| web-tg.pages.dev/index-BeYJJEeR.css | 172.66.47.142 | 200 OK | 94 kB |
URL GET HTTP/3web-tg.pages.dev/index-BeYJJEeR.css IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashcbe0ea547486c7c28e825536273123a4 54e5ff7331ab01c72f6fa8c4be44003b6bd68026 e1235be76880b2b3bae59f8c48fa0f700a64a5a243a9b9ce63a18325faaa7372
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /index-BeYJJEeR.css HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cf049539e0e6d0ba0e0c71083d1235b1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJNsGmt8v0wtiWrqNYtau%2FXN%2BBLeXKhU6tXEa68fmefV3qdBj%2Bgu9zx8%2FW2b%2FYUttktcKZIwMpsFtfzm7hYDvVRznTk7MnShvy1%2FCA2iqRxzMwYBz%2F0A8fvgaf5jRENTl0jq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cc6c781bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/crypto.worker-CfCshcpI.js | 172.66.47.142 | 200 OK | 24 kB |
URL GET HTTP/3web-tg.pages.dev/crypto.worker-CfCshcpI.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash0efdde008dca467f870e5a41e96006d5 ebadf267c3d3eb15b3ef6d7d0a07dec87b95d0f5 db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /crypto.worker-CfCshcpI.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d6f179bfe351477010122956c4305e14"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WiuuVtNSX1U30FrOkrlbb14J1dYLjNlSGBId2YePrWjQASFxbjRQo9jQCmOQuXwfPbJZPlUc4jMKYERI7TDokB%2FQRQRFnbVfwT%2F%2FIqjG5eOMDtnSA8iHpLRHQsTB4ZIEG6Z%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6ce7ef51bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 172.66.47.142 | 200 OK | 9.0 kB |
URL GET HTTP/3web-tg.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: image/png
content-length: 9024
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c35bd3231a46b7b8c79b2578bdec4987"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UpLHr8mvGY2oZjrpQ2bwZP4eNXFm8gR1mVNfDM3aaPz0ceQ2N%2BcX2fwBWymhQekFHCIIWZSOdTgkexaZAPTlKwi1imObhzdTb4TOYYVthFYvehxTZovDcDG2TCrxuslJmpW2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cfe87d1bfe-OSL
alt-svc: h3=":443"; ma=86400
|
|
| | 172.66.47.142 | 200 OK | 5.9 kB |
URL User Request GET HTTP/2IP172.66.47.142:443
CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeHTML document, ASCII text, with very long lines (1757) Hashf3ea1edb7850b34e7255a4afb36aa0da e99ca8a54270484e082831b7aaa253cb3238abb6 7594f94e9b268bd1e4975c0d13f03cb334cc0ac9ab2eabbd4818039b999aa73f
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"26f8260ebebc4f905bf8b19778c01f49"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qGRE0UNdRm86vri2LiWy97%2F2T50CmJKCSPNhT398YI1%2BNU0%2BlAL2Ryne%2BQW3Ob5z79lRD4wFUdfiVmFmpvKnNt1pk%2FTGhSISIXAUCjvMI2ajR2sNAOhFqT9DhHcsXEYuOPQJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6ca4d1456c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| web-tg.pages.dev/countries-CzeCvYH8.js | 172.66.47.142 | 200 OK | 33 kB |
URL GET HTTP/3web-tg.pages.dev/countries-CzeCvYH8.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeUnicode text, UTF-8 text, with very long lines (24043) Hash24d43ec6ffdef8fdf4310a4a8b65b206 8974a9f0f2a76920b5080c3f239fe21396e4ce73 6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /countries-CzeCvYH8.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/index-Bs_pbBJq.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"91c809dad43a47e6b5a4a68bc3011245"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHQf4xIFJWdRmF8mdrezzMSbYglYecOf5gHts01c%2BHXlxnKQNaiBpnQodOS2hsPnzBc7bSZfDet2fOw0KlnV6nvCTicBp%2BlXB15torTIJdoSlp5tMcuVgFt%2FjJI8jXma64y7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cecf4c1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
Content-Length: 0
