| telegram-tt-koval-dev.pages.dev/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 |  172.66.47.102 | 200 OK | 11 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://telegram-tt-koval-dev.pages.dev/main.1cfb19cb0a2c894f96bc.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvbZriTPYxRt0ekH31uNc6Xak%2Feae4WHrI9Yzdork05ut6aiDth0jXB0FEOivTHKL1O9nJVZ4dnBaf3bVEeVb1UMHwFGgpDWeBUY5nA5ie%2F229XkZ6Ro5fyz3xICeUuRKXWL%2F5IKkSOiQPJpprcnGZAU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4b7adf56c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/chat-bg-br.f34cc96fbfb048812820.png | 172.66.47.102 | 200 OK | 1.9 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/chat-bg-br.f34cc96fbfb048812820.png IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typePNG image data, 50 x 50, 8-bit/color RGB, non-interlaced Hashff2989744d4813c906047582226abd28 41b973276f7a99af05115b89b401aceb02f573c8 3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/main.1cfb19cb0a2c894f96bc.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: image/png
content-length: 1920
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b44cd1d1a18ff5f302ca64f29cca3b27"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uLMLb2DthfI%2F1HKk%2BbOr1HzczPFrqDIiKN4FIXismoWhpmEcXE%2FyVFfX31dMfwhojnIL4AmBEZlRjbN3sa6OSUmX7n4yo1pf1OlUIAVJXkrbGIN9b3rFy5kCPAnqB3DiSoct5svM9GUQRbEgd7bq29sN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4bbaf756c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/main.cc90fdba34d90bfab50d.js | 172.66.47.102 | 200 OK | 140 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/main.cc90fdba34d90bfab50d.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators Size140 kB (140273 bytes) Hash2317455e0b8fb233a5f7414f4ad0421e 4ac2130e6fad6817d2cb8b39fa7320d00961d681 860e1a48a0161340dcd71fb3dadabf761a0dac98d474d89fc3a6aa24ac613dfb
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /main.cc90fdba34d90bfab50d.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"431f225ba58ca210fe36473915b9dae4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MmFt%2BBVeoCjbAIIf2FFgJOgZSLwo0Pa109eSjd3m6n2xMcRWCrWPp2RCoFg9QHjI8B%2BxPZpT3u8%2BfFYc2S2uKd6impFr4GfxQdcJPomDwLphKooTY%2FwORMvgEysqgN9d65betlY9Izxi08oi9lHETHpm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4a3a5a56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/chat-bg-pattern-light.ee148af944f6580293ae.png | 172.66.47.102 | 200 OK | 273 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/chat-bg-pattern-light.ee148af944f6580293ae.png IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typePNG image data, 1123 x 2307, 4-bit colormap, non-interlaced Size273 kB (272875 bytes) Hash3d558d8de7082a2b2355076c8988c3fd d74980e29b0ec2f102b0dcd614503fd42a255b85 00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/main.1cfb19cb0a2c894f96bc.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: image/png
content-length: 272875
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "7ecd785f0675960e25e3acfe969d5e78"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CfiyUZWWPv45BmH7vvnsbhTRYjUa8eRLvsM%2BG4k6fL7Cu0DRNsvLPM0boCO75yzcF%2B3DmsRWqFh%2Bla6niBaIggU%2BdLt8DIJvF4T%2Bj0G7s0a%2Bz0JHZ5L0sfy7O8kLT2fmNovPzOP8rn%2B6r2YzzoC%2F4Nay"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4bbafa56c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/notification.mp3 | 172.66.47.102 | 200 OK | 11 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/notification.mp3 IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo Hasheba09b6a457792c52fc610b5f9f974b3 95e6e0f7648e28ea21bc434054ea59aba3a35aea 86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /notification.mp3 HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://telegram-tt-koval-dev.pages.dev/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: audio/mpeg
