Report - macos.tlgr.org/

Report Overview

Visited public
2023-12-06 15:47:09
Tags
URL
macos.tlgr.org/
Finishing URL
macos.tlgr.org/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Telegram for macOS

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
macos.tlgr.org	unknown	2017-04-15	2019-06-02 23:35:37	2023-12-06 09:18:08	5.6 kB	213 kB	188.114.96.1
osx.tlgr.org	unknown	unknown	No data	No data	886 B	137 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram
2023-12-06	medium	macos.tlgr.org/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	macos.tlgr.org/js/main.js?47	ScriptElement	22 kB	2023-09-05	2024-08-21
Pretty URL macos.tlgr.org/js/main.js?47 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-05 15:09 Last Seen2024-08-21 07:28 Times Seen11 Hash e6f75edefef446c098659ff76bffffb8 ff80460243007e39545be81b72497ae95e2bad46 f29a4ed92db2eab4b39ff9803107a08e0e9edcae11b918d6810590a91ae4fbd7 Loading...

	macos.tlgr.org/	ScriptElement	49 B	2023-08-06	2025-02-13
Pretty URL macos.tlgr.org/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-06 11:12 Last Seen2025-02-13 11:01 Times Seen27 Hash 50f7da6825d608a3bebc1780cda7cac3 a2bd02810bd852d888d6a6e7845f0aabdabd50c4 c7d42c3ec77a219a35c071dd15c36f43a25fb92e2996c804e55d4fabd718ddb7 Loading...

	macos.tlgr.org/	ScriptElement	434 B	2023-12-06	2024-08-20
Pretty URL macos.tlgr.org/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:47 Last Seen2024-08-20 16:34 Times Seen3 Hash 39c211ff33790d0ecbe6f72474478b01 ea706be013a5fe4be5c60fbd471ab42a1abbef30 713b05bc8abbdbdf8ea2bd8d7ddb9a8c973cadfb4a1c5395186569efb2462921 Loading...

	macos.tlgr.org/	ScriptElement	204 B	2023-10-14	2024-09-28
Pretty URL macos.tlgr.org/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-14 02:02 Last Seen2024-09-28 08:40 Times Seen25 Hash 7535f70797215425e67d636ccb683bad 7ac65b6f9544997b03ed44bdca61d7d77be60c30 f36d6d69bbc73810e1525d352752413d7f5736acdb8f600d2bbb2f4b010a7901 Loading...

	macos.tlgr.org/sandbox%20eval%20code		147 B	2023-04-11	2025-06-17
Pretty URL macos.tlgr.org/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-17 05:07 Times Seen354804 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-17
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-17 05:07 Times Seen354082 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

HTTP Transactions (13)

URL IP Response Size

macos.tlgr.org/js/main.js?47

188.114.96.1

200 OK

22 kB

URL GET HTTP/3
macos.tlgr.org/js/main.js?47
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
ASCII text
Size
22 kB (21474 bytes)
Hash
e6f75edefef446c098659ff76bffffb8
ff80460243007e39545be81b72497ae95e2bad46
f29a4ed92db2eab4b39ff9803107a08e0e9edcae11b918d6810590a91ae4fbd7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /js/main.js?47 HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:52 GMT
content-type: application/javascript; charset=UTF-8
expires: Sun, 10 Dec 2023 15:46:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LV5qPIW3t9IfhyBz%2FrOF40v6e7zOVGRibMjcbIXi9MGoOKFG8Pjzt90Mwpzx2x1%2FqB4H%2BUOS9ym4YaNrk%2Bm%2FLKjDwOLHWKVLDTko4bBZR%2BTs22Hej2FA9LtghsiAfXK9wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa0709c4b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/img/link-icon.png

188.114.96.1

200 OK

910 B

URL GET HTTP/3
macos.tlgr.org/img/link-icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Size
910 B (910 bytes)
Hash
3eddc29df3553fb9c184514afc6b6871
c133304911f40dab1c360e57d43710ef6b901bd8
94948af7c5e24e7f88ffd1318d664f440e7c41481c87adfee8d547f83fd93b92