Origin: https://web-tg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Fri, 10 May 2024 17:51:19 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
Content-Length: 0
Origin: https://web-tg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Fri, 10 May 2024 17:51:19 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yitiX4OR1fuP1NVit8PfHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6FGFMF6o4ytdXIuQj7fme7u+ATQ=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: e/kwti2c5oQVDi2OjEtbcg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: w53n6Pd0Lxc95q3896c726wkwhI=
Sec-WebSocket-Protocol: binary
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
Content-Length: 0
Origin: https://web-tg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Fri, 10 May 2024 17:51:19 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W7wR7hEfuF3UyFYL5//bCw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qWCOXI327Sl8yEN0o2LcE4uLUUE=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web-tg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: M5frfrRJkJVjN4jdtpxpbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Fri, 10 May 2024 17:51:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FPte2RNoOjSYXU9u9T/58AIti8Y=
Sec-WebSocket-Protocol: binary
|
|
| web-tg.pages.dev/page-B5gB1Huq.js | 172.66.47.142 | 200 OK | 9.8 kB |
URL GET HTTP/3web-tg.pages.dev/page-B5gB1Huq.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (10306) Hashcadf3a357cd55b6c891d47deee8faabd bb8c327354f60a6c484fabf34bfb0e4a30108a09 a378e2549ad9efa791c068cf217fc433ada08343db82c733ab68fefd156d1494
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /page-B5gB1Huq.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"20babd1e456c5302792dc948a4423517"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55F8OZEVbwss0blCrDgEKyLEkMFgoE4G4poFjiz5%2FeLrYJ%2F%2Fr14GoPetkZS4nMPeqJLPB7LR1E5%2FmOJvjH6KwmqLNMfrW2p2xCG8xjWPXvfjmOZsHUx3dSLrPRRlJ5S9TCJv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d94f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/pageSignQR-1FI3Fawx.js | 172.66.47.142 | 200 OK | 7.1 kB |
URL GET HTTP/3web-tg.pages.dev/pageSignQR-1FI3Fawx.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeJava source, ASCII text, with very long lines (5017) Hashacfcf62d609b34dc7549386875bbceca 0d7d91a10f579bdfc5b177998c0f57b6b0f0c975 14de96daf11b253b444c6b4118f3223992831369c168c67910a1941ad8f172db
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-1FI3Fawx.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"aedd2f24b98a72f0ee06af604633eff4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z9cMRJb2%2B9pOKFFtaWWvYd4IzZtElAUS%2BWZZwyiswUI7HiuC6e265TMbq4X2yFMtHVBsb0%2FPxtCMtBMiThpWFmFECXIk4RwQt1Ei3%2F1Vrt62sUKpQQeUyM8dE0f1J9Wo2Jqg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0189d1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/lang-BCgOdnD3.js | 172.66.47.142 | 200 OK | 122 kB |
URL GET HTTP/3web-tg.pages.dev/lang-BCgOdnD3.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
Size122 kB (122358 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /lang-BCgOdnD3.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/index-Bs_pbBJq.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"172bac12020a8bebd8fa420f385c043c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iZutWMhsURcMavgawT2pXP4rIRy742kjnpn2CCcmMRtP8SCHdKgYE0PDFcL9T07g2JHGFb9OHOtSJ3Mtc2ohQRHHM9gMP%2BmdnVrpV7Xdlbi06AcJJ6FCrpa4M7Qzr6ZCiAfk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cecf4a1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry | 172.66.47.142 | 200 OK | 1.0 kB |
