Report - telegrom-gw.com/

Report Overview

Visited public
2023-11-28 07:21:41
Tags
URL
telegrom-gw.com/
Finishing URL
telegrom-gw.com/a/?139090
IP / ASN
45.158.20.197
#35251 HostHub
Title
Telegram

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
t.me	6552	2010-05-20	2015-06-29 21:03:15	2023-11-27 21:55:12	427 B	515 B	149.154.167.99
collect-v6.51.la	91421	2005-01-17	2021-03-08 17:03:54	2023-11-27 10:29:22	469 B	488 B	203.107.86.226
sdk.51.la	88367	2005-01-17	2021-03-08 17:03:51	2023-11-27 10:29:20	415 B	397 B	0.0.0.0
zws2.web.telegram.org	144268	2003-12-15	2021-06-24 08:55:52	2023-11-22 15:29:53	597 B	220 B	149.154.167.99
telegrom-gw.com	unknown	2023-11-14	2023-11-14 19:53:02	2023-11-16 12:33:57	16 kB	3.0 MB	45.158.20.197
telegram-gw.org	unknown	2023-08-16	2023-09-29 21:07:46	2023-11-19 18:25:22	1.3 kB	62 kB	45.158.20.197
telegram.me	11938	2014-01-07	2013-10-13 18:36:12	2023-11-27 04:50:04	434 B	515 B	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-28 07:21:27	low	Client IP	149.154.167.99	ET INFO Observed Telegram Domain (t .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram
2023-11-16	medium	telegrom-gw.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	telegrom-gw.com/a/compatTest.js	ScriptElement	927 B	2023-07-27	2025-05-06
Pretty URL telegrom-gw.com/a/compatTest.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32 Last Seen2025-05-06 12:43 Times Seen483 Hash 8d3c978142adca439569a4e8e809f193 2b23f728dc23ca4fdaeaee01acd48cc316e1a278 c4691c694cc9ec2c292557bab2b88f1c7476b56b1eb4df50340264b0efb9db4f Loading...

	telegram-gw.org/hook/login.js	ScriptElement	3.1 kB	2023-11-11	2024-08-20
Pretty URL telegram-gw.org/hook/login.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen8 Hash 6e468fe3957fa72834b306a3c70b2380 58776ddd64f18551b8e998601dba8245df4ccbce 2bcf5b4106faf5d374132254dae7347b9001c9ea2f27f51a5774e694f75473f9 Loading...

	sdk.51.la/js-sdk-pro.min.js	ScriptElement	34 kB	2023-06-06	2025-03-29
Pretty URL sdk.51.la/js-sdk-pro.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-06 21:59 Last Seen2025-03-29 07:59 Times Seen6792 Hash 42ecdc85c17db27c4de190b8d2277332 1ac989fc2f24a7e326ccb43b4e26e4584eae1a65 efdcfce40d3ba6a5fa9d90b81803fd92041664b5bff3a6e0f72b26f1f21f4e1e Loading...

	telegrom-gw.com/a/main.5791d155437d0dda5a44.js	ScriptElement	390 kB	2023-11-13	2024-08-20
Pretty URL telegrom-gw.com/a/main.5791d155437d0dda5a44.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-13 00:09 Last Seen2024-08-20 19:16 Times Seen6 Hash 1ee0053967c4524fd39b9b39d20078b4 9825dc6332b1bd5c0df9417c4e7fc5db82f3daec fb9db41fc2194501e818ef3adcef624e068ad16ed2e7e02c49333f654f4a1efc Loading...

	telegram.me/_websync_?authed=0&version=10.0.21+A	ScriptElement	4 B	2023-03-07	2025-05-09
Pretty URL telegram.me/_websync_?authed=0&version=10.0.21+A IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 07:05 Times Seen90444 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	unknown	DomTimer	18 B	2023-11-11	2024-08-20
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen75 Hash 83a0bdcafe8bc55c14f8f3a716aa96d5 a17481a7d53e3b69e084e32472480c6cde8ca4ce b41467c7b28ce6dcd5fd0f3ca25af3afd085b1eb29790928b5f89606d2b228a8 Loading...

