw0KlnV6nvCTicBp%2BlXB15torTIJdoSlp5tMcuVgFt%2FjJI8jXma64y7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cecf4c1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
Content-Length: 0
Origin: https://web-tg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Fri, 10 May 2024 17:51:19 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
Content-Length: 0
Origin: https://web-tg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Fri, 10 May 2024 17:51:19 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yitiX4OR1fuP1NVit8PfHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6FGFMF6o4ytdXIuQj7fme7u+ATQ=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: e/kwti2c5oQVDi2OjEtbcg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: w53n6Pd0Lxc95q3896c726wkwhI=
Sec-WebSocket-Protocol: binary

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
Content-Length: 0
Origin: https://web-tg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Fri, 10 May 2024 17:51:19 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W7wR7hEfuF3UyFYL5//bCw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qWCOXI327Sl8yEN0o2LcE4uLUUE=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: M5frfrRJkJVjN4jdtpxpbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FPte2RNoOjSYXU9u9T/58AIti8Y=
Sec-WebSocket-Protocol: binary

web-tg.pages.dev/page-B5gB1Huq.js

172.66.47.142

200 OK

9.8 kB

URL GET HTTP/3
web-tg.pages.dev/page-B5gB1Huq.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (10306)
Size
9.8 kB (9847 bytes)
Hash
cadf3a357cd55b6c891d47deee8faabd
bb8c327354f60a6c484fabf34bfb0e4a30108a09
a378e2549ad9efa791c068cf217fc433ada08343db82c733ab68fefd156d1494

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /page-B5gB1Huq.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"20babd1e456c5302792dc948a4423517"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55F8OZEVbwss0blCrDgEKyLEkMFgoE4G4poFjiz5%2FeLrYJ%2F%2Fr14GoPetkZS4nMPeqJLPB7LR1E5%2FmOJvjH6KwmqLNMfrW2p2xCG8xjWPXvfjmOZsHUx3dSLrPRRlJ5S9TCJv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d94f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/pageSignQR-1FI3Fawx.js

172.66.47.142

200 OK

7.1 kB

URL GET HTTP/3
web-tg.pages.dev/pageSignQR-1FI3Fawx.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
Java source, ASCII text, with very long lines (5017)
Size
7.1 kB (7073 bytes)
Hash
acfcf62d609b34dc7549386875bbceca
0d7d91a10f579bdfc5b177998c0f57b6b0f0c975
14de96daf11b253b444c6b4118f3223992831369c168c67910a1941ad8f172db

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pageSignQR-1FI3Fawx.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"aedd2f24b98a72f0ee06af604633eff4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z9cMRJb2%2B9pOKFFtaWWvYd4IzZtElAUS%2BWZZwyiswUI7HiuC6e265TMbq4X2yFMtHVBsb0%2FPxtCMtBMiThpWFmFECXIk4RwQt1Ei3%2F1Vrt62sUKpQQeUyM8dE0f1J9Wo2Jqg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0189d1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/lang-BCgOdnD3.js

172.66.47.142

200 OK

122 kB

URL GET HTTP/3
web-tg.pages.dev/lang-BCgOdnD3.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type

Size
122 kB (122358 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lang-BCgOdnD3.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/index-Bs_pbBJq.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"172bac12020a8bebd8fa420f385c043c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iZutWMhsURcMavgawT2pXP4rIRy742kjnpn2CCcmMRtP8SCHdKgYE0PDFcL9T07g2JHGFb9OHOtSJ3Mtc2ohQRHHM9gMP%2BmdnVrpV7Xdlbi06AcJJ6FCrpa4M7Qzr6ZCiAfk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cecf4a1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry