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/link-icon.png HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/css/telegram.css?236
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/png
expires: Sun, 10 Dec 2023 15:46:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
strict-transport-security: max-age=0
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lwVvjWhzuW2aVeN1NTnKALJU8EGd%2F0pNC0L2jzn2HP0nwnpJQ%2BC2mdUXcYDj58mBbjtDEtJg%2BVPLK38wFW2bszRTiX5FMhS52yo76yuxhxOr%2FRtNFCQ%2Fk1b1%2FDPwRLM5uA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa096d45b527-OSL
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/img/back_to_top_1x.png

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/3
macos.tlgr.org/img/back_to_top_1x.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 16 x 7, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1083 bytes)
Hash
a6e4f219e24beec807310903f521b606
e5ff121212d1a0372a3b861ed563719eb70810fc
3a2cd608359dd6e325d4569daa50dcc4644dd14500ec8aaf17aeb73addeec9a6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/back_to_top_1x.png HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/css/telegram.css?236
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/png
expires: Sun, 10 Dec 2023 15:46:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
strict-transport-security: max-age=0
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s2BhLmbM2xAx%2B3f7oEa2D9Udsm4oWV3wPWSfP5xa6Kfq%2Fyz10Z%2F8I4UsZk2pRarGb7lLD6x8JBvKdhDCUPSbqhJ2hTBZ3%2F%2FQWorByyZjLa0GfQRMrKDXpVee62XYfQJotA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa09cde9b527-OSL
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/img/apple-touch-icon.png

188.114.96.1

200 OK

5.6 kB

URL GET HTTP/3
macos.tlgr.org/img/apple-touch-icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/apple-touch-icon.png HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/png
expires: Sun, 10 Dec 2023 15:46:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
strict-transport-security: max-age=0
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=njAEVmqeNWSxE1Cvd%2FM%2BsDKg3W3RJuVusZRvZHltyi0G0rGeCD5qRHPrn%2BXwc0niZqfN4bYQSeh61fKfZ%2BfJw1W1WmvrdzgI%2FcD1Uho1Pqnp9m2TdUj5wFu0B1FBiXYHdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa0b685cb527-OSL
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/img/td_icons.png

188.114.96.1

200 OK

5.8 kB

URL GET HTTP/3
macos.tlgr.org/img/td_icons.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 50 x 210, 8-bit/color RGBA, non-interlaced\012- data
Size
5.8 kB (5819 bytes)
Hash
c4eb260bb81d1b25a89fb968c1f3ace2
f5a24a77fc81624238544cfc5f187be10996f993
6cbdd9cf89a770ccc3a3c3e26a82023ab00f3fd8a753ad0f891f4441e56ed26e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/td_icons.png HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/css/telegram.css?236
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/png
expires: Sun, 10 Dec 2023 15:46:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
strict-transport-security: max-age=0
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Awh1vYVni24rclw9VqcGns55ssRoWrZ3zKe%2FX04b2tO0EYqqnFB9VG%2FS%2FpMBfs9RbqgN7Q1l66250vxoKgHcsO5jIsOcdfm6oLiuCvEBfVju6%2FVXLk49wzsYwgpPVwXYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa096d42b527-OSL
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/img/bullet.png?3

188.114.96.1

200 OK

184 B

URL GET HTTP/3
macos.tlgr.org/img/bullet.png?3
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced\012- data
Size
184 B (184 bytes)
Hash
220a22e46828d52591a852b1c9656a9e
4c7a324b7c58a9b0362cd18b27c16c8ca440d4ba
a4463a9104baf7da2078a02da5be6680311da8b36ef515a141ae49e3e99da1f2