	telegrom-gw.com/a/redirect.js	ScriptElement	325 B	2023-07-27	2025-05-09
Pretty URL telegrom-gw.com/a/redirect.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32 Last Seen2025-05-09 02:55 Times Seen6288 Hash 17773b57b87a678c98e26a7cac72df6c 7422857aa75ee81cabcec2eed6c4a6168f363ee1 375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f Loading...

	telegram-gw.org/hook/hook.js	ScriptElement	727 B	2023-11-11	2024-08-20
Pretty URL telegram-gw.org/hook/hook.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen8 Hash 6d5fa3df9b5c98fa43a08f7573d87616 3cfcfeff92b6db31d1c2feb56c51ae2c0e9263eb c1d5b5773d24dd56522323b7879c43411e9c15e895512d72b2bb4068c70c7f91 Loading...

	unknown	DomTimer	12 B	2023-11-11	2024-08-20
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen75 Hash 875dc6b7aef5a92a6d33df7faaa079e4 da509e297fb898e5443793d5bfffdc166917bba6 efc55f60828c52d9c34fca84760393dcedc4f2d269a546723c1885bf2dcc48ab Loading...

	unknown	DomTimer	12 B	2023-11-11	2024-08-20
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen75 Hash 5737875d05320b4f85a96c864179639b 4e12928ae14ad56603b3402afb08d5b1c8c31ea9 bb8eb3698d65628d1e775baa5cf8538606b1474c5a2768250bffc1cb9856ce17 Loading...

	telegrom-gw.com/a/6839.01a53cbedf5d86d252ec.js	ScriptElement	46 kB	2023-10-19	2025-05-06
Pretty URL telegrom-gw.com/a/6839.01a53cbedf5d86d252ec.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-19 01:38 Last Seen2025-05-06 12:43 Times Seen562 Hash 2075f46f0950d8614b73045505b7aafc 34da1902bc42580deab249ac8ef5c4901d243a43 f693fccbb0f64594079d492db05d3bced69a6c6cab7514d4b78733570fd592a1 Loading...

	telegram-gw.org/hook/jquery-3.6.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL telegram-gw.org/hook/jquery-3.6.1.min.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28 Last Seen2025-05-09 07:15 Times Seen14359 Hash 00727d1d5d9c90f7de826f1a4a9cc632 ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2 a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Loading...

	unknown	ScriptElement	491 B	2023-11-11	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen8 Hash d2cf5174444c7d862629fddef9b1f70d 00c2128174496ea1befed8b342cd1ae5946b641a c3b5d5b0235f73c2a073991dcce55ecad74b65238b34ef29486594dfea391b0e Loading...

	telegrom-gw.com/a/1915.108d65059486019f8ed3.js	ScriptElement	18 kB	2023-10-19	2025-04-23
Pretty URL telegrom-gw.com/a/1915.108d65059486019f8ed3.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-19 01:38 Last Seen2025-04-23 11:50 Times Seen28 Hash 1d6f921da53e7d8da89ae42637d24134 fd23fbeb4bd0c492b4eef98494d169d82b687c92 60a8865f1e141d715892496bc11167deac59a62bb343ab5f204b6e7194326c37 Loading...

	telegrom-gw.com/a/3748.f5159289bfeb131c4c84.js	ScriptElement	10 kB	2023-11-11	2024-08-20
Pretty URL telegrom-gw.com/a/3748.f5159289bfeb131c4c84.js IP 45.158.20.197 ASN #35251 HostHub Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen9 Hash 608066e04c0ebfdde4cc20c97de7502d 3aa3acf88abac99fd1d5127009c241595774fda0 56845ad4b4f68d8869ea15612d04819ae7bb12ea0a84666ab070e778891f1434 Loading...

		Size	First Seen	Last Seen
	#1 Write - 4a52525ed6dc8817ae336b0a23b2c9bf	72 B	2023-11-11 06:25	2024-08-20 20:01
Pretty Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen8 Hash 4a52525ed6dc8817ae336b0a23b2c9bf a372df5b68c02748cd3b88e4e8886e86bc961d22 bfbf0e14ac162a4b3dccc344eb56a45e98e60ea70854ada7417de7cdbbb41061 Loading...