URL GET HTTP/3web-tg.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: image/png
content-length: 1012
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "164bab244d543d9719126be57e7b82f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vy2pIb6GRAdqs0EFThxEXbQtoe8MRa3uHqwn7geu4VUZCok6a3NaZFtCkh5Jbkkn9t7Vz06CF%2FwVdqyu70lVZmgyNuIUxK5sfPzVdw%2B3EdpE2ZQZxpOMwsbZV%2Fg0M4K7VBsi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cfe87f1bfe-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/qr-code-styling-BqER1AUU.js | 172.66.47.142 | 200 OK | 66 kB |
URL GET HTTP/3web-tg.pages.dev/qr-code-styling-BqER1AUU.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cf51fa55ae65eb638c2cc9bbdadb9f55"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cu125PB1xwbDDlbmaaQikokrD41Ffo28Ob1zLKjtHSV58qKRxD29oIgyNCckepSBzuSWUarsqZyUFQeyuQg2gy5rIMwREbMEDNgrpMnwAiC07ubMTPEdesZAWQ48IWd7wLZz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d1399f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 172.66.47.142 | 200 OK | 11 kB |
URL GET HTTP/3web-tg.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web-tg.pages.dev/index-BeYJJEeR.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M4fcRKfJEl3E%2BnVOFzO%2ButO5SZSmxlm32%2BvdBWNvk5x5EjS%2FZ9%2BoTMi7JLLKiy4z4E%2FMgg1eWK6NEePjbcDmYPskdks8TlrWHZ7ymS6TwbkzyQeIv32lkJeA9hCSuOH4u4mN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d22a851bfe-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/qr-code-styling-BqER1AUU.js | 172.66.47.142 | 200 OK | 66 kB |
URL GET HTTP/3web-tg.pages.dev/qr-code-styling-BqER1AUU.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cf51fa55ae65eb638c2cc9bbdadb9f55"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujFKUHnQKoL1digisskUgr0CWvrAN%2FYWJYtdT0FljjfZ%2BCKO9i6mvsw2DFRxJY9wlObeuFN%2FH2d3VjYc%2BKtMLBCJyt8MQHS3B4QpE4MK0gj50wnMoMBUo%2F9YhewnY9Cky7vE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d129971bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/langSign-CN-ja8rh.js | 172.66.47.142 | 200 OK | 1.6 kB |
URL GET HTTP/3web-tg.pages.dev/langSign-CN-ja8rh.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (1751), with no line terminators Hash1ce4deece7f2ffb2cdbc5e5b609e3271 7dff9070112715314c61bb9a682d6885ff12be83 6f66f5c3cfa9d140bb6471d900cd7ad76b924f2ae6b635807df0825f14524e52
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /langSign-CN-ja8rh.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/index-Bs_pbBJq.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a296d7a5b452c0bd43052c7947c4ee95"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2Ft8rBruKU8ervwXrYCiLy9wrOPKMcrk5EupzKpEfei5T4MCX%2F2vsFxIATA91YZfzV26LP%2BxKOPMGhruj772T%2FxW6x03uVaWK6eOqBVIJpXiXd6933vFXFs7CqlplC2PAZ3m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cecf4b1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 172.66.47.142 | 200 OK | 11 kB |
URL GET HTTP/3web-tg.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web-tg.pages.dev/index-BeYJJEeR.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qM5L13gTeL07hLVmZin8VQ1KFw5CVw9f82XdYob%2Btve%2BeXA%2BgPqBXjDXjgOCkcRnBu39R2yZmgz62lzLiKBAc38Gc9%2FoIoajpXgbTzBzyZYLzFkche%2FZZMAjuuwoqi209XD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6ce6ede1bfe-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/button-CBz3tFXn.js | 172.66.47.142 | 200 OK | 8.8 kB |
URL GET HTTP/3web-tg.pages.dev/button-CBz3tFXn.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hash0934fc0709e3f0153bf544eae4b6e91d 66b32839d8f23c8a5e3fdea14caa6320f1574af6 59c50829e2cb68252a68cb9041c1fad8c9a63f26f5eff9112c4cd439d0895937