content-length: 10880
access-control-allow-origin: *
etag: "0a92cb1fe03590e956b4e206001f1a3b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZnHlSOy%2F12pyyF%2F5am8SC8oh0Wg%2Fbce3xIQLpEOFcslrSa6qPW%2FGgmrKCW1RO3667FOMaIfG01yv0fWXGvWWb7aFW3FaGhwMN79l3HTvCXFbP6lIwoX8G5IaMUGCQ3jsshe2wweZjt3v%2BiF0Dvu9HaPv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4bdb3256c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram.me/_websync_?authed=0&version=10.4.8+A |  149.154.167.99 | | 24 B |
URL GET telegram.me/_websync_?authed=0&version=10.4.8+A IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoDaddy.com, Inc. Subject*.telegram.me FingerprintCA:AA:65:FE:33:CD:9C:CC:BB:2D:14:C7:05:66:C5:F7:7C:8D:63:2E ValidityWed, 20 Sep 2023 01:49:33 GMT - Mon, 21 Oct 2024 01:49:33 GMT
File typeASCII text, with no line terminators Hashb326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /_websync_?authed=0&version=10.4.8+A HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2
|
|
| t.me/_websync_?authed=0&version=10.4.8+A | 149.154.167.99 | | 24 B |
URL GET t.me/_websync_?authed=0&version=10.4.8+A IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoDaddy.com, Inc. Subject*.t.me FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16 ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT
File typeASCII text, with no line terminators Hashb326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /_websync_?authed=0&version=10.4.8+A HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2
|
|
| telegram-tt-koval-dev.pages.dev/5802.732aa31393373676a8b5.js | 172.66.47.102 | 200 OK | 53 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/5802.732aa31393373676a8b5.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (21394) Hashc34e4791d5604a8f63fd30e18c762ee1 c0dc2434a6375c15ff25107402bf79711fa9c1e9 4d2b13476755a42578cedfb07ae995cb5c8cdac33f68ce52e9f3caed1a33615c
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /5802.732aa31393373676a8b5.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"35e3a9a827b6f8ef6909aa27a806a9c2"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hm3mdVb50NxoZA8HZoSPK6KF6QfG%2BTT6PJKVZ3M2RzsM%2Fq%2BzjkShAv7xl3sIcPRiuucBB1wcG1%2BRNbl1Z5SyPfkKp8JU9L8l1HkrSSiTcQTzDvxmxf7vrq%2Fq3FmVtz%2FdbqPSm2OkBkjSlyoLmJNqPC1d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4d5c1956c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/rlottie-wasm.wasm | 172.66.47.102 | | 0 B |
URL telegram-tt-koval-dev.pages.dev/rlottie-wasm.wasm IP172.66.47.102:0
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /rlottie-wasm.wasm HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"44ff37e417e77ae4c30aa60974b03059"
TE: trailers
HTTP/3 304 Not Modified
date: Mon, 06 May 2024 04:29:51 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eKERFB5tbnOQ4ral6o9rMda%2Fsmdbcs6lDeetMwzi6J%2B23t6Rf8IezXjExiAjCNuzj7So5WPuRV%2BZ0LdJ%2Bs6CUw1KwFyYDwK1keaOARTKxrZkcITZlG9CkxScfMdswTAK40l2G6l4TcdX3mXzOkNOzWZZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4fad5156c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/rlottie-wasm.wasm | 172.66.47.102 | | 0 B |
URL telegram-tt-koval-dev.pages.dev/rlottie-wasm.wasm IP172.66.47.102:0
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /rlottie-wasm.wasm HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"44ff37e417e77ae4c30aa60974b03059"
TE: trailers
HTTP/3 304 Not Modified