HTTP Headers

GET /img/bullet.png?3 HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/css/telegram.css?236
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/png
expires: Sun, 10 Dec 2023 15:46:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
strict-transport-security: max-age=0
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCGxRE0QBbgb9u2Rs2upHwbDMsuSwyJfhRRkxgQP9j48tYVb2Ro6cO%2BZ3EmKftSkJUXQ%2BzFsd6930ZZvKN4xInt647aiZBmIvS2xRgS8DKCd%2F61steN03BAVY%2BL8WpyRcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa096d4db527-OSL
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/img/website_icon.svg?4

188.114.96.1

200 OK

1.9 kB

URL GET HTTP/3
macos.tlgr.org/img/website_icon.svg?4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
SVG Scalable Vector Graphics image\012- XML document, ASCII text, with very long lines (1968), with no line terminators
Size
1.9 kB (1896 bytes)
Hash
5caca7ae1cffb3da0b06150a15020005
04cfb934f238d33209406393a3fbf78454815739
1ea747a06fbc240c2594a8c523cb248bbda4784f0fcad9d0f06334f1a378604f

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/svg+xml
expires: Sun, 10 Dec 2023 13:38:12 GMT
cache-control: max-age=345600
access-control-allow-origin: *
strict-transport-security: max-age=0
cf-cache-status: HIT
age: 7721
last-modified: Wed, 06 Dec 2023 13:38:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bptA54%2FkKbXMsB9dBrLqq%2FyEgzZkOlyFBuWtg8QdZhK1zVroGuN0Jo8JRXuRMeH%2Bq%2Btke5vH7aOYeP5z9SUASTh%2B9xHePclveDEaaA%2BNXJiRnsS95KK0kWRYa6Er%2Bt8GwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa0b7873b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/

188.114.96.1

200 OK

9.2 kB

URL User Request GET HTTP/2
macos.tlgr.org/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9684), with no line terminators
Size
9.2 kB (9210 bytes)
Hash
c65bc6de1f9eb2099cb3aca3adf9ffc9
6764f5986d45733b3ee824c513125efd990a0399
1e4412e87872bdc9f1e6106da0e089ee920a63911499db1ee4dd050b8a575c78

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:46:52 GMT
content-type: text/html; charset=utf-8
set-cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232; expires=Thu, 07 Dec 2023 02:53:32 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SbYLaPlqzicCEddOjaxxBN5HjIps2KvAyeMv6pAhkBLs7gz4gvHKoM6Wh8HSrDwmColsPsFrwyGoofYvISRluUBq9aGtKfONwsi1TN%2BvRHC8beeROL%2BDNXyioxjPyYopaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8315aa03ca5eb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

macos.tlgr.org/css/bootstrap.min.css?3

188.114.96.1

200 OK

42 kB

URL GET HTTP/3
macos.tlgr.org/css/bootstrap.min.css?3
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
ASCII text, with very long lines (42164)
Size
42 kB (42523 bytes)
Hash
c2656e265ef58a9cc9f4b70b15da5fb9
85c5ebdb89d4574d72688c2650d4b84b9b09770a
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /css/bootstrap.min.css?3 HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:52 GMT
content-type: text/css
expires: Sun, 10 Dec 2023 15:46:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6A6SBFs4lWsmZR216M%2BRCdf3LwE5gUzBHecVnW3MTr14dB58fYKNYB24D%2FQrbAzxfo7zLPf%2FHTdUBqmo5hyJ6BfeA8tibmfnFlV9UQkhWl8k2uYMGLp2uKX0W%2FDiyJdbJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa06f9bdb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/css/telegram.css?236