172.66.47.142

200 OK

1.0 kB

URL GET HTTP/3
web-tg.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.0 kB (1012 bytes)
Hash
e3ce05eb00b3215df220efaf0fd06e21
d1533966f79dc2984c34317035f31cf3c91298c9
0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: image/png
content-length: 1012
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "164bab244d543d9719126be57e7b82f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vy2pIb6GRAdqs0EFThxEXbQtoe8MRa3uHqwn7geu4VUZCok6a3NaZFtCkh5Jbkkn9t7Vz06CF%2FwVdqyu70lVZmgyNuIUxK5sfPzVdw%2B3EdpE2ZQZxpOMwsbZV%2Fg0M4K7VBsi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cfe87f1bfe-OSL
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/qr-code-styling-BqER1AUU.js

172.66.47.142

200 OK

66 kB

URL GET HTTP/3
web-tg.pages.dev/qr-code-styling-BqER1AUU.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type

Size
66 kB (66132 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cf51fa55ae65eb638c2cc9bbdadb9f55"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cu125PB1xwbDDlbmaaQikokrD41Ffo28Ob1zLKjtHSV58qKRxD29oIgyNCckepSBzuSWUarsqZyUFQeyuQg2gy5rIMwREbMEDNgrpMnwAiC07ubMTPEdesZAWQ48IWd7wLZz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d1399f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

172.66.47.142

200 OK

11 kB

URL GET HTTP/3
web-tg.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web-tg.pages.dev/index-BeYJJEeR.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M4fcRKfJEl3E%2BnVOFzO%2ButO5SZSmxlm32%2BvdBWNvk5x5EjS%2FZ9%2BoTMi7JLLKiy4z4E%2FMgg1eWK6NEePjbcDmYPskdks8TlrWHZ7ymS6TwbkzyQeIv32lkJeA9hCSuOH4u4mN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d22a851bfe-OSL
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/qr-code-styling-BqER1AUU.js

172.66.47.142

200 OK

66 kB

URL GET HTTP/3
web-tg.pages.dev/qr-code-styling-BqER1AUU.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type

Size
66 kB (66132 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cf51fa55ae65eb638c2cc9bbdadb9f55"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujFKUHnQKoL1digisskUgr0CWvrAN%2FYWJYtdT0FljjfZ%2BCKO9i6mvsw2DFRxJY9wlObeuFN%2FH2d3VjYc%2BKtMLBCJyt8MQHS3B4QpE4MK0gj50wnMoMBUo%2F9YhewnY9Cky7vE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d129971bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/langSign-CN-ja8rh.js

172.66.47.142

200 OK

1.6 kB

URL GET HTTP/3
web-tg.pages.dev/langSign-CN-ja8rh.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (1751), with no line terminators
Size
1.6 kB (1646 bytes)
Hash
1ce4deece7f2ffb2cdbc5e5b609e3271
7dff9070112715314c61bb9a682d6885ff12be83
6f66f5c3cfa9d140bb6471d900cd7ad76b924f2ae6b635807df0825f14524e52

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /langSign-CN-ja8rh.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/index-Bs_pbBJq.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a296d7a5b452c0bd43052c7947c4ee95"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2Ft8rBruKU8ervwXrYCiLy9wrOPKMcrk5EupzKpEfei5T4MCX%2F2vsFxIATA91YZfzV26LP%2BxKOPMGhruj772T%2FxW6x03uVaWK6eOqBVIJpXiXd6933vFXFs7CqlplC2PAZ3m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cecf4b1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

172.66.47.142

200 OK

11 kB

URL GET HTTP/3
web-tg.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web-tg.pages.dev/index-BeYJJEeR.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qM5L13gTeL07hLVmZin8VQ1KFw5CVw9f82XdYob%2Btve%2BeXA%2BgPqBXjDXjgOCkcRnBu39R2yZmgz62lzLiKBAc38Gc9%2FoIoajpXgbTzBzyZYLzFkche%2FZZMAjuuwoqi209XD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6ce6ede1bfe-OSL
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/button-CBz3tFXn.js

172.66.47.142

200 OK

8.8 kB

URL GET HTTP/3
web-tg.pages.dev/button-CBz3tFXn.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (9521), with no line terminators
Size
8.8 kB (8793 bytes)
Hash
0934fc0709e3f0153bf544eae4b6e91d
66b32839d8f23c8a5e3fdea14caa6320f1574af6
59c50829e2cb68252a68cb9041c1fad8c9a63f26f5eff9112c4cd439d0895937