date: Mon, 06 May 2024 04:29:51 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zbErWsAdBcJYTQfCNpGw5qp4Cw6uabwHmLp791FmfXWgHnhkjpx0aL1XvPTAXSIVBEaaQ2nbeS5cpzz%2BOk%2B%2FzEdJAdpofiK3GvudY4%2FWZbLS%2BJA5zByKSf9i4fF%2FX%2FI5pqVgebEm8Ng4vL7zvMINhwVl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4fad5256c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/rlottie-wasm.wasm | 172.66.47.102 | | 0 B |
URL telegram-tt-koval-dev.pages.dev/rlottie-wasm.wasm IP172.66.47.102:0
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /rlottie-wasm.wasm HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"44ff37e417e77ae4c30aa60974b03059"
TE: trailers
HTTP/3 304 Not Modified
date: Mon, 06 May 2024 04:29:51 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=il5LT%2F4HxUkKtXwHsPBDeiQpTiXcmVYoyEFtayjDLNVHh2sMiLds33BsHwaOY4%2FiuDreoUAEHA12DXd%2FwPsXe%2BxhRXtkJw2S%2F4svIkkd5wrCn92MPFLwodL9fNwddDB7caMDv7fY0ZCD4IzMbpGYIxXC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4fcd6356c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/rlottie-wasm.5e3833cedb8fb71c8d8e.js | 172.66.47.102 | 200 OK | 153 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/rlottie-wasm.5e3833cedb8fb71c8d8e.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size153 kB (152730 bytes) Hash3559b2b89d032ebe64593c61c4ce75a0 0f6cb82095dfedfff7a1eb3d320e6c991ff5f479 8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ki8j9gQRdUTH2StBpbAJsQV2SnX9%2FSg3wFVrmjIavkyYzJIc2zHzo81vQx28I0kxw%2FcMdDZ4%2BWJtrw4cQJunRHb9v6qT67mZdOxAE6kZz0O3E8EEU5zOm3%2Fju85rF%2BeUGozyOR%2BJk3LopjqJz8OgYKFu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4f1d0356c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL zws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegram-tt-koval-dev.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Cyg5CvAa0RafxGLQwjEYeA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Mon, 06 May 2024 04:29:52 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6BSlpCYLkl3ah+fYAlzOEHxBh6k=
Sec-WebSocket-Protocol: binary
|
|
| telegram-tt-koval-dev.pages.dev/blank.8dd283bceccca95a48d8.png | 172.66.47.102 | 200 OK | 68 B |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/blank.8dd283bceccca95a48d8.png IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced Hash91e42db1c66c0b276abf6234dc50b2eb c1986af3c26609b8b7d8933f99c51c1a89e9ea6b 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:54 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=12jSpeoZqYxUo9bZUtWgjkzzwEz%2BJasrR%2FJq27lacAL0d%2BRdqRtJ93juQF2yq22fVbPpLWIGp0Lx%2BLkkjCueA%2BAAjXm6%2F4SBSW417BOhEmTDTwwJP8jXYbIemtKy0cY45gJYQnFeV5k3mRzYFnEA56Qd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b603e5256c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/blank.8dd283bceccca95a48d8.png | 172.66.47.102 | 200 OK | 68 B |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/blank.8dd283bceccca95a48d8.png IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced Hash91e42db1c66c0b276abf6234dc50b2eb c1986af3c26609b8b7d8933f99c51c1a89e9ea6b 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:54 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pOXjq4FiPN8LOs1oD3TFe1vkjFFN1O6%2BnnFP7%2BiZJlFmtsBJHDYYSYKt4Rx9uFs%2BcDEBgkC1XLX7QT8ctnY%2FQ4lkR89U%2F4OiT%2BOEQf0zemUzuHmWfcbOkUuJ4Jtosz5JDrHQop%2FEUysgLSjM66k49Ot%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b60ceaf56c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/blank.8dd283bceccca95a48d8.png | 172.66.47.102 | 200 OK | 68 B |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/blank.8dd283bceccca95a48d8.png IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced Hash91e42db1c66c0b276abf6234dc50b2eb c1986af3c26609b8b7d8933f99c51c1a89e9ea6b 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:54 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6lNPXAN661py79gmlMxSIltkHsjtomkrZuwkwzy%2BiIklRKK7cb9CQ0iGofynlTO3VQZjktkcN8AN7HG0Ja53olozZDxpNoXQCAzWzbnJYpfkrUhMF0eZjXZGrx1d9x%2BysCz%2BgCfcGVmkdb4w25Mb4cZR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b60fec756c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js | 172.66.47.102 | 200 OK | 10 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (10226), with no line terminators Hash4bc9b33ea3d9c6e9fa262be6585fa72d a2d40fc1af30052011504873fe1a4b0accc500b9 cfba35a2ccb02d68a7f85e342476e8e9a00b69f349cce51ea5f4dd75fcaa1c69