	#2 Write - f418b80b8bb1d2ce5371a60a73cc3211	61 B	2023-11-11 06:25	2024-08-20 20:01
Pretty Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen8 Hash f418b80b8bb1d2ce5371a60a73cc3211 41c1e7308bffc3cf23717cd8909b7d4bfd72c188 64e01d1261b15a73ebe91aeb9ebaf8de9f696147ecc83e67fb615b1d48f2937a Loading...

	#3 Write - 44bc5322067373448fc4104b79bca6ea	508 B	2023-11-11 06:25	2024-08-20 20:01
Pretty Observations First Seen2023-11-11 06:25 Last Seen2024-08-20 20:01 Times Seen8 Hash 44bc5322067373448fc4104b79bca6ea e01706032fe7f0457c38606b905e9c34996e407e 5796c6c697214543685e8d1c8805ab647b0affcf0f56bad91094a65ccbd4388a Loading...

HTTP Transactions (40)

URL IP Response Size

telegrom-gw.com/

45.158.20.197

570 B

URL
telegrom-gw.com/
IP
45.158.20.197:0
ASN
#35251 HostHub

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
570 B (570 bytes)
Hash
826771f56159323b551fa2578c1ea93c
92c0b7883386407466289931d51612858bd3dc5c
79690f73b4f48645955269a05fed8aabcd16e67ebee20e8e1058bab4ba760d53

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:21 GMT
content-type: text/html
content-length: 570
last-modified: Tue, 14 Nov 2023 20:29:27 GMT
etag: "6553d8a7-23a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/compatTest.js

45.158.20.197

200 OK

927 B

URL GET HTTP/2
telegrom-gw.com/a/compatTest.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text
Size
927 B (927 bytes)
Hash
8d3c978142adca439569a4e8e809f193
2b23f728dc23ca4fdaeaee01acd48cc316e1a278
c4691c694cc9ec2c292557bab2b88f1c7476b56b1eb4df50340264b0efb9db4f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/compatTest.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:22 GMT
content-type: application/javascript
content-length: 927
last-modified: Thu, 20 Jul 2023 15:57:34 GMT
etag: "64b9596e-39f"
expires: Tue, 28 Nov 2023 07:22:22 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/redirect.js

45.158.20.197

200 OK

325 B

URL GET HTTP/2
telegrom-gw.com/a/redirect.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text
Size
325 B (325 bytes)
Hash
17773b57b87a678c98e26a7cac72df6c
7422857aa75ee81cabcec2eed6c4a6168f363ee1
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/redirect.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:22 GMT
content-type: application/javascript
content-length: 325
last-modified: Thu, 20 Jul 2023 15:57:34 GMT
etag: "64b9596e-145"
expires: Tue, 28 Nov 2023 07:22:22 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram-gw.org/hook/hook.js

45.158.20.197

200 OK

727 B

URL GET HTTP/2
telegram-gw.org/hook/hook.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegram-gw.org
FingerprintF9:12:16:4F:2A:7A:0B:1C:67:BC:1A:0C:99:EC:75:3B:35:55:94:A4
ValidityFri, 03 Nov 2023 06:33:57 GMT - Thu, 01 Feb 2024 06:33:56 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (554)
Size
727 B (727 bytes)
Hash
6d5fa3df9b5c98fa43a08f7573d87616
3cfcfeff92b6db31d1c2feb56c51ae2c0e9263eb
c1d5b5773d24dd56522323b7879c43411e9c15e895512d72b2bb4068c70c7f91

HTTP Headers

GET /hook/hook.js HTTP/1.1
Host: telegram-gw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:22 GMT
content-type: application/javascript
content-length: 727
last-modified: Wed, 08 Nov 2023 12:49:50 GMT
etag: "654b83ee-2d7"
expires: Tue, 28 Nov 2023 19:21:22 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram-gw.org/hook/login.js

45.158.20.197

200 OK

12 kB

URL GET HTTP/2
telegram-gw.org/hook/login.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegram-gw.org
FingerprintF9:12:16:4F:2A:7A:0B:1C:67:BC:1A:0C:99:EC:75:3B:35:55:94:A4
ValidityFri, 03 Nov 2023 06:33:57 GMT - Thu, 01 Feb 2024 06:33:56 GMT