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /button-CBz3tFXn.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c637e966f7f255b26ac0875090f6b02a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4xsLA3jFH%2B8e73yu%2Bfskwm%2BTsfUlvWhZFp71UH88aVBQ%2BFSh6h0xdJJNIXd2hsnEh8kqFqDHMJQDnryo7dto64MHmHbnZuux3JvBQcHONfuVLY%2F4uwgeIpj4sjHCJOTUbn1H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d028a11bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js | 172.66.47.142 | 200 OK | 357 B |
URL GET HTTP/3web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (361), with no line terminators Hash31ad5f62e0cdff78fe300dce737cb419 16dcb2d419bc06f8cb8ff3dfb2f21f5bfe27ed28 659fe74289a8b92ce28c03eb6a76ec03d3f3276d58a4cf2234f80afa200d2544
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9018abc419b3eb734b33499c2e203016"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zCz%2FPGBI2eEZHDldNRbot8EZrxeOTbn52OZr6nf141QfR5ZCivIAn%2BePmoJfUShIcxEb3IJAhXoUmVj1Szr%2B02gEbLaAga%2BmGrnxKrBWJ5hJSkZcivl2jqe88FSPsgGlhSRM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d9521bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/assets/img/logo_padded.svg | 172.66.47.142 | 200 OK | 1.1 kB |
URL GET HTTP/3web-tg.pages.dev/assets/img/logo_padded.svg IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeSVG Scalable Vector Graphics image Hash4c0b48654a4881c325148a5e00964160 d7d21756c9dd4c1bf4d97087811745aad60506a0 7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/logo_padded.svg HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:21 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ddc17b460f3542cd68305d2c727dab6c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rPQBUwNevr0QKGRlYUCNng0a5%2FzNOY3DjUgWRe9ZVXRNhXvg8j6FYa%2BczG6fs2BYAZPKs9Hi6R4YWKav1Ur2uYTWCoRdyGDDUj6QTJ4IEa4IvLrEooh45ksj6CHYSQeiiIMA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6dfbda71bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/index-Bs_pbBJq.js | 172.66.47.142 | 200 OK | 135 kB |
URL GET HTTP/3web-tg.pages.dev/index-Bs_pbBJq.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
Size135 kB (135002 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /index-Bs_pbBJq.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:18 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"784b2307b42a31823810e9ca7f83ca81"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tsf0bMX4LxvCyBAcahVeAraaVqdrYwj36rpw9xNzG6uYrlHZEkh%2BUyolDOfX1LLrXpCqJvCjleg772hV7UVotYM7GZlilqBvMNcoNB4qEvJFVUwHVRmHjWg%2B1Mob84WoaPwX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6cc6c761bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js | 172.66.47.142 | 200 OK | 357 B |
URL GET HTTP/3web-tg.pages.dev/textToSvgURL-Cnw_Q8Rw.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (361), with no line terminators Hash31ad5f62e0cdff78fe300dce737cb419 16dcb2d419bc06f8cb8ff3dfb2f21f5bfe27ed28 659fe74289a8b92ce28c03eb6a76ec03d3f3276d58a4cf2234f80afa200d2544
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9018abc419b3eb734b33499c2e203016"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adwiIbKfo67ZJAPZ4PSJis%2BxGzNqLcd%2FHLEaw%2BtFMYygGG0AJ3zp7Qo2AGhjWnJI6mYpB8fjHnFHzAIQ25eXIs8c16185eNjzUBxcSJ4w48FgbtbzqTtcQu7LMRkrQmhS4xE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d028af1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/putPreloader-BpnKbxyo.js | 172.66.47.142 | 200 OK | 699 B |
URL GET HTTP/3web-tg.pages.dev/putPreloader-BpnKbxyo.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash2d08a01eaa5adbede74a74ccf17ad723 0d6a5d30b5cde1062465da72f05a0977717ec0e3 9ed78994d5cb475d51f35359eb9604f8027d32912b25b3a6b07b8c1b92619417