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /4680.df9a16d11fbcaa453f0b.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b2b9b72ea39002bb2eb05bb5ca272b18"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgtMYpqb3OHWPw3pUrxLdOKaKpI8nix4E2iKD6qXf4DiUY%2BsM2De4b7rENTUl%2B8cI0BUowoh7maBQcEE3NzOjl%2FQ4bae408hpB5SZcSREKmpCbCpHRYrAvafcB7gC6H8qUvoG%2FVlCwHhUrjcxQCeqXcr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4d3bff56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/compatTest.js | 172.66.47.102 | 200 OK | 2.2 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/compatTest.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (2307), with no line terminators Hashb792e6991f514bc5008dcd7f2e42963b 81c34ba1b4d273df45b0a5980c8d7c677e63ba31 7ba328c8eb841cc060c30835a2c4bc2cbd08a35c8377df7bae6722d12d1f3307
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /compatTest.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7c48263eed82897ab4fcf6ded4f63318"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P0%2B9gja8BoptH%2FraqgY%2FhqiovOrp0StJQuoTHRmorIs%2BjI0n2gJzarJuHKTd%2F3onl%2FelvHNuRRXcYRFngsWgAucsMALPxHzpSZMVPYrgQbADYVzeeX8A9uHqFPRgB1rirn9W%2FnJrJpwTlaXq2OB4I94B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4a3a5e56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js | 172.66.47.102 | 200 OK | 250 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Size250 kB (249666 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /1969.cbd4ddc59139f2e23f49.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"dd7eac608115860330c82d5d6627db8f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Li%2FAIT6pJpcaQamxPJeAQgONBl%2B%2FKosi%2F978TV5A5bdz5DSa7tiHNF8OXl%2Bsd93B8YUgRMzDQKo1ysHzTdDttvtlkOH%2Bgmc6Fd80cG91UmgXkhGjZHGCkUmb07661NVVg4BwTZU05hfMTgrf3Ujh0qFe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4cdbbb56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js | 172.66.47.102 | 200 OK | 10 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (10226), with no line terminators Hash4bc9b33ea3d9c6e9fa262be6585fa72d a2d40fc1af30052011504873fe1a4b0accc500b9 cfba35a2ccb02d68a7f85e342476e8e9a00b69f349cce51ea5f4dd75fcaa1c69
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /4680.df9a16d11fbcaa453f0b.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b2b9b72ea39002bb2eb05bb5ca272b18"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nTHNm1GYeBrSYpTHCaq218k3Rr%2F4H63U4ZNMHklQhgy%2FEACnfpoQGBL5ZTeP%2BmabkdOeDafjD8gdIGeGvfiSvjLTGdV3yjjEbNdUd4Vgl4MSKhAVIoAbBtBzPRAbJkrbioKapoe1fMHOwSsh6W3x0oCn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4d3c0156c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js | 172.66.47.102 | 200 OK | 140 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140180 bytes) Hash2c9bdd3df3d3e34bc40ebae9e1c0e4c7 64155679191201c5bc7456242a5cf135add678be 50425d273672e751b50ada440c3c491533a7080b78aa6900566c7963a85c8358