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /button-CBz3tFXn.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c637e966f7f255b26ac0875090f6b02a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4xsLA3jFH%2B8e73yu%2Bfskwm%2BTsfUlvWhZFp71UH88aVBQ%2BFSh6h0xdJJNIXd2hsnEh8kqFqDHMJQDnryo7dto64MHmHbnZuux3JvBQcHONfuVLY%2F4uwgeIpj4sjHCJOTUbn1H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d028a11bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js

172.66.47.142

200 OK

357 B

URL GET HTTP/3
web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (361), with no line terminators
Size
357 B (357 bytes)
Hash
31ad5f62e0cdff78fe300dce737cb419
16dcb2d419bc06f8cb8ff3dfb2f21f5bfe27ed28
659fe74289a8b92ce28c03eb6a76ec03d3f3276d58a4cf2234f80afa200d2544

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9018abc419b3eb734b33499c2e203016"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zCz%2FPGBI2eEZHDldNRbot8EZrxeOTbn52OZr6nf141QfR5ZCivIAn%2BePmoJfUShIcxEb3IJAhXoUmVj1Szr%2B02gEbLaAga%2BmGrnxKrBWJ5hJSkZcivl2jqe88FSPsgGlhSRM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d9521bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/assets/img/logo_padded.svg

172.66.47.142

200 OK

1.1 kB

URL GET HTTP/3
web-tg.pages.dev/assets/img/logo_padded.svg
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1069 bytes)
Hash
4c0b48654a4881c325148a5e00964160
d7d21756c9dd4c1bf4d97087811745aad60506a0
7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/logo_padded.svg HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:21 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ddc17b460f3542cd68305d2c727dab6c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rPQBUwNevr0QKGRlYUCNng0a5%2FzNOY3DjUgWRe9ZVXRNhXvg8j6FYa%2BczG6fs2BYAZPKs9Hi6R4YWKav1Ur2uYTWCoRdyGDDUj6QTJ4IEa4IvLrEooh45ksj6CHYSQeiiIMA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6dfbda71bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/index-Bs_pbBJq.js

172.66.47.142

200 OK

135 kB

URL GET HTTP/3
web-tg.pages.dev/index-Bs_pbBJq.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type

Size
135 kB (135002 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-Bs_pbBJq.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"784b2307b42a31823810e9ca7f83ca81"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tsf0bMX4LxvCyBAcahVeAraaVqdrYwj36rpw9xNzG6uYrlHZEkh%2BUyolDOfX1LLrXpCqJvCjleg772hV7UVotYM7GZlilqBvMNcoNB4qEvJFVUwHVRmHjWg%2B1Mob84WoaPwX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cc6c761bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js

172.66.47.142

200 OK

357 B

URL GET HTTP/3
web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (361), with no line terminators
Size
357 B (357 bytes)
Hash
31ad5f62e0cdff78fe300dce737cb419
16dcb2d419bc06f8cb8ff3dfb2f21f5bfe27ed28
659fe74289a8b92ce28c03eb6a76ec03d3f3276d58a4cf2234f80afa200d2544

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9018abc419b3eb734b33499c2e203016"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adwiIbKfo67ZJAPZ4PSJis%2BxGzNqLcd%2FHLEaw%2BtFMYygGG0AJ3zp7Qo2AGhjWnJI6mYpB8fjHnFHzAIQ25eXIs8c16185eNjzUBxcSJ4w48FgbtbzqTtcQu7LMRkrQmhS4xE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d028af1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/putPreloader-BpnKbxyo.js

172.66.47.142

200 OK

699 B

URL GET HTTP/3
web-tg.pages.dev/putPreloader-BpnKbxyo.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
2d08a01eaa5adbede74a74ccf17ad723
0d6a5d30b5cde1062465da72f05a0977717ec0e3
9ed78994d5cb475d51f35359eb9604f8027d32912b25b3a6b07b8c1b92619417