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-BpnKbxyo.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"83afe69c318c786142743fdb4cb3c282"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KhGFrHCTVsUHQvFpp7TG5sPuTMhd4aJbqglNJSqDH8wfKtpJj03e52aDzRTYW205fX4PCD%2F6pPs759MuwntuU%2Bd5uiB54nWcfIPsN5I%2F%2Fv%2Bgcgs3VJvvLmPWeqrtizH6DarV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d028a91bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/putPreloader-BpnKbxyo.js | 172.66.47.142 | 200 OK | 699 B |
URL GET HTTP/3web-tg.pages.dev/putPreloader-BpnKbxyo.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash2d08a01eaa5adbede74a74ccf17ad723 0d6a5d30b5cde1062465da72f05a0977717ec0e3 9ed78994d5cb475d51f35359eb9604f8027d32912b25b3a6b07b8c1b92619417
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-BpnKbxyo.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"83afe69c318c786142743fdb4cb3c282"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWQLPWlKwfDys0ePPu7MQHj58ssevCnxIxBKm2xPvItP87YbW1YJ4Evqo%2BIkdYzdts53S%2F0hWvgNLzcncjhuUt%2BbGd28yQwVPWqiNNTGZ2Hmo4BY7GvxMbi7nu73a8BVIZzw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d9511bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/button-CBz3tFXn.js | 172.66.47.142 | 200 OK | 8.8 kB |
URL GET HTTP/3web-tg.pages.dev/button-CBz3tFXn.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hash0934fc0709e3f0153bf544eae4b6e91d 66b32839d8f23c8a5e3fdea14caa6320f1574af6 59c50829e2cb68252a68cb9041c1fad8c9a63f26f5eff9112c4cd439d0895937
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /button-CBz3tFXn.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/pageSignQR-1FI3Fawx.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c637e966f7f255b26ac0875090f6b02a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3I91WE7o7V5zF3S0FDdkbT71O62bPZhnJBcY6td2i8rzj6BwxbzKXXTOdITywrXDt03%2FpjgRlHN4M9JTU2aowXkBeTSIRn5PJpr%2FlxterkbGQreFJnq3SoNS07DhwcqGPPhX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d0d9501bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js | 172.66.47.142 | 200 OK | 290 B |
URL GET HTTP/3web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash2f62150f51e1c96c4a1f8fa5d6c72c2a d9529066ad04e0b66323fa0e7f12133bbc6940a4 e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cee3ad1e2fde417708607f4f2d1b1b8c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4q52OuY3DO4dMLsHoJRt9KS6oIqbdtyZQjpqXyTKR5yfT3tu%2F%2BgOa0Q2M9RvdrQVpRn0jWJFZoM0OJzCSW%2BmCmmVsCVFKCXoAN8aIWQ%2FLuvxmb1LJSuAQx7t29IMmmdQXAyE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d129981bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js | 172.66.47.142 | 200 OK | 290 B |
URL GET HTTP/3web-tg.pages.dev/_commonjsHelpers-Cpj98o6Y.js IP172.66.47.142:443
Requested byhttps://web-tg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectweb-tg.pages.dev Fingerprint1F:E9:3C:73:B9:82:F0:E8:76:22:DC:45:09:A4:0C:18:7D:85:7A:97 ValiditySat, 13 Apr 2024 22:36:36 GMT - Fri, 12 Jul 2024 22:36:35 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash2f62150f51e1c96c4a1f8fa5d6c72c2a d9529066ad04e0b66323fa0e7f12133bbc6940a4 e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: web-tg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web-tg.pages.dev/qr-code-styling-BqER1AUU.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cee3ad1e2fde417708607f4f2d1b1b8c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Elsf4LO9BT9VRCeD2UjNQf9MBgakTaQxw5ZiN1B5akomxL80bOY1cuE%2Boi4p%2BL6DL4vZg92e6BEhGfEGYMAwXthI%2FmyoPgZKXmOQ6wAwdQr4IbWQEPLpCG6pdFSH3bl4iNAZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bc6d1ea561bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|