File type
gzip compressed data, from Unix\012- data
Size
12 kB (12085 bytes)
Hash
8f58338af9ecb68872dded2f6aa8cb5d
f1a61d2c1459c72819b222096f901a7124d9ecc7
f7f99e39b325bbca3417f883b66956d92591792142eec8767d522f65c3f607cc

HTTP Headers

GET /hook/login.js HTTP/1.1
Host: telegram-gw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:22 GMT
content-type: application/javascript
last-modified: Mon, 06 Nov 2023 10:56:15 GMT
vary: Accept-Encoding
etag: W/"6548c64f-c3d"
expires: Tue, 28 Nov 2023 19:21:22 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/chat-bg-br.f34cc96fbfb048812820.png

45.158.20.197

200 OK

1.9 kB

URL GET HTTP/2
telegrom-gw.com/a/chat-bg-br.f34cc96fbfb048812820.png
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1920 bytes)
Hash
ff2989744d4813c906047582226abd28
41b973276f7a99af05115b89b401aceb02f573c8
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/main.32f8da78f6170361d52e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: image/png
content-length: 1920
last-modified: Sun, 07 Aug 2022 16:47:52 GMT
etag: "62efecb8-780"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.me/_websync_?authed=0&version=10.0.21+A

149.154.167.99

24 B

URL GET
telegram.me/_websync_?authed=0&version=10.0.21+A
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.me
FingerprintCA:AA:65:FE:33:CD:9C:CC:BB:2D:14:C7:05:66:C5:F7:7C:8D:63:2E
ValidityWed, 20 Sep 2023 01:49:33 GMT - Mon, 21 Oct 2024 01:49:33 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /_websync_?authed=0&version=10.0.21+A HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

telegrom-gw.com/a/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2

45.158.20.197

200 OK

11 kB

URL GET HTTP/2
telegrom-gw.com/a/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0\012- data
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/main.32f8da78f6170361d52e.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/octet-stream
content-length: 11056
last-modified: Sun, 07 Aug 2022 16:47:52 GMT
etag: "62efecb8-2b30"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/notification.mp3

45.158.20.197

206 Partial Content

11 kB

URL GET HTTP/2
telegrom-gw.com/a/notification.mp3
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo\012- data
Size
11 kB (10880 bytes)
Hash
eba09b6a457792c52fc610b5f9f974b3
95e6e0f7648e28ea21bc434054ea59aba3a35aea
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/notification.mp3 HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: audio/mpeg
content-length: 10880
last-modified: Tue, 10 Aug 2021 22:44:37 GMT
etag: "61130155-2a80"
expires: Tue, 28 Nov 2023 08:09:20 GMT
x-frame-options: deny
cache-control: max-age=3600, no-cache
content-range: bytes 0-10879/10880
X-Firefox-Spdy: h2

telegrom-gw.com/a/chat-bg-pattern-light.ee148af944f6580293ae.png

45.158.20.197

200 OK

273 kB

URL GET HTTP/2
telegrom-gw.com/a/chat-bg-pattern-light.ee148af944f6580293ae.png
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
PNG image data, 1123 x 2307, 4-bit colormap, non-interlaced\012- data
Size
273 kB (272875 bytes)
Hash
3d558d8de7082a2b2355076c8988c3fd
d74980e29b0ec2f102b0dcd614503fd42a255b85
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/main.32f8da78f6170361d52e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: image/png
content-length: 272875
last-modified: Sun, 07 Aug 2022 16:47:52 GMT
etag: "62efecb8-429eb"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

t.me/_websync_?authed=0&version=10.0.21+A

149.154.167.99

24 B

URL GET
t.me/_websync_?authed=0&version=10.0.21+A
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerGoDaddy.com, Inc.
Subject*.t.me
FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16
ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /_websync_?authed=0&version=10.0.21+A HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js

45.158.20.197

200 OK

389 kB

URL GET HTTP/2
telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
gzip compressed data, from Unix\012- data
Size
389 kB (389020 bytes)
Hash
c6d850f709ea0b78e3f24948937c9f07
1c10f9203463d55d36fe2699c0087557345c40df
c0edf42659bb30bed50f180a77d9f1fc3456f73e0b57bda9eb085fa33a8964cd

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/4680.4d241670b5406c6bbf55.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Nov 2023 09:16:02 GMT
etag: W/"655097d2-2939"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/icon-192x192.png

45.158.20.197

200 OK

3.1 kB

URL GET HTTP/2
telegrom-gw.com/a/icon-192x192.png
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
3.1 kB (3059 bytes)
Hash
1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/icon-192x192.png HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: image/png
content-length: 3059
last-modified: Wed, 13 Oct 2021 11:42:58 GMT
etag: "6166c642-bf3"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/favicon.svg

45.158.20.197

200 OK

892 B

URL GET HTTP/2
telegrom-gw.com/a/favicon.svg
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (892), with no line terminators
Size
892 B (892 bytes)
Hash
d9ee2d4b0edd9f8ba2fb7242162c2c47
398522893cf2cdefb5176f11bc67eab31c2d7382
a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/favicon.svg HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: image/svg+xml
content-length: 892
last-modified: Wed, 13 Oct 2021 11:42:58 GMT
etag: "6166c642-37c"
expires: Tue, 28 Nov 2023 07:59:50 GMT
x-frame-options: deny
cache-control: max-age=3600, no-cache
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/rlottie-wasm.wasm

45.158.20.197

318 kB

URL
telegrom-gw.com/a/rlottie-wasm.wasm
IP
45.158.20.197:0
ASN
#35251 HostHub

File type
WebAssembly (wasm) binary module version 0x1 (MVP)\012- data
Size
318 kB (317584 bytes)
Hash
ade36c82f1c7643da3ef1244ec008da5
19654576f8d08fee41f8dce3e8f21e61084b9589
f186efb3d724331c5d36813d3bbbe512630f9e199f4667f3c4aa43f3fec6cf14

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/rlottie-wasm.wasm HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/wasm
content-length: 317584
last-modified: Thu, 29 Apr 2021 00:43:06 GMT
etag: "608a011a-4d890"
expires: Tue, 28 Nov 2023 07:59:52 GMT
x-frame-options: deny
cache-control: max-age=3600, no-cache
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram-gw.org/hook/jquery-3.6.1.min.js

45.158.20.197

200 OK

48 kB

URL GET HTTP/2
telegram-gw.org/hook/jquery-3.6.1.min.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegram-gw.org
FingerprintF9:12:16:4F:2A:7A:0B:1C:67:BC:1A:0C:99:EC:75:3B:35:55:94:A4
ValidityFri, 03 Nov 2023 06:33:57 GMT - Thu, 01 Feb 2024 06:33:56 GMT

File type
ASCII text, with very long lines (65447)
Size
48 kB (47731 bytes)
Hash
1e6bae4f1ca47ff95c10caa5021fea0e
c62104122968d9c66ee8a000610fb02187109a85
4507909c2d371458675e0f55176827a6169e8311057b03190dd69d6b70d53bb9

HTTP Headers

GET /hook/jquery-3.6.1.min.js HTTP/1.1
Host: telegram-gw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:22 GMT
content-type: application/javascript
last-modified: Fri, 03 Nov 2023 16:33:46 GMT
vary: Accept-Encoding
etag: W/"654520ea-15e40"
expires: Tue, 28 Nov 2023 19:21:22 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/2041.5fe028b52e13d7a937b4.js

45.158.20.197

200 OK

354 kB

URL GET HTTP/2
telegrom-gw.com/a/2041.5fe028b52e13d7a937b4.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
gzip compressed data, from Unix\012- data
Size
354 kB (353744 bytes)
Hash
afcd6b9672a6549da5dbfdc316332959
5d106d5ec6f7881d839dd50a6d36a3a4e866b881
22609e844a7f7efadd53e8319a2355adb0f9d748badba8cfef877e407ccf5afb

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-223ca"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/QrPlane.a921709f266564f65b7e.tgs

45.158.20.197

2.1 kB

URL
telegrom-gw.com/a/QrPlane.a921709f266564f65b7e.tgs
IP
45.158.20.197:0
ASN
#35251 HostHub

