Report - 46.30.44.144/export-file/en/id

Report Overview

Submitted URL
46.30.44.144/export-file/en/id
IP
46.30.44.144
ASN
#210079 EuroByte LLC
Submitted
2022-09-26 21:28:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
web.telegram-account.host	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.8 kB	749 kB	217.144.102.219
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.189.35.180
t.me	6552	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	515 B	149.154.167.99
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	62 kB	34.120.237.76
46.30.44.144	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	699 B	732 B	46.30.44.144
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	984 B	6.9 kB	192.124.249.23
telegram.me	11938	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	515 B	149.154.167.99
zws2.web.telegram.org	144268	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	585 B	218 B	149.154.167.99
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.25
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-26	medium	web.telegram-account.host/z/	Phishing
2022-09-26	medium	web.telegram-account.host/z/main.d59af413d56381119ab0.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2	Phishing
2022-09-26	medium	web.telegram-account.host/z/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2	Phishing
2022-09-26	medium	web.telegram-account.host/z/7941.7394fb0b394c9ee95fb1.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/1915.c5b3f01035517153521f.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/6839.7574ee59f6159101b320.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/8090.95514dc1ca682393cf02.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/5802.5a998479cf43543543ff.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/1516.d65ebe46f9458ef62bd5.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/favicon.svg	Phishing
2022-09-26	medium	web.telegram-account.host/z/rlottie-wasm.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/5313.3417bfbe0af0b56e2830.js	Phishing
2022-09-26	medium	web.telegram-account.host/z/rlottie-wasm.wasm	Phishing
2022-09-26	medium	web.telegram-account.host/z/QrPlane.a921709f266564f65b7e.tgs	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	web.telegram-account.host/z/6839.7574ee59f6159101b320.js	46 kB	2023-03-08	2023-03-08
Pretty URL web.telegram-account.host/z/6839.7574ee59f6159101b320.js IP 217.144.102.219 ASN #210079 EuroByte LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:59:58 Last Seen2023-03-08 01:59:58 Times Seen1 Hash a79d4e15b3babda2546ffe1c1ef4a0c4 9970b3526a23cfe868669c48704ec2540a17b3ee 83836b73bfc269b3b279e51498647a871dacde958a92abed03560d8c53ca5d07 Loading...

	web.telegram-account.host/z/	3.1 kB	2023-03-08	2023-03-08
Pretty URL web.telegram-account.host/z/ IP 217.144.102.219 ASN #210079 EuroByte LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:59:58 Last Seen2023-03-08 01:59:58 Times Seen1 Hash 5d0f7a08ccd51cb97f59b4ae89c544d2 c6029d41af814133233dfe2fb0eef1e3def9b535 644800a8d5bb4c8da5699486ee7b9f00ec1cc9cfc05a6977fc3433facda15075 Loading...

	telegram.me/_websync_?authed=0&version=1.52.8+Z	4 B	2023-03-07	2024-04-19
Pretty URL telegram.me/_websync_?authed=0&version=1.52.8+Z IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-19 23:05:38 Times Seen23207 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	web.telegram-account.host/z/7941.7394fb0b394c9ee95fb1.js	7.9 kB	2023-03-08	2023-03-08
Pretty URL web.telegram-account.host/z/7941.7394fb0b394c9ee95fb1.js IP 217.144.102.219 ASN #210079 EuroByte LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:59:58 Last Seen2023-03-08 01:59:58 Times Seen1 Hash ee1fe2f5b19f6463855659ebc72f820e 0d5b2b200063d2b63a4122fca255ea239fea584d c043492f0e4c87feaf01f072dfdfc3d3dadb946035e5ef57b18bfba08f087531 Loading...

	web.telegram-account.host/z/1915.c5b3f01035517153521f.js	34 kB	2023-03-08	2023-03-08
Pretty URL web.telegram-account.host/z/1915.c5b3f01035517153521f.js IP 217.144.102.219 ASN #210079 EuroByte LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:59:58 Last Seen2023-03-08 01:59:58 Times Seen1 Hash c4f136389084fa4444f7cba728ea7176 620333d99cd0c453d1e810860b8aa3486dd99445 f92fef9d41590ed1276dbd8cee78ff0acdc347efde779e64120b28831877584a Loading...

HTTP Transactions (48)

URL IP Response Size

46.30.44.144/export-file/en/id

46.30.44.144

301 Moved Permanently

246 B

URL HTTP/1.1
46.30.44.144/export-file/en/id
IP
46.30.44.144:0
ASN
#210079 EuroByte LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
246 B (246 bytes)
Hash
ee4fe79ff498ca7b9eade069ad739690
952a5cd50d0f0dec628acb08bc86fc2f95c18be7
de299c4e9d5edec718e0aee7ea383a765383157db22f730049a940bacf8d5958

HTTP Headers

GET /export-file/en/id HTTP/1.1
Host: 46.30.44.144
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:27:57 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://46.30.44.144/export-file/en/id/

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 21:15:22 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Sxba0uxVCdrB9OMnjsgbmxV0ddt57hDDJA2fRhGNDyF7aC8-2jcFUg==
Age: 756

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4247
Expires: Mon, 26 Sep 2022 22:38:45 GMT
Date: Mon, 26 Sep 2022 21:27:58 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oyfQ8aLgZJj67NTD1uDwxhF4En8GkOcj161PWF50SpMHpnVGHoIERw==
age: 60763
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:27:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

46.30.44.144/export-file/en/id/

46.30.44.144

302 Moved Temporarily

0 B

URL HTTP/1.1
46.30.44.144/export-file/en/id/
IP
46.30.44.144:0
ASN
#210079 EuroByte LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /export-file/en/id/ HTTP/1.1
Host: 46.30.44.144
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:27:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Location: https://web.telegram-account.host/z/

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 21:10:46 GMT
Expires: Mon, 26 Sep 2022 21:35:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4zTeK3xQJs_kmNjlbIMfmXLaf-OxLyiVOhcHPDHEseSG8VDDLKXkXw==
Age: 1032

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c55f4f3c92628f05acb22ac3480be877
dbf35b0d707f92c555101309b9e4bcda7752e831
8ff5fb916e069722dc942bbc86ee1d627bc5d82fa5c40befb211ac39a6bc9103

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FF5FB916E069722DC942BBC86EE1D627BC5D82FA5C40BEFB211AC39A6BC9103"
Last-Modified: Mon, 26 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21544
Expires: Tue, 27 Sep 2022 03:27:02 GMT
Date: Mon, 26 Sep 2022 21:27:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5282
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:27:58 GMT
Last-Modified: Mon, 26 Sep 2022 19:59:56 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

web.telegram-account.host/z/

217.144.102.219

200 OK

1.9 kB

URL HTTP/1.1
web.telegram-account.host/z/
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2663)
Size
1.9 kB (1944 bytes)
Hash
d2aef851e04d9a0b9abddea91941c199
0a2c7d2847d8bdb387e2b9753e52c2164d9fb83f
d1c613b608e891b28c79be8e6e54cb14ab108c374cd461c259f7c730d2db2fe7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/ HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 1944
Content-Type: text/html
Date: Mon, 26 Sep 2022 21:27:58 GMT
Etag: W/"63302fc1-a29"
Expires: Mon, 26 Sep 2022 22:27:58 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0

push.services.mozilla.com/

54.189.35.180

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.35.180:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WJqT9Z9t2Qt3tiTxVlbo7A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CgUM2hXAiaYllPjR2IZ4P7pKlms=

web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css

217.144.102.219

200 OK

21 kB

URL HTTP/1.1
web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
Unicode text, UTF-8 text, with very long lines (22538)
Size
21 kB (20653 bytes)
Hash
4abb8ca698c49ffcfafa77f42601e5bc
396663c93288385238180924e41db06a5e245e7e
92dfeb00e5030ef608903cfd79e57ba84f0cdbccfb6965ad9bacc444e7639c9b

HTTP Headers

GET /z/main.5f8478ed77320e7b9dfd.css HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Type: text/css
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: W/"6322e0cd-12fb0"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Thu, 15 Sep 2022 08:22:37 GMT
Server: nginx/1.18.0
Transfer-Encoding: chunked

web.telegram-account.host/z/main.d59af413d56381119ab0.js

217.144.102.219

200 OK

90 kB

URL HTTP/1.1
web.telegram-account.host/z/main.d59af413d56381119ab0.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
90 kB (89564 bytes)
Hash
ceacc1e579ebcd77d6176ddb8f8cf67e
63632a7a2f5de77cea78da5d4b5048d74a62a27f
4699a7d104b134c2385f1318e72ee479acdfe769fc85c1582796feda6918a077

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/main.d59af413d56381119ab0.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 89564
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: W/"63302fc1-40bf1"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

217.144.102.219

200 OK

11 kB

URL HTTP/1.1
web.telegram-account.host/z/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0\012- data
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 11016
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: "62efecb8-2b08"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2

217.144.102.219

200 OK

11 kB

URL HTTP/1.1
web.telegram-account.host/z/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0\012- data
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 11056
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: "62efecb8-2b30"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0

ocsp.godaddy.com/

192.124.249.23

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
50368a8f606557fc855c52dc41fbeedb
fbeccb5c3ba4657c28bdafa3cad7ecd67fb42043
1c0fbcbe82fb77f79879f633594246c8b7fa785e9faa5c30ee9de45f6e2f4d83

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 21:28:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 21:07:19 GMT
Expires: Tue, 27 Sep 2022 21:07:19 GMT
ETag: "fbeccb5c3ba4657c28bdafa3cad7ecd67fb42043"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.23

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
29f112ca1cbb5f5a8b32d468b36b7b31
e8ec39b823d7dea7061de4e827ea6eb05d8ae778
eb030deb486daca79ef872a99d602c1ae698bf1baeeccd89090c0c0a961cdb6a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 21:28:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 20:26:08 GMT
Expires: Tue, 27 Sep 2022 20:26:08 GMT
ETag: "e8ec39b823d7dea7061de4e827ea6eb05d8ae778"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

telegram.me/_websync_?authed=0&version=1.52.8+Z

149.154.167.99

200 OK

24 B

URL HTTP/2
telegram.me/_websync_?authed=0&version=1.52.8+Z
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
01e9a6bdf6f882e64253608f6b3d65f3
b25d1264aeffa89799841518a2bccbb408b4437b
5191dd01952ad22c138d1fb8b253c4ba28ed0b823ac46648b4c033c605983ab9

HTTP Headers

GET /_websync_?authed=0&version=1.52.8+Z HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 26 Sep 2022 21:28:00 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

t.me/_websync_?authed=0&version=1.52.8+Z

149.154.167.99

200 OK

24 B

URL HTTP/2
t.me/_websync_?authed=0&version=1.52.8+Z
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
01e9a6bdf6f882e64253608f6b3d65f3
b25d1264aeffa89799841518a2bccbb408b4437b
5191dd01952ad22c138d1fb8b253c4ba28ed0b823ac46648b4c033c605983ab9

HTTP Headers

GET /_websync_?authed=0&version=1.52.8+Z HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 26 Sep 2022 21:28:00 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

web.telegram-account.host/z/7941.7394fb0b394c9ee95fb1.js

217.144.102.219

200 OK

2.7 kB

URL HTTP/1.1
web.telegram-account.host/z/7941.7394fb0b394c9ee95fb1.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
ASCII text, with very long lines (7890)
Size
2.7 kB (2701 bytes)
Hash
458a5acad8a138a1e55908bd60483482
117f0e82966c960fad0bb5d35d5377db2c4c823b
61d324fcadc59b94bfaf44202fbecae7a90c3cd6333a289047a11130db0fbbfc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/7941.7394fb0b394c9ee95fb1.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 2701
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"6329beee-1f08"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Tue, 20 Sep 2022 13:23:58 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/chat-bg-br.f34cc96fbfb048812820.png

217.144.102.219

200 OK

1.9 kB

URL HTTP/1.1
web.telegram-account.host/z/chat-bg-br.f34cc96fbfb048812820.png
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1920 bytes)
Hash
ff2989744d4813c906047582226abd28
41b973276f7a99af05115b89b401aceb02f573c8
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea

HTTP Headers

GET /z/chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 1920
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "62efecb8-780"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/1915.c5b3f01035517153521f.js

217.144.102.219

200 OK

8.5 kB

URL HTTP/1.1
web.telegram-account.host/z/1915.c5b3f01035517153521f.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
Unicode text, UTF-8 text, with very long lines (33530)
Size
8.5 kB (8508 bytes)
Hash
5f1c409f63f99e9d533b044f5018445f
4b2c7445e49aacb0573b2245f1463e1af443f604
13b2259199f3328ae8a6fff0e06aa06cf2855f258560d3226eaf09abac0e920e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/1915.c5b3f01035517153521f.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 8508
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"62efecb8-8338"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/6839.7574ee59f6159101b320.js

217.144.102.219

200 OK

14 kB

URL HTTP/1.1
web.telegram-account.host/z/6839.7574ee59f6159101b320.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
HTML document, Unicode text, UTF-8 text, with very long lines (46430)
Size
14 kB (13547 bytes)
Hash
3b1171e4610a6b5d8d8066cba9754bc5
f25d9bdc7fd1db06619fcd9894e47b17a8d68c18
5348fc6525aef17e05beb6a29aa7c03a74b4ad25ab384bffad02cb6b8b6a31f6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/6839.7574ee59f6159101b320.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 13547
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"631ef79b-b2ba"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Mon, 12 Sep 2022 09:10:51 GMT
Server: nginx/1.18.0

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7185 bytes)
Hash
6d79a3a5bd7dc7aa6cab306176fafd11
0d5cb1f3e3ea510308034a5e569c0e65fae30835
57979dfcf6fdc76f04e4790c2b94b876e188ac780aa49d9bfc8a58c498dc4203

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7185
x-amzn-requestid: e7b997d7-f9ce-40c6-b9bb-372ee10d8ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTAfEX5oAMFcHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb9c-31e295e33ead940f381121a1;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:43:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YW8Pk1qXdq3DBNRDO3abND1HGTqhUInN2Wo3N8Uzb0zzyXrsKPCvYg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:48:52 GMT
age: 85148
etag: "0d5cb1f3e3ea510308034a5e569c0e65fae30835"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8637 bytes)
Hash
d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HCJ483GPdpPhC7oYm1GrA02BqqST9sfqfCBSA93rZqaQYl-jezgP5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:20:40 GMT
age: 83240
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (14579 bytes)
Hash
f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: igIWZ2IhMA_GIovp4HgIHtGeDt5xoX0iThoQFKjnNJUYP_uMdO7FHw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 07:21:02 GMT
age: 50818
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6443 bytes)
Hash
3a75be68e82e6a0ba74932fbe74c7b30
36310320605833289e78cd248c45915363a0a0c3
56d709b77802037254b7922e3f85d1b1652b70dfc4b6c65b03e4149d3b1f22ca

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6443
x-amzn-requestid: b6f3be01-6086-4fc1-8bec-c4caa1fe806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSKMG04IAMFRxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330ca41-5452d1805d3f4d71303142c9;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tx-lL61dT3iakJd8VZw31hzMklubUDBQxE6LBhxsJUqyMM0bqCk73g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:28:23 GMT
age: 82777
etag: "36310320605833289e78cd248c45915363a0a0c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13584 bytes)
Hash
2c11e6fef1be62b971bd9daf378bfc95
ef9d756cbcda72cf7ef5029b7d384cd1fbaed633
b8369f83d6dddcd2355b81d8eb200791788165e56881ce21e1a1e9c8bb1bb2ef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13584
x-amzn-requestid: 198bd2b4-d4ae-4f19-a500-463aee52b890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHgFdNoAMFwEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc9-19a1f7d2102820da4b21f18b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yl8BCwdlIePsc4gIX4IYH0L6NHipn_5fBsa9nyYy14w0m49jPUYXBw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:51 GMT
age: 84609
etag: "ef9d756cbcda72cf7ef5029b7d384cd1fbaed633"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5157 bytes)
Hash
2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 83864
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js

217.144.102.219

200 OK

2.3 kB

URL HTTP/1.1
web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
ASCII text, with very long lines (4706)
Size
2.3 kB (2282 bytes)
Hash
5c8a620a1846c9dfa332e27bb63194c0
cc9ce8a1fbb700b8e7df13a17573cf0f92117efa
60733cfcb78ade4bacad7625d5422c171003af77090d75117ea12d536d180af0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/2993.16c8478e66c86b4e22be.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 2282
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"63302fc1-1298"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/chat-bg-pattern-light.ee148af944f6580293ae.png

217.144.102.219

200 OK

273 kB

URL HTTP/1.1
web.telegram-account.host/z/chat-bg-pattern-light.ee148af944f6580293ae.png
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
PNG image data, 1123 x 2307, 4-bit colormap, non-interlaced\012- data
Size
273 kB (272875 bytes)
Hash
3d558d8de7082a2b2355076c8988c3fd
d74980e29b0ec2f102b0dcd614503fd42a255b85
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7

HTTP Headers

GET /z/chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 272875
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "62efecb8-429eb"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/8090.95514dc1ca682393cf02.js

217.144.102.219

200 OK

111 kB

URL HTTP/1.1
web.telegram-account.host/z/8090.95514dc1ca682393cf02.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
ASCII text, with very long lines (65536), with no line terminators
Size
111 kB (111206 bytes)
Hash
3e1534c6d883c78e3e03a76215315900
9c764b76785772ac9d197269a25a316d1241bf88
5c784783dfb2ae4b81119d04b14170c78739075cf9bd80a0e70603ce8e265d1c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/8090.95514dc1ca682393cf02.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 111206
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"63302fc1-62103"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/5802.5a998479cf43543543ff.js

217.144.102.219

200 OK

7.4 kB

URL HTTP/1.1
web.telegram-account.host/z/5802.5a998479cf43543543ff.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
ASCII text, with very long lines (20561)
Size
7.4 kB (7421 bytes)
Hash
448ca087d8a5b5a70ad73f795ff651cd
a4d48d9ad3a710f5df24fcea4e05906f13e09275
4992cf4264a8e52a27153f7211b1b0a1c0c5348a12d6f7721f27cc83c1f7a2a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/5802.5a998479cf43543543ff.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 7421
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"6287bae7-50da"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Fri, 20 May 2022 15:59:35 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/1516.d65ebe46f9458ef62bd5.js

217.144.102.219

200 OK

3.2 kB

URL HTTP/1.1
web.telegram-account.host/z/1516.d65ebe46f9458ef62bd5.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
ASCII text, with very long lines (7426)
Size
3.2 kB (3159 bytes)
Hash
0861751af7cd14c107afae798d49c599
baa10a155d15e7b5eb98d648c21d3f10b0645ea3
d7081a5d43ae27e6e84418a6b59dd35d7f8d6412973b7ff3f8bea151413360e5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/1516.d65ebe46f9458ef62bd5.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 3159
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"63302fc1-1d38"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/favicon.svg

217.144.102.219

200 OK

892 B

URL HTTP/1.1
web.telegram-account.host/z/favicon.svg
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (892), with no line terminators
Size
892 B (892 bytes)
Hash
d9ee2d4b0edd9f8ba2fb7242162c2c47
398522893cf2cdefb5176f11bc67eab31c2d7382
a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/favicon.svg HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 892
Content-Type: image/svg+xml
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "6166c642-37c"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Wed, 13 Oct 2021 11:42:58 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/icon-192x192.png

217.144.102.219

200 OK

3.1 kB

URL HTTP/1.1
web.telegram-account.host/z/icon-192x192.png
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
3.1 kB (3059 bytes)
Hash
1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8

HTTP Headers

GET /z/icon-192x192.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 3059
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "6166c642-bf3"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Wed, 13 Oct 2021 11:42:58 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/rlottie-wasm.js

217.144.102.219

200 OK

24 kB

URL HTTP/1.1
web.telegram-account.host/z/rlottie-wasm.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23712 bytes)
Hash
f077347c5953b552c4bf167d9f03a1ea
ffc98d3c9e2fca0c91071815dc4ecba0a0577de0
8260a8d4d71790db0ece34debcc0adfedf2ca8f7e385e28eb2fa535e332060a1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/rlottie-wasm.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 23712
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"608a011a-15695"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Thu, 29 Apr 2021 00:43:06 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/5313.3417bfbe0af0b56e2830.js

217.144.102.219

200 OK

21 kB

URL HTTP/1.1
web.telegram-account.host/z/5313.3417bfbe0af0b56e2830.js
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
ASCII text, with very long lines (65453)
Size
21 kB (21064 bytes)
Hash
48e148ebf2c58a5820532f97406cd4ab
53dd8b9535ab5b32942456a18e9c40ba1295aaed
f5de6008bb4573321beba95f95c27cd7bbd1fe44c1ef25e3fd3a8947194b1be5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/5313.3417bfbe0af0b56e2830.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/8090.95514dc1ca682393cf02.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 21064
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"6287bae7-11136"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Fri, 20 May 2022 15:59:35 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/rlottie-wasm.wasm

217.144.102.219

200 OK

134 kB

URL HTTP/1.1
web.telegram-account.host/z/rlottie-wasm.wasm
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
WebAssembly (wasm) binary module version 0x1 (MVP)\012- data
Size
134 kB (134238 bytes)
Hash
1972951cc4b562a0a1bc770b8dd82214
ce196e05a711eac9ae13ad444eb80115cb68f38c
1730a5d5f025f607594d55fa78056234b7ff67a29a0472bb157b5b5d27939c69

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/rlottie-wasm.wasm HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 134238
Content-Type: application/wasm
Date: Mon, 26 Sep 2022 21:28:01 GMT
Etag: W/"608a011a-4d890"
Expires: Mon, 26 Sep 2022 22:28:01 GMT
Last-Modified: Thu, 29 Apr 2021 00:43:06 GMT
Server: nginx/1.18.0

web.telegram-account.host/z/QrPlane.a921709f266564f65b7e.tgs

217.144.102.219

200 OK

2.1 kB

URL HTTP/1.1
web.telegram-account.host/z/QrPlane.a921709f266564f65b7e.tgs
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
gzip compressed data, was "PlaneLogoPlain.json", last modified: Fri Dec 17 11:58:31 2021, from Unix\012- data
Size
2.1 kB (2101 bytes)
Hash
9fe5425a55be5cfd60c1ee5f2ca2c733
6055dbe3afe9575b921a9863534e91428a847021
486cbe566d05f023f3c72ec00b55f921deb1f7aed2efb630fe717425e2d98d0a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /z/QrPlane.a921709f266564f65b7e.tgs HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 2101
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 21:28:01 GMT
Etag: "62efecb8-835"
Expires: Mon, 26 Sep 2022 22:28:01 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0

zws2.web.telegram.org/apiws

149.154.167.99

101 Switching Protocols

0 B

URL HTTP/1.1
zws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web.telegram-account.host
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Kkig+4vMYNHzWgDrv4p0ag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Mon, 26 Sep 2022 21:28:02 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pVZOsP58wFqvxJYc7PAhdTW4U9w=
Sec-WebSocket-Protocol: binary

ocsp.godaddy.com/

192.124.249.23

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
c61102238e8e0fed5a3902b5037f91b3
e8c2878c7ef536038a3b0a92513e56e5f21c2507
96b913fac3388a78dc0480f94872e0a920c43bc1d408a027e11add77036cb21b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 21:28:03 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 18:35:02 GMT
Expires: Tue, 27 Sep 2022 18:35:02 GMT
ETag: "e8c2878c7ef536038a3b0a92513e56e5f21c2507"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

web.telegram-account.host/z/blank.8dd283bceccca95a48d8.png

217.144.102.219

200 OK

68 B

URL HTTP/1.1
web.telegram-account.host/z/blank.8dd283bceccca95a48d8.png
IP
217.144.102.219:0
ASN
#210079 EuroByte LLC

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

HTTP Headers

GET /z/blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.telegram-account.host/z/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 68
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:04 GMT
Etag: "62efecb8-44"
Expires: Mon, 26 Sep 2022 22:28:04 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (48)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size