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /2041.8c228dae90fab98ce041.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3cb549bd3c3092440700ffe52df2ed27"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=awxMQYEjNAm%2BU6%2FnrODGxbjX9v4M1OEbWAnJW6K0MbxB0tZ4wmm0h8z5IbwUPa7ilIiJoOLCbdZ8LRbUgeieIE9fCLQ2sMkN%2FRqZLwSysMUwc3KlJzvPRdpHXVGrvZeT%2FA5liY6p7v5xzHKH4eS9ofyG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4eccdb56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js | 172.66.47.102 | 200 OK | 140 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140180 bytes) Hash2c9bdd3df3d3e34bc40ebae9e1c0e4c7 64155679191201c5bc7456242a5cf135add678be 50425d273672e751b50ada440c3c491533a7080b78aa6900566c7963a85c8358
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /2041.8c228dae90fab98ce041.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3cb549bd3c3092440700ffe52df2ed27"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zX6aFM2AwgcsrHrJ5YXyxgSoRLE94PB%2Bz77QbT4IklIpiuR6SGBhb1fgmmDTkonFkxzccREvCPpduqaWa%2Bgx4UnAIwwXMKSzogGlj6QH0Kpk3v%2F6AEH3jIHzRjQYQ3%2Fo9Y1LDoDGhV%2FuvNikjubi%2FPck"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4dcc5856c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 | 172.66.47.102 | 200 OK | 11 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://telegram-tt-koval-dev.pages.dev/main.1cfb19cb0a2c894f96bc.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gtNgGvkCJjUrZevABaojV7tzOOiTY0RyYT4TpG40UpyMryS7OqRo%2FTIsXA%2FC1i9wPyVBQlWG6r3akLumLKmJox4Oug59GDrMy5Mpirlt%2FzDRBCh4NBUhxLDYvzp8EqTazoOTL60dzXW%2FT8S1S6DrS9yL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4bbaff56c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/6839.18db85222361635ff8de.js | 172.66.47.102 | 200 OK | 46 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/6839.18db85222361635ff8de.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /6839.18db85222361635ff8de.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"47ad9d343404dd72940d96c5433c3e21"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2B7fEJPXVABNk4CrHuDWqUxufqIJRE4%2FujL5l%2Fb4o9wW%2BIfblV5L7ZGBgvZ%2Buv29VqCtPM3xovL7hGOCn%2B9nB1slgj%2F9IK9%2Fm1mY%2BDCog9b1nnw8v%2Bx9tzQwoZJmGn%2FfaFOQmTD5V2CAx3%2Flt8vRPWtE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4bcb2856c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js | 172.66.47.102 | 200 OK | 140 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140180 bytes) Hash2c9bdd3df3d3e34bc40ebae9e1c0e4c7 64155679191201c5bc7456242a5cf135add678be 50425d273672e751b50ada440c3c491533a7080b78aa6900566c7963a85c8358
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /2041.8c228dae90fab98ce041.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3cb549bd3c3092440700ffe52df2ed27"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFqqBF7mSeC0Y5z78rVXP4S8PS63IYhy6%2BBedrXXyibNcuU840QFiDBzj5cPJ3%2Bq10JlkMEa9WmdlbV4LJIV1Tf%2BAFzFCORWrwfG88sCjrpYotHYv6h9ivk%2BqrPs3x%2FwHc7m1g%2BeVAEse9lQ9dXJe4ua"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4eccd956c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/1637.1ca5a84ec409fa014496.js | 172.66.47.102 | 200 OK | 294 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/1637.1ca5a84ec409fa014496.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Size294 kB (294363 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /1637.1ca5a84ec409fa014496.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"1a5ed320af9ca3ef89f5f03d946174ce"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pI34uok5%2FEas6s4TUHnb3EIwhcLdRawHEfUq0RGhVDh0am0MgfBcxOEoaZIdt%2Fulm4zQNbn776idw5rY95xeF1%2BpnPzPzU4ZJ9ZRIA6W46AL%2FG2xN4xyPMExV9BmDgxeaGQWaaKPoqgaj%2BALC6bbZIQG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4f3d1156c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zws2.web.telegram.org/apiws | 149.154.167.99 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1zws2.web.telegram.org/apiws IP149.154.167.99:443 ASN#62041 Telegram Messenger Inc