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-BpnKbxyo.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"83afe69c318c786142743fdb4cb3c282"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KhGFrHCTVsUHQvFpp7TG5sPuTMhd4aJbqglNJSqDH8wfKtpJj03e52aDzRTYW205fX4PCD%2F6pPs759MuwntuU%2Bd5uiB54nWcfIPsN5I%2F%2Fv%2Bgcgs3VJvvLmPWeqrtizH6DarV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d028a91bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/putPreloader-BpnKbxyo.js

172.66.47.142

200 OK

699 B

URL GET HTTP/3
web-tg.pages.dev/putPreloader-BpnKbxyo.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
2d08a01eaa5adbede74a74ccf17ad723
0d6a5d30b5cde1062465da72f05a0977717ec0e3
9ed78994d5cb475d51f35359eb9604f8027d32912b25b3a6b07b8c1b92619417

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-BpnKbxyo.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"83afe69c318c786142743fdb4cb3c282"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWQLPWlKwfDys0ePPu7MQHj58ssevCnxIxBKm2xPvItP87YbW1YJ4Evqo%2BIkdYzdts53S%2F0hWvgNLzcncjhuUt%2BbGd28yQwVPWqiNNTGZ2Hmo4BY7GvxMbi7nu73a8BVIZzw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d9511bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/button-CBz3tFXn.js

172.66.47.142

200 OK

8.8 kB

URL GET HTTP/3
web-tg.pages.dev/button-CBz3tFXn.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (9521), with no line terminators
Size
8.8 kB (8793 bytes)
Hash
0934fc0709e3f0153bf544eae4b6e91d
66b32839d8f23c8a5e3fdea14caa6320f1574af6
59c50829e2cb68252a68cb9041c1fad8c9a63f26f5eff9112c4cd439d0895937

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /button-CBz3tFXn.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c637e966f7f255b26ac0875090f6b02a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3I91WE7o7V5zF3S0FDdkbT71O62bPZhnJBcY6td2i8rzj6BwxbzKXXTOdITywrXDt03%2FpjgRlHN4M9JTU2aowXkBeTSIRn5PJpr%2FlxterkbGQreFJnq3SoNS07DhwcqGPPhX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d9501bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js

172.66.47.142

200 OK

290 B

URL GET HTTP/3
web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (302), with no line terminators
Size
290 B (290 bytes)
Hash
2f62150f51e1c96c4a1f8fa5d6c72c2a
d9529066ad04e0b66323fa0e7f12133bbc6940a4
e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cee3ad1e2fde417708607f4f2d1b1b8c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4q52OuY3DO4dMLsHoJRt9KS6oIqbdtyZQjpqXyTKR5yfT3tu%2F%2BgOa0Q2M9RvdrQVpRn0jWJFZoM0OJzCSW%2BmCmmVsCVFKCXoAN8aIWQ%2FLuvxmb1LJSuAQx7t29IMmmdQXAyE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d129981bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js

172.66.47.142

200 OK

290 B

URL GET HTTP/3
web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js
IP
172.66.47.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web-tg.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb-tg.pages.dev
Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97
ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT

File type
ASCII text, with very long lines (302), with no line terminators
Size
290 B (290 bytes)
Hash
2f62150f51e1c96c4a1f8fa5d6c72c2a
d9529066ad04e0b66323fa0e7f12133bbc6940a4
e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/qr-code-styling-BqER1AUU.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cee3ad1e2fde417708607f4f2d1b1b8c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Elsf4LO9BT9VRCeD2UjNQf9MBgakTaQxw5ZiN1B5akomxL80bOY1cuE%2Boi4p%2BL6DL4vZg92e6BEhGfEGYMAwXthI%2FmyoPgZKXmOQ6wAwdQr4IbWQEPLpCG6pdFSH3bl4iNAZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d1ea561bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML