Report - 178.20.41.168:8080/?pid=532&click_id=656594812930530001f8a67e&sub

Report Overview

Visited public
2023-11-28 07:20:07
Tags
URL
178.20.41.168:8080/?pid=532&click_id=656594812930530001f8a67e&sub_id=18&channel=-1001682994742
Finishing URL
t.me/+bsrJ1UQOT9EwOWMy
IP / ASN
178.20.41.168
#48282 Hosting technology LTD
Title
Telegram: Join Group Chat

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn4.cdn-telegram.org	unknown	2023-11-04	2023-11-04 22:41:19	2023-11-27 14:57:48	783 B	9.3 kB	34.111.35.152
telegram.org	5408	2003-12-15	2013-12-18 14:14:30	2023-11-27 18:07:21	5.1 kB	445 kB	149.154.167.99
178.20.41.168:8080	unknown	unknown	No data	No data	476 B	477 B	178.20.41.168
t.me	6552	2010-05-20	2015-06-29 21:03:15	2023-11-27 21:55:12	488 B	4.9 kB	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-28 07:19:52	low	Client IP	149.154.167.99	ET INFO Observed Telegram Domain (t .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	178.20.41.168	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	t.me/+bsrJ1UQOT9EwOWMy	ScriptElement	212 B	2024-08-20	2024-08-20
Pretty URL t.me/+bsrJ1UQOT9EwOWMy IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:37 Last Seen2024-08-20 17:37 Times Seen1 Hash 74ae3a9390aea9678487151183c223f9 379a7971d089a384bd29ca2c6e4140cfd4cc16a9 8386405ea60643ca15b0608ca61c1c07d05bc286572b9ff672a7125345969b91 Loading...

	telegram.org/js/tgwallpaper.min.js?3	ScriptElement	3.0 kB	2023-03-07	2025-05-09
Pretty URL telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:37 Times Seen49065 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

	t.me/+bsrJ1UQOT9EwOWMy	ScriptElement	193 B	2023-03-07	2025-05-09
Pretty URL t.me/+bsrJ1UQOT9EwOWMy IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:37 Times Seen46100 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

	t.me/+bsrJ1UQOT9EwOWMy	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty URL t.me/+bsrJ1UQOT9EwOWMy IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:37 Last Seen2024-08-20 17:37 Times Seen1 Hash 828327e77b557578131fcf7a8555a78b 70de080276b803fc966f253209a0f1e56ad874df b4f37b3c5c93981aa57cfc6542d678b0c7a980be4dbae66b21e084252956a044 Loading...

HTTP Transactions (14)

URL IP Response Size

178.20.41.168:8080/?pid=532&click_id=656594812930530001f8a67e&sub_id=18&channel=-1001682994742

178.20.41.168

301 MOVED PERMANENTLY

247 B

URL User Request GET HTTP/1.1
178.20.41.168:8080/?pid=532&click_id=656594812930530001f8a67e&sub_id=18&channel=-1001682994742
IP
178.20.41.168:8080
ASN
#48282 Hosting technology LTD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
247 B (247 bytes)
Hash
4c6aba51ce6eb20b0893ca788864fecb
c7fa5b1bc7578653f2ce85f04de6081e36980845
0038394ba895482d7eb3f7ce03fc78c9703061e3e5023a3110a7719db8d009c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?pid=532&click_id=656594812930530001f8a67e&sub_id=18&channel=-1001682994742 HTTP/1.1
Host: 178.20.41.168:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 MOVED PERMANENTLY
Server: Werkzeug/2.2.3 Python/3.10.12
Date: Tue, 28 Nov 2023 07:19:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 247
Location: https://t.me/+bsrJ1UQOT9EwOWMy
Connection: close

t.me/+bsrJ1UQOT9EwOWMy

149.154.167.99

200 OK

4.4 kB

URL User Request GET HTTP/2
t.me/+bsrJ1UQOT9EwOWMy
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Certificate
IssuerGoDaddy.com, Inc.
Subject*.t.me
FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16
ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3560)
Size
4.4 kB (4417 bytes)
Hash
030e7a7ec002c67f48d37e4fa9bc73f7
f9bba153caceb9190810e6591053f36ecbb206e0
e0aff2c0b1459dced993e2cec8aedf7ef3e5822cc577383cc6b7884ffec1aacd

HTTP Headers

GET /+bsrJ1UQOT9EwOWMy HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:48 GMT
content-type: text/html; charset=utf-8
content-length: 4417
set-cookie: stel_ssid=f6c0b220385ef5788d_11174989567561276196; expires=Wed, 29 Nov 2023 07:19:48 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

cdn4.cdn-telegram.org/file/ImTPyhP3u92EEOLcYHtiedO91J7cVtCmqe9vW5yV2HiObekrtMbHFUjrCSaT8xmVLogsggEbk_-3-SY55iPtwlE1bjx_ETNBYlaj3IsYbgFKmH7mEyAbAq7G1o-2dBLx5Pgpjyh1R_xZ2ieNCOsiEKeJXv7qJ12nMkqDgY04laQlu8VsFEvWJ4HDU2_cmeMlc2NfQpNODqrisiwlPDqCPPFHitol5UJQnLVNpPRCYdEVHRkFfMkvdJYIh_u2SNXgS_JcxOQs6G5nMlGaVjutGf6lhp-dDNBiMMQhWbYE7rDHa-WTAJFlzcY9xZFP0-xBr4DyfvY8Ns-8MDL2DfLTGA.jpg

34.111.35.152

200 OK

8.7 kB

URL GET HTTP/2
cdn4.cdn-telegram.org/file/ImTPyhP3u92EEOLcYHtiedO91J7cVtCmqe9vW5yV2HiObekrtMbHFUjrCSaT8xmVLogsggEbk_-3-SY55iPtwlE1bjx_ETNBYlaj3IsYbgFKmH7mEyAbAq7G1o-2dBLx5Pgpjyh1R_xZ2ieNCOsiEKeJXv7qJ12nMkqDgY04laQlu8VsFEvWJ4HDU2_cmeMlc2NfQpNODqrisiwlPDqCPPFHitol5UJQnLVNpPRCYdEVHRkFfMkvdJYIh_u2SNXgS_JcxOQs6G5nMlGaVjutGf6lhp-dDNBiMMQhWbYE7rDHa-WTAJFlzcY9xZFP0-xBr4DyfvY8Ns-8MDL2DfLTGA.jpg
IP
34.111.35.152:443
ASN
#15169 GOOGLE

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoogle Trust Services LLC
Subjectcdn1.cdn-telegram.org
Fingerprint79:F4:49:35:E7:E7:73:9F:FD:BE:84:5C:D4:FC:EA:06:91:E7:18:CC
ValiditySat, 04 Nov 2023 08:54:58 GMT - Fri, 02 Feb 2024 09:46:50 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3\012- data
Size
8.7 kB (8683 bytes)
Hash
d1e0737512ef281a1ecca43feb23fbeb
a44a3eff0e30c5b109393b774e1db7e3b69b4ede
c27567cdbd2366ae5d2ee1451cdc4adbd220c853be406ea002ca4f073ce69099

HTTP Headers

GET /file/ImTPyhP3u92EEOLcYHtiedO91J7cVtCmqe9vW5yV2HiObekrtMbHFUjrCSaT8xmVLogsggEbk_-3-SY55iPtwlE1bjx_ETNBYlaj3IsYbgFKmH7mEyAbAq7G1o-2dBLx5Pgpjyh1R_xZ2ieNCOsiEKeJXv7qJ12nMkqDgY04laQlu8VsFEvWJ4HDU2_cmeMlc2NfQpNODqrisiwlPDqCPPFHitol5UJQnLVNpPRCYdEVHRkFfMkvdJYIh_u2SNXgS_JcxOQs6G5nMlGaVjutGf6lhp-dDNBiMMQhWbYE7rDHa-WTAJFlzcY9xZFP0-xBr4DyfvY8Ns-8MDL2DfLTGA.jpg HTTP/1.1
Host: cdn4.cdn-telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:49 GMT
content-type: image/jpeg
content-length: 8683
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "d106ac386e0b79dfec5f65ca66218386f030f693"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

149.154.167.99

200 OK

11 kB

URL GET HTTP/2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11028, version 1.0\012- data
Size
11 kB (11028 bytes)
Hash
1f6d3cf6d38f25d83d95f5a800b8cac3
279f300ca2cbbdf9f5036ef2f438607fbf377daa
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

HTTP Headers

GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:50 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Sat, 02 Dec 2023 07:19:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

149.154.167.99

200 OK

11 kB

URL GET HTTP/2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11040, version 1.0\012- data
Size
11 kB (11040 bytes)
Hash
5e22a46c04d947a36ea0cad07afcc9e1
6091d981c2a4ee975c7f6b56186ee698040bb804
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

HTTP Headers

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:50 GMT
content-type: application/octet-stream
content-length: 11040
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b20"
expires: Sat, 02 Dec 2023 07:19:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2

149.154.167.99

200 OK

6.6 kB

URL GET HTTP/2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6620, version 1.0\012- data
Size
6.6 kB (6620 bytes)
Hash
376ffe2ca0b038d08d5e582ec13a310f
ec85284f360bada79122b5dca3088103c769ca8a
2f662599cf4323a18b4f7da381a998a8873c0277fff2d866336f7ee943a102d6

HTTP Headers

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:50 GMT
content-type: application/octet-stream
content-length: 6620
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-19dc"
expires: Sat, 02 Dec 2023 07:19:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2

149.154.167.99

200 OK

6.5 kB

URL GET HTTP/2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6460, version 1.0\012- data
Size
6.5 kB (6460 bytes)
Hash
491a7a9678c3cfd4f86c092c68480f23
32e18ae407d782adfd54c78c6259c7be52db6bf3
41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41

HTTP Headers

GET /fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:50 GMT
content-type: application/octet-stream
content-length: 6460
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-193c"
expires: Sat, 02 Dec 2023 07:19:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/img/apple-touch-icon.png

149.154.167.99

200 OK

5.6 kB

URL GET HTTP/2
telegram.org/img/apple-touch-icon.png
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

HTTP Headers

GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:50 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Sat, 02 Dec 2023 07:19:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/css/font-roboto.css?1

149.154.167.99

200 OK

6.2 kB

URL GET HTTP/2
telegram.org/css/font-roboto.css?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (6354), with no line terminators
Size
6.2 kB (6166 bytes)
Hash
c06318a1f377e388b69b104b4cefa1a6
151f067aae997487880e573876f96b8d598e64db
1a53363e667fffef8a82588191989d36e680b4d341c6b557e62bf207311a3d70

HTTP Headers

GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:49 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Sat, 02 Dec 2023 07:19:49 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/img/tgme/pattern.svg?1

149.154.167.99

200 OK

232 kB

URL GET HTTP/2
telegram.org/img/tgme/pattern.svg?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 kB (231706 bytes)
Hash
d0c22c6a97023d85ba6e644a41c44a5d
4284efb616c182da4450c123174ce0e81a322845
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

HTTP Headers

GET /img/tgme/pattern.svg?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/css/telegram.css?236
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:50 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-3891a"
expires: Sat, 02 Dec 2023 07:19:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/bootstrap.min.css?3

149.154.167.99

200 OK

42 kB

URL GET HTTP/2
telegram.org/css/bootstrap.min.css?3
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (42164)
Size
42 kB (42523 bytes)
Hash
c2656e265ef58a9cc9f4b70b15da5fb9
85c5ebdb89d4574d72688c2650d4b84b9b09770a
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

HTTP Headers

GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:49 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Sat, 02 Dec 2023 07:19:49 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

1.9 kB

URL GET HTTP/2
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
SVG Scalable Vector Graphics image\012- XML document, ASCII text, with very long lines (1968), with no line terminators
Size
1.9 kB (1896 bytes)
Hash
5caca7ae1cffb3da0b06150a15020005
04cfb934f238d33209406393a3fbf78454815739
1ea747a06fbc240c2594a8c523cb248bbda4784f0fcad9d0f06334f1a378604f

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:50 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Sat, 02 Dec 2023 07:19:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/telegram.css?236

149.154.167.99

200 OK

115 kB

URL GET HTTP/2
telegram.org/css/telegram.css?236
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (1267)
Size
115 kB (114867 bytes)
Hash
0d209d756face073dd14a437f07e58b2
20cb9119fdd02921a6bd0b1500f78a0b76a7a5c0
acd326a9263ee8c4cbc757fed46333732a0e3f8f48d398cbd4f8e36a09fdaf76

HTTP Headers

GET /css/telegram.css?236 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:49 GMT
content-type: text/css
last-modified: Mon, 20 Mar 2023 10:58:55 GMT
etag: W/"64183c6f-1c0b3"
expires: Sat, 02 Dec 2023 07:19:49 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/js/tgwallpaper.min.js?3

149.154.167.99

200 OK

3.0 kB

URL GET HTTP/2
telegram.org/js/tgwallpaper.min.js?3
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/+bsrJ1UQOT9EwOWMy
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (2998), with no line terminators
Size
3.0 kB (2979 bytes)
Hash
f03422dc797fd26a3834b1ec041128ed
a6e88f4fe48b749c2b7360e8e004f64b6cfffb1a
046ec6b7909d0ca5cc6ef271a1b57b2f2be0bd88e3495fd8c496f1524e8ffaac

HTTP Headers

GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 28 Nov 2023 07:19:49 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Sat, 02 Dec 2023 07:19:49 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by