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoDaddy.com, Inc. Subject*.web.telegram.org Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegram-tt-koval-dev.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Cyg5CvAa0RafxGLQwjEYeA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Mon, 06 May 2024 04:29:52 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6BSlpCYLkl3ah+fYAlzOEHxBh6k=
Sec-WebSocket-Protocol: binary
|
|
| telegram-tt-koval-dev.pages.dev/ | 172.66.47.102 | 200 OK | 3.1 kB |
URL User Request GET HTTP/2telegram-tt-koval-dev.pages.dev/ IP172.66.47.102:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeHTML document, ASCII text, with very long lines (3290), with no line terminators Hash494aa5dd2245f19eb5f5939a539adc33 9f89d59315407aa3b79e305a8078c588f4a81f7c 8fd42e05242a6f7c71f64b289f8e0f1c33b0826a6ce39a62bac373a26b374eda
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET / HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 06 May 2024 04:29:50 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cbe83278d1464bde6cc67119e82795c9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c6PhsnOigUsX3WN%2B9KCvISuPNLqEN6AxfurLcCVQe0L9sFOWN3MH7gzgNgDkEkqpRRgG%2FDQUmmnrWipqk0fSF9uw0N5wlqUM%2B5En%2FslAMF%2F%2BDljyj844CeajyOOJBjJTfu%2Bls6iCr0Y%2F9J%2BoMlm%2FPnYu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b486a3e56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| telegram-tt-koval-dev.pages.dev/redirect.js | 172.66.47.102 | 200 OK | 325 B |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/redirect.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeASCII text, with very long lines (336), with no line terminators Hash0f4bee764cf7e7080cc0c1a836d6c85a 7cdea3a612218fe6898aa117eb4598d7d0dce420 9d8ec261dba46e501288de7aee04435dfe1d8728b0bf65a4a79c08e5c90a5b54
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /redirect.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"5290fd99debbfcd7ffac7bafdfc4fcc4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Bf4f8%2FnN9BRcml3yaTdglWjF2mYOoK%2BeY1mHPqVQEkKUMstLKz5MfRnQuFJ94SkhPI5wZA3QJZgj8xu%2FuSDqp1C17qvCifyDTASSM5c%2FiW5Cc85e%2BCWVaYMkNoOLdDwCbDO1sDSa6vePYIJgWDNcK0F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4a3a5956c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/24.b6bac260faf590d2646f.js | 172.66.47.102 | 200 OK | 43 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/24.b6bac260faf590d2646f.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (42869), with no line terminators Hashff1b710b8613a0ef810d11abe9a9fdb7 82353c66822397488110d27dc5273c783aadf8cb 6ce36ccafb25d0e07f120be76ba4757fe828356e87724619836b91fbefdf5fab
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /24.b6bac260faf590d2646f.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d1ddd83e5ac925ab82173d1f384f7eca"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ue7xyPdx0%2BnCB8VO9ocDS8rI%2BFLSYyaiOICEikgnA5LLlXIMqShc%2F6nUqGoDtMi1biFTZDtUB9DLC%2BnvwXo1FxbP6dZgSDPcAuZyJOKL8cl4RS1NAyBTOFn95gnzNH%2Fod3xy9upM0caqTZjLl9Nez6Yz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4edce256c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/icon-192x192.png | 172.66.47.102 | 200 OK | 3.1 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/icon-192x192.png IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typePNG image data, 192 x 192, 8-bit colormap, non-interlaced Hash1a1650d2c76bfc1ac484646c19e495b9 fe58d66042ce9241226f5da9370230285ff604fc 6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /icon-192x192.png HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: image/png
content-length: 3059
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "92c7c04a05d4809e93743960f1628e8f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IjnpL3MwXPPNQocQKc88vhZTXfQ52UYGAUQQIUhfId1U%2Fk4ABtisC5Tz95d2HnIsmS0drJ%2FP91iD5t1AWKd1w8%2BrbVl88yNy7NezyZa%2BaUQppgj%2BHSX%2B9FVRquh3h8aH3HbSl6vJsA2nRQhrLVeVG2M3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4f8d4456c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/main.1cfb19cb0a2c894f96bc.css | 172.66.47.102 | 200 OK | 109 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/main.1cfb19cb0a2c894f96bc.css IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Size109 kB (109101 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /main.1cfb19cb0a2c894f96bc.css HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7021470c6f3ae63afc011064b1ad6b57"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o2DnQ5l4LMvox48AFqWUmjw9OvG2CCd2wbWo9I%2B%2Fs3zK9kDROOL3Xejj9EKGOtRF1%2B%2FbngF1HbpLVUPQued4fr0rylLgtYE5BC5kSbCud6wGbEGGJl0GrJ2VzI8PDNnuDXJ0ydapl7tfvwHcGvMaIVnv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4a3a5c56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/3748.80b37fcd2c59fac67c24.js | 172.66.47.102 | 200 OK | 9.8 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/3748.80b37fcd2c59fac67c24.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (9892), with no line terminators Hash9e97747e4e2f594e740097cf449b5bed fcc94c4a86230982a165611bdc25463a4b107af4 860aa41ee1ecaba3ceba4c13c94fbd6d20cd5d2ee289d5cdcb5229978bb47cef
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /3748.80b37fcd2c59fac67c24.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2e95170aa087205b1ad7c0095f91e8f6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9V86S7l6Jg9abH3GGUrpruypeL2Std5RzQvkSRgGV6mCdu03ty%2B9S1A6%2B1xc2wmllJxoGcOSj3Z08eoxvON43tGfAbF0gExlmkurd144QvbI8csymMBDCXHAw0lZKO1lM4jrbKmNP4I7%2Bb54GnKETk5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4bcb2b56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js | 172.66.47.102 | 200 OK | 10 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (10226), with no line terminators Hash4bc9b33ea3d9c6e9fa262be6585fa72d a2d40fc1af30052011504873fe1a4b0accc500b9 cfba35a2ccb02d68a7f85e342476e8e9a00b69f349cce51ea5f4dd75fcaa1c69
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /4680.df9a16d11fbcaa453f0b.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b2b9b72ea39002bb2eb05bb5ca272b18"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yQ96lvU7I4MMIZscS9yWpF6qxkQEDgk0w6apWEhJHcbI%2FlSV7p8RNZbaUI55X%2BdQ%2FsUFdzDkdicnC4K8KSd9E1K2jqV%2BMqk%2BX%2F4n%2FtGFH2ToRTZkdmdRftMStx2dqueVR91NZxhdDkRZ%2FjFjUIyG0D%2FW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4d3c0456c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/8764.d029533a5d818e78e330.js | 172.66.47.102 | 200 OK | 27 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/8764.d029533a5d818e78e330.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (27305) Hasha5e55871b2c66ec2e46c1129906f83d4 9a6802fd1ff3b1aaf5da6d8dc470052db8dbc299 1f460d661d6c94cf6955d51309bc0ae0110e2f6793d61da13377bddaddd4a82f
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /8764.d029533a5d818e78e330.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/1969.cbd4ddc59139f2e23f49.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"14e0c8cf4ad3595c9f042032cde7e324"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=INH3kA0fCH3Bha8we0zl8yfnNsn%2BIbLFlzzysm6aXCsuF6EgiilBd1teMMFT2IxDg2LF2vKaF4OuzjL%2FgV3ekzQhl%2Bp%2F3AhYh0amJ%2BsvPUgz%2BQZjHMu69ftHrh4ACf%2BshB2PzBht9fmcPHED7Q%2BdPLI5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4d9c3e56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js | 172.66.47.102 | 200 OK | 140 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/2041.8c228dae90fab98ce041.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140180 bytes) Hash2c9bdd3df3d3e34bc40ebae9e1c0e4c7 64155679191201c5bc7456242a5cf135add678be 50425d273672e751b50ada440c3c491533a7080b78aa6900566c7963a85c8358