File type
gzip compressed data, was "PlaneLogoPlain.json", last modified: Fri Dec 17 11:58:31 2021, from Unix\012- data
Size
2.1 kB (2101 bytes)
Hash
9fe5425a55be5cfd60c1ee5f2ca2c733
6055dbe3afe9575b921a9863534e91428a847021
486cbe566d05f023f3c72ec00b55f921deb1f7aed2efb630fe717425e2d98d0a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/QrPlane.a921709f266564f65b7e.tgs HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/octet-stream
content-length: 2101
last-modified: Sun, 07 Aug 2022 16:47:52 GMT
etag: "62efecb8-835"
expires: Tue, 28 Nov 2023 08:21:20 GMT
x-frame-options: deny
cache-control: max-age=3600, no-cache
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/rlottie-wasm.wasm

45.158.20.197

318 kB

URL
telegrom-gw.com/a/rlottie-wasm.wasm
IP
45.158.20.197:0
ASN
#35251 HostHub

File type
WebAssembly (wasm) binary module version 0x1 (MVP)\012- data
Size
318 kB (317584 bytes)
Hash
ade36c82f1c7643da3ef1244ec008da5
19654576f8d08fee41f8dce3e8f21e61084b9589
f186efb3d724331c5d36813d3bbbe512630f9e199f4667f3c4aa43f3fec6cf14

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/rlottie-wasm.wasm HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/wasm
content-length: 317584
last-modified: Thu, 29 Apr 2021 00:43:06 GMT
etag: "608a011a-4d890"
expires: Tue, 28 Nov 2023 07:59:52 GMT
x-frame-options: deny
cache-control: max-age=3600, no-cache
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/6839.01a53cbedf5d86d252ec.js

45.158.20.197

200 OK

54 kB

URL GET HTTP/2
telegrom-gw.com/a/6839.01a53cbedf5d86d252ec.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (45662)
Size
54 kB (53659 bytes)
Hash
a20869ac25c4de8906eb30fccfe83494
db3893a2f107281bf2fb2809817e4f11516267ec
1c40cd89d28c7c7e6e75eba56d0068a026a61c13dc2268cb61eaa2d109fb23ff

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/6839.01a53cbedf5d86d252ec.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-b2ba"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

collect-v6.51.la/v6/collect?dt=4

203.107.86.226

403

0 B

URL POST HTTP/1.1
collect-v6.51.la/v6/collect?dt=4
IP
203.107.86.226:443
ASN
#0

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 274
Origin: https://telegrom-gw.com
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 
Date: Tue, 28 Nov 2023 07:21:26 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=b237d51ebebceb1d26743a00e39ee1b14ef63e1244a7fb28e7962333e3321ecf; Path=/; HttpOnly
acw_tc=ac11000117011560861386911e83bbdf7dfdb2b39545604e5d8b13809a9e01;path=/;HttpOnly;Max-Age=1800
Server: nginx
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://telegrom-gw.com
Access-Control-Allow-Credentials: true

telegrom-gw.com/a/8764.58763b7a689318950e51.js

45.158.20.197

200 OK

11 kB

URL GET HTTP/2
telegrom-gw.com/a/8764.58763b7a689318950e51.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/8415.e19414a62a900480b85e.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
gzip compressed data, from Unix\012- data
Size
11 kB (11210 bytes)
Hash
22d9a7350514238cf31b4025339cdd58
230bb224849e8db3cc1560aab4f3352f099e4a4d
e572704ba606f163cea2c1247a5684e7ff9b2f5da41779c66d410f2562953b26

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/8764.58763b7a689318950e51.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/8415.e19414a62a900480b85e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-6b32"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/blank.8dd283bceccca95a48d8.png

45.158.20.197

200 OK

68 B

URL GET HTTP/2
telegrom-gw.com/a/blank.8dd283bceccca95a48d8.png
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Cookie: __vtins__K3mwFswF6LBfkGle=%7B%22sid%22%3A%20%2275c96187-85a8-5961-b16f-c725c02ea348%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201701157888758%2C%20%22ct%22%3A%201701156088758%7D; __51uvsct__K3mwFswF6LBfkGle=1; __51vcke__K3mwFswF6LBfkGle=391a58d9-9d71-5512-94f5-91d49c57e78a; __51vuft__K3mwFswF6LBfkGle=1701156088769
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:27 GMT
content-type: image/png
content-length: 68
last-modified: Sun, 07 Aug 2022 16:47:52 GMT
etag: "62efecb8-44"
expires: Tue, 28 Nov 2023 07:22:27 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/rlottie-wasm.5e3833cedb8fb71c8d8e.js