188.114.96.1

200 OK

115 kB

URL GET HTTP/3
macos.tlgr.org/css/telegram.css?236
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
ASCII text, with very long lines (1267)
Size
115 kB (114859 bytes)
Hash
117a43caf09942e692b739767e56c084
3bf46dc92213bde36b58692146579614ea0766bf
30aba5ed929c48c47730a9c4a9e0b47eb2665fe4cdad99b3aad8b5a45325ef8f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /css/telegram.css?236 HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:52 GMT
content-type: text/css
expires: Sun, 10 Dec 2023 15:46:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYQOPpdQZL06QdHR29W2vRw5mgvZemWxlQELDK6Sm4t%2FmGPAtwH4sg6l5c6SpnjRqSZUlnhQh1o8OelDtnNFvO528yyrIwLgadbY7lg1iahmk1HfnSY7fj4blvYFEBjfzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa06f9bfb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

osx.tlgr.org/updates/site/logo.png

188.114.96.1

200 OK

30 kB

URL GET HTTP/3
osx.tlgr.org/updates/site/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
30 kB (30471 bytes)
Hash
1ed7ee92df9fc65a7281ea73bf6f64a4
e6d68bd4828cac14d5f0ed9a7faf3db97feba59c
eb3f85d61828a6f752305bb2712e6a22515115f9c68f67ed958e21317d26d75b

HTTP Headers

GET /updates/site/logo.png HTTP/1.1
Host: osx.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:52 GMT
content-type: image/png
strict-transport-security: max-age=35768000
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8Lbdka95dMWahRdJ3WVclSEax1EivqYBj8VcaZghEDXBsx%2FNyDFx395cEJ2cx6uVdCnUX3NuegRxEFMTGRq2mkQDJLRHk1qBu4wO2R%2BCmMSIMsGDFUgJlfuRcp%2BdAM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa074a10b527-OSL
alt-svc: h3=":443"; ma=86400

macos.tlgr.org/img/twitter.png

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/3
macos.tlgr.org/img/twitter.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 21 x 17, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1272 bytes)
Hash
1ed9bf7633f4f449c8d2df94ea0eb35f
2902ba9c2b127c74c2550298a0578d7d8da941c2
e7d23b06a4ffd600558e5443d1e32daaaf13a27cf7bb8b7cc163a92b4054aaf2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/twitter.png HTTP/1.1
Host: macos.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/css/telegram.css?236
Cookie: stel_ssid=def6fbf19e3f3ad32f_13585927683810481232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/png
expires: Sun, 10 Dec 2023 15:46:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
strict-transport-security: max-age=0
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pp5Ezd36hHKk1qfreoTiOYd3iExdIscmmMwZPcBWvql7swHVqs35dYSLQLFopxzQcStGudsViyYDwvR8NdASSH6S0wI3iXLSm6F8FG6qdaWActuUXMX0MFHC2R%2BxYjG5yg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa094d1cb527-OSL
alt-svc: h3=":443"; ma=86400

osx.tlgr.org/updates/site/artboard.png

188.114.96.1

200 OK

106 kB

URL GET HTTP/3
osx.tlgr.org/updates/site/artboard.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://macos.tlgr.org/
Certificate
IssuerLet's Encrypt
Subjecttlgr.org
Fingerprint9B:49:F5:DD:61:74:2E:2E:12:63:A9:F3:EE:B5:EB:A5:2B:AA:DE:E1
ValidityThu, 23 Nov 2023 21:18:51 GMT - Wed, 21 Feb 2024 21:18:50 GMT

File type
PNG image data, 450 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
106 kB (105466 bytes)
Hash
8b5e74d8a7ea1b4993e66533d18a8de7
e4ec7ae55ae8d00dbd6c42dc6716715e8b2e2cf7
b386b8f4b22d68f1a23b9ac0826df43a761a9b967a07ae27bff89314c73c052d

HTTP Headers

GET /updates/site/artboard.png HTTP/1.1
Host: osx.tlgr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://macos.tlgr.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:46:53 GMT
content-type: image/png
strict-transport-security: max-age=35768000
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Wed, 06 Dec 2023 15:46:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVqSqhLki17ZdX%2BjE%2FKk02gLzpjXk3jLveCKadyXI7ZTy1uf69f0zNIu6vF5J1UcHO2WSc5J7Xm0Ge3vOpluXhVKSnUDZxnc9H9nLiRdBSM6c9Ks26%2FTvP2bbMDU4mo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8315aa096d3eb527-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by