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /2041.8c228dae90fab98ce041.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3cb549bd3c3092440700ffe52df2ed27"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FAujV3b2pHB%2Fo1i55IpEr1VjzaI7g798FcUmslo0iRzer8oTEUKYyYyCRJhd7lIEd9SCa0RdPkwCHo%2Fe%2FMR2jJbaasXs6F%2FK1xFYtsWEJ0eNNWgdJo9qm9pmQIoJgg%2FvMk6vvTqYM09AvhOkPbL%2B90O9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4e0c8156c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/favicon.svg | 172.66.47.102 | 200 OK | 892 B |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/favicon.svg IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeSVG Scalable Vector Graphics image Hashfbfd454715d8180275b32bd48770a483 0716abb57416f83cfad3e17ff830039c0607b313 788c238be3597ef42c549caff599bb84e584790f43f7d6013d6a1987264bdbe1
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /favicon.svg HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:52 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b9c8a14eeb3e9a9392f5e93eca494a93"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0getGQNHwoATlxUuuKuTkS1sqTCiCm8yvbIQWXBj9VTSBrAE%2BUp%2B8vtkgx2fwACESGmdA2LHT7yKap15rPhOjTgUJGzodIo3fTappSIJKvO7TrY4TWx1HJzv5roCyudc19pfCrKMgHZaWBplfZWlIvnX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4f8d4556c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/1915.070a9f33c0de017ef6c2.js | 172.66.47.102 | 200 OK | 18 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/1915.070a9f33c0de017ef6c2.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /1915.070a9f33c0de017ef6c2.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"f5ff3ded930236bd5e075adb05157507"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tYBpOZbiQRK7RFPe8AwvyG5jeCnxYThaMtJl2vdo%2Bk2cQr3e2JnxQYf5gkujtPJ4jUWrawURiPUZPEsi7djfneJzalUIJMVZGRd%2BtZhC0OK1qvUkq9EjpW1ysz1pe1%2F9HS%2ByYAHk4XeqIrNBzupQ4Z12"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4b8ae556c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js | 172.66.47.102 | 200 OK | 10 kB |
URL GET HTTP/3telegram-tt-koval-dev.pages.dev/4680.df9a16d11fbcaa453f0b.js IP172.66.47.102:443
Requested byhttps://telegram-tt-koval-dev.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttelegram-tt-koval-dev.pages.dev Fingerprint32:C0:1D:12:EB:7B:C2:29:81:C7:07:31:C0:61:71:2E:48:CD:E3:DF ValiditySat, 04 May 2024 20:30:17 GMT - Fri, 02 Aug 2024 20:30:16 GMT
File typeJavaScript source, ASCII text, with very long lines (10226), with no line terminators Hash4bc9b33ea3d9c6e9fa262be6585fa72d a2d40fc1af30052011504873fe1a4b0accc500b9 cfba35a2ccb02d68a7f85e342476e8e9a00b69f349cce51ea5f4dd75fcaa1c69
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /4680.df9a16d11fbcaa453f0b.js HTTP/1.1
Host: telegram-tt-koval-dev.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-tt-koval-dev.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 06 May 2024 04:29:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b2b9b72ea39002bb2eb05bb5ca272b18"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNV3rGALuA6u88o4FBnEk%2BOj%2FO8XdB82YSR25lLaNBS5HPHTGv7rZe0cFZSNHAEDaOt4hR90QMlsqUdzmKoCUjgqeeE7EPnxYK4%2FCN5m1dgTMmv2bfo%2B6UUM96Xk8wZNspxPbn8MTYPGp%2BUcYtdUNH1s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f63b4d3bfe56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|