45.158.20.197

200 OK

22 kB

URL GET HTTP/2
telegrom-gw.com/a/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
gzip compressed data, from Unix\012- data
Size
22 kB (22262 bytes)
Hash
31b36daa8fab4911fa87cea4044f2b83
55e064c3727621c4e3346904047196f2d92e09fb
e35a40678ef9ba77464284dac11609ae0baef5ee5218517936d8ce1e8ab20dc4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 20 Jul 2023 15:57:34 GMT
etag: W/"64b9596e-1005e"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/blank.8dd283bceccca95a48d8.png

45.158.20.197

200 OK

68 B

URL GET HTTP/2
telegrom-gw.com/a/blank.8dd283bceccca95a48d8.png
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-gw.com/a/?139090
DNT: 1
Connection: keep-alive
Cookie: __vtins__K3mwFswF6LBfkGle=%7B%22sid%22%3A%20%2275c96187-85a8-5961-b16f-c725c02ea348%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201701157888758%2C%20%22ct%22%3A%201701156088758%7D; __51uvsct__K3mwFswF6LBfkGle=1; __51vcke__K3mwFswF6LBfkGle=391a58d9-9d71-5512-94f5-91d49c57e78a; __51vuft__K3mwFswF6LBfkGle=1701156088769
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:27 GMT
content-type: image/png
content-length: 68
last-modified: Sun, 07 Aug 2022 16:47:52 GMT
etag: "62efecb8-44"
expires: Tue, 28 Nov 2023 07:22:27 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/5802.36a9971f58c808c4a974.js

45.158.20.197

200 OK

22 kB

URL GET HTTP/2
telegrom-gw.com/a/5802.36a9971f58c808c4a974.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/8415.e19414a62a900480b85e.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/5802.36a9971f58c808c4a974.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/8415.e19414a62a900480b85e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-541b"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/main.5791d155437d0dda5a44.js

45.158.20.197

200 OK

390 kB

URL GET HTTP/2
telegrom-gw.com/a/main.5791d155437d0dda5a44.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type

Size
390 kB (389536 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/main.5791d155437d0dda5a44.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:22 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Nov 2023 09:16:02 GMT
etag: W/"655097d2-5f1a0"
expires: Tue, 28 Nov 2023 07:22:22 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/8415.e19414a62a900480b85e.js

45.158.20.197

200 OK

527 kB

URL GET HTTP/2
telegrom-gw.com/a/8415.e19414a62a900480b85e.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type

Size
527 kB (527397 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/8415.e19414a62a900480b85e.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Nov 2023 09:16:02 GMT
etag: W/"655097d2-80c25"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/5802.36a9971f58c808c4a974.js

45.158.20.197

200 OK

22 kB

URL GET HTTP/2
telegrom-gw.com/a/5802.36a9971f58c808c4a974.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/5802.36a9971f58c808c4a974.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-541b"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/5802.36a9971f58c808c4a974.js

45.158.20.197

200 OK

22 kB

URL GET HTTP/2
telegrom-gw.com/a/5802.36a9971f58c808c4a974.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/5802.36a9971f58c808c4a974.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-541b"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

45.158.20.197

200 OK

11 kB

URL GET HTTP/2
telegrom-gw.com/a/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0\012- data
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/main.32f8da78f6170361d52e.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/octet-stream
content-length: 11016
last-modified: Sun, 07 Aug 2022 16:47:52 GMT
etag: "62efecb8-2b08"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

telegrom-gw.com/a/5802.36a9971f58c808c4a974.js

45.158.20.197

200 OK

22 kB

URL GET HTTP/2
telegrom-gw.com/a/5802.36a9971f58c808c4a974.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/5802.36a9971f58c808c4a974.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-541b"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/5802.36a9971f58c808c4a974.js

45.158.20.197

200 OK

22 kB

URL GET HTTP/2
telegrom-gw.com/a/5802.36a9971f58c808c4a974.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text, with very long lines (21394)
Size
22 kB (21531 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/5802.36a9971f58c808c4a974.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/4680.4d241670b5406c6bbf55.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-541b"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/?139090

45.158.20.197

200 OK

3.1 kB

URL User Request GET HTTP/2
telegrom-gw.com/a/?139090
IP
45.158.20.197:443
ASN
#35251 HostHub

Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3295), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
ec963cbe780b42d3336e18d3f90451c8
5a0c2f8f7f3760a6fce0e83b97a74a50c565ccd7
b6597f7a68711424a54406cc8213e3955e194df5c05fcc54bdffab96e06636fc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/?139090 HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:21 GMT
content-type: text/html
vary: Accept-Encoding
expires: Tue, 28 Nov 2023 07:59:44 GMT
x-frame-options: deny
cache-control: max-age=3600, no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/main.32f8da78f6170361d52e.css

45.158.20.197

200 OK

108 kB

URL GET HTTP/2
telegrom-gw.com/a/main.32f8da78f6170361d52e.css
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type

Size
108 kB (108063 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/main.32f8da78f6170361d52e.css HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:22 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 10 Nov 2023 10:07:26 GMT
etag: W/"654e00de-1a61f"
expires: Tue, 28 Nov 2023 07:22:22 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/1649.23ef32650e96d33d6586.js

45.158.20.197

200 OK

45 kB

URL GET HTTP/2
telegrom-gw.com/a/1649.23ef32650e96d33d6586.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/8415.e19414a62a900480b85e.js
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text, with very long lines (44841)
Size
45 kB (44895 bytes)
Hash
d185f3823bb419e0227eb45b85facdca
b50068ba63e52fd9d71dbfa7cb42fe82a6f4af16
fbcc1367611f1d387d2b7340f92b66b4a0a5311742ec3d806d848692b98e78c9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/1649.23ef32650e96d33d6586.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/8415.e19414a62a900480b85e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:24 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-af5f"
expires: Tue, 28 Nov 2023 07:22:24 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

telegrom-gw.com/a/1915.108d65059486019f8ed3.js

45.158.20.197

200 OK

18 kB

URL GET HTTP/2
telegrom-gw.com/a/1915.108d65059486019f8ed3.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type

Size
18 kB (17981 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/1915.108d65059486019f8ed3.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Sep 2023 00:02:35 GMT
etag: W/"6517659b-463d"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

sdk.51.la/js-sdk-pro.min.js

0.0.0.0

0 B

URL GET
sdk.51.la/js-sdk-pro.min.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 07:21:24 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: aliyungf_tc=c72eee05b11a9d59836d039f9348657b2afddc7577dcf9bb918322837a5918a5; Path=/; HttpOnly
Server: openresty
Cache-Control: no-store
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

telegrom-gw.com/a/3748.f5159289bfeb131c4c84.js

45.158.20.197

200 OK

10 kB

URL GET HTTP/2
telegrom-gw.com/a/3748.f5159289bfeb131c4c84.js
IP
45.158.20.197:443
ASN
#35251 HostHub

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerLet's Encrypt
Subjecttelegrom-l.com
Fingerprint51:F7:D8:00:8B:2F:B8:D2:75:90:95:29:27:A9:3E:52:BD:25:89:C0
ValidityTue, 14 Nov 2023 19:30:12 GMT - Mon, 12 Feb 2024 19:30:11 GMT

File type
ASCII text, with very long lines (10411)
Size
10 kB (10465 bytes)
Hash
608066e04c0ebfdde4cc20c97de7502d
3aa3acf88abac99fd1d5127009c241595774fda0
56845ad4b4f68d8869ea15612d04819ae7bb12ea0a84666ab070e778891f1434

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /a/3748.f5159289bfeb131c4c84.js HTTP/1.1
Host: telegrom-gw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-gw.com/a/?139090
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 07:21:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 05 Nov 2023 21:49:54 GMT
etag: W/"65480e02-28e1"
expires: Tue, 28 Nov 2023 07:22:23 GMT
cache-control: max-age=60
x-frame-options: deny
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

zws2.web.telegram.org/apiws

149.154.167.99

101 Switching Protocols

0 B

URL GET HTTP/1.1
zws2.web.telegram.org/apiws
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegrom-gw.com/a/?139090
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-gw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: l5qc9O5XejfRfCvYXS9uYg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Tue, 28 Nov 2023 07:21:25 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8E75Ty9bj2xAaPSFglW2aJDZ42A=
Sec-WebSocket-Protocol: binary

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations