46.30.44.144/export-file/en/id
46.30.44.144301 Moved Permanently 246 B URL HTTP/1.1 46.30.44.144/export-file/en/id
IP 46.30.44.144:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ee4fe79ff498ca7b9eade069ad739690
952a5cd50d0f0dec628acb08bc86fc2f95c18be7
de299c4e9d5edec718e0aee7ea383a765383157db22f730049a940bacf8d5958
GET /export-file/en/id HTTP/1.1
Host: 46.30.44.144
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:27:57 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://46.30.44.144/export-file/en/id/
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 21:15:22 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Sxba0uxVCdrB9OMnjsgbmxV0ddt57hDDJA2fRhGNDyF7aC8-2jcFUg==
Age: 756
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4247
Expires: Mon, 26 Sep 2022 22:38:45 GMT
Date: Mon, 26 Sep 2022 21:27:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oyfQ8aLgZJj67NTD1uDwxhF4En8GkOcj161PWF50SpMHpnVGHoIERw==
age: 60763
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:27:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
46.30.44.144/export-file/en/id/
46.30.44.144302 Moved Temporarily 0 B URL HTTP/1.1 46.30.44.144/export-file/en/id/
IP 46.30.44.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /export-file/en/id/ HTTP/1.1
Host: 46.30.44.144
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:27:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Location: https://web.telegram-account.host/z/
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 21:10:46 GMT
Expires: Mon, 26 Sep 2022 21:35:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4zTeK3xQJs_kmNjlbIMfmXLaf-OxLyiVOhcHPDHEseSG8VDDLKXkXw==
Age: 1032
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c55f4f3c92628f05acb22ac3480be877
dbf35b0d707f92c555101309b9e4bcda7752e831
8ff5fb916e069722dc942bbc86ee1d627bc5d82fa5c40befb211ac39a6bc9103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FF5FB916E069722DC942BBC86EE1D627BC5D82FA5C40BEFB211AC39A6BC9103"
Last-Modified: Mon, 26 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21544
Expires: Tue, 27 Sep 2022 03:27:02 GMT
Date: Mon, 26 Sep 2022 21:27:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5282
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:27:58 GMT
Last-Modified: Mon, 26 Sep 2022 19:59:56 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
web.telegram-account.host/z/
217.144.102.219200 OK 1.9 kB URL HTTP/1.1 web.telegram-account.host/z/
IP 217.144.102.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2663)
Hash d2aef851e04d9a0b9abddea91941c199
0a2c7d2847d8bdb387e2b9753e52c2164d9fb83f
d1c613b608e891b28c79be8e6e54cb14ab108c374cd461c259f7c730d2db2fe7
Analyzer Verdict Alert fortinet Phishing
GET /z/ HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 1944
Content-Type: text/html
Date: Mon, 26 Sep 2022 21:27:58 GMT
Etag: W/"63302fc1-a29"
Expires: Mon, 26 Sep 2022 22:27:58 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0
push.services.mozilla.com/
54.189.35.180101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.35.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WJqT9Z9t2Qt3tiTxVlbo7A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CgUM2hXAiaYllPjR2IZ4P7pKlms=
web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
217.144.102.219200 OK 21 kB URL HTTP/1.1 web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
IP 217.144.102.219:0
File type Unicode text, UTF-8 text, with very long lines (22538)
Hash 4abb8ca698c49ffcfafa77f42601e5bc
396663c93288385238180924e41db06a5e245e7e
92dfeb00e5030ef608903cfd79e57ba84f0cdbccfb6965ad9bacc444e7639c9b
GET /z/main.5f8478ed77320e7b9dfd.css HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Type: text/css
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: W/"6322e0cd-12fb0"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Thu, 15 Sep 2022 08:22:37 GMT
Server: nginx/1.18.0
Transfer-Encoding: chunked
web.telegram-account.host/z/main.d59af413d56381119ab0.js
217.144.102.219200 OK 90 kB URL HTTP/1.1 web.telegram-account.host/z/main.d59af413d56381119ab0.js
IP 217.144.102.219:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash ceacc1e579ebcd77d6176ddb8f8cf67e
63632a7a2f5de77cea78da5d4b5048d74a62a27f
4699a7d104b134c2385f1318e72ee479acdfe769fc85c1582796feda6918a077
Analyzer Verdict Alert fortinet Phishing
GET /z/main.d59af413d56381119ab0.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 89564
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: W/"63302fc1-40bf1"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
217.144.102.219200 OK 11 kB URL HTTP/1.1 web.telegram-account.host/z/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP 217.144.102.219:0
File type Web Open Font Format (Version 2), TrueType, length 11016, version 1.0\012- data
Hash 15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer Verdict Alert fortinet Phishing
GET /z/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 11016
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: "62efecb8-2b08"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
217.144.102.219200 OK 11 kB URL HTTP/1.1 web.telegram-account.host/z/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
IP 217.144.102.219:0
File type Web Open Font Format (Version 2), TrueType, length 11056, version 1.0\012- data
Hash 07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer Verdict Alert fortinet Phishing
GET /z/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 11056
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 21:27:59 GMT
Etag: "62efecb8-2b30"
Expires: Mon, 26 Sep 2022 22:27:59 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 50368a8f606557fc855c52dc41fbeedb
fbeccb5c3ba4657c28bdafa3cad7ecd67fb42043
1c0fbcbe82fb77f79879f633594246c8b7fa785e9faa5c30ee9de45f6e2f4d83
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 21:28:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 21:07:19 GMT
Expires: Tue, 27 Sep 2022 21:07:19 GMT
ETag: "fbeccb5c3ba4657c28bdafa3cad7ecd67fb42043"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 29f112ca1cbb5f5a8b32d468b36b7b31
e8ec39b823d7dea7061de4e827ea6eb05d8ae778
eb030deb486daca79ef872a99d602c1ae698bf1baeeccd89090c0c0a961cdb6a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 21:28:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 20:26:08 GMT
Expires: Tue, 27 Sep 2022 20:26:08 GMT
ETag: "e8ec39b823d7dea7061de4e827ea6eb05d8ae778"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
telegram.me/_websync_?authed=0&version=1.52.8+Z
149.154.167.99200 OK 24 B URL HTTP/2 telegram.me/_websync_?authed=0&version=1.52.8+Z
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type ASCII text, with no line terminators
Hash 01e9a6bdf6f882e64253608f6b3d65f3
b25d1264aeffa89799841518a2bccbb408b4437b
5191dd01952ad22c138d1fb8b253c4ba28ed0b823ac46648b4c033c605983ab9
GET /_websync_?authed=0&version=1.52.8+Z HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 26 Sep 2022 21:28:00 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2
t.me/_websync_?authed=0&version=1.52.8+Z
149.154.167.99200 OK 24 B URL HTTP/2 t.me/_websync_?authed=0&version=1.52.8+Z
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type ASCII text, with no line terminators
Hash 01e9a6bdf6f882e64253608f6b3d65f3
b25d1264aeffa89799841518a2bccbb408b4437b
5191dd01952ad22c138d1fb8b253c4ba28ed0b823ac46648b4c033c605983ab9
GET /_websync_?authed=0&version=1.52.8+Z HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 26 Sep 2022 21:28:00 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2
web.telegram-account.host/z/7941.7394fb0b394c9ee95fb1.js
217.144.102.219200 OK 2.7 kB URL HTTP/1.1 web.telegram-account.host/z/7941.7394fb0b394c9ee95fb1.js
IP 217.144.102.219:0
File type ASCII text, with very long lines (7890)
Hash 458a5acad8a138a1e55908bd60483482
117f0e82966c960fad0bb5d35d5377db2c4c823b
61d324fcadc59b94bfaf44202fbecae7a90c3cd6333a289047a11130db0fbbfc
Analyzer Verdict Alert fortinet Phishing
GET /z/7941.7394fb0b394c9ee95fb1.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 2701
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"6329beee-1f08"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Tue, 20 Sep 2022 13:23:58 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/chat-bg-br.f34cc96fbfb048812820.png
217.144.102.219200 OK 1.9 kB URL HTTP/1.1 web.telegram-account.host/z/chat-bg-br.f34cc96fbfb048812820.png
IP 217.144.102.219:0
File type PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced\012- data
Hash ff2989744d4813c906047582226abd28
41b973276f7a99af05115b89b401aceb02f573c8
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea
GET /z/chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 1920
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "62efecb8-780"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/1915.c5b3f01035517153521f.js
217.144.102.219200 OK 8.5 kB URL HTTP/1.1 web.telegram-account.host/z/1915.c5b3f01035517153521f.js
IP 217.144.102.219:0
File type Unicode text, UTF-8 text, with very long lines (33530)
Hash 5f1c409f63f99e9d533b044f5018445f
4b2c7445e49aacb0573b2245f1463e1af443f604
13b2259199f3328ae8a6fff0e06aa06cf2855f258560d3226eaf09abac0e920e
Analyzer Verdict Alert fortinet Phishing
GET /z/1915.c5b3f01035517153521f.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 8508
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"62efecb8-8338"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/6839.7574ee59f6159101b320.js
217.144.102.219200 OK 14 kB URL HTTP/1.1 web.telegram-account.host/z/6839.7574ee59f6159101b320.js
IP 217.144.102.219:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (46430)
Hash 3b1171e4610a6b5d8d8066cba9754bc5
f25d9bdc7fd1db06619fcd9894e47b17a8d68c18
5348fc6525aef17e05beb6a29aa7c03a74b4ad25ab384bffad02cb6b8b6a31f6
Analyzer Verdict Alert fortinet Phishing
GET /z/6839.7574ee59f6159101b320.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 13547
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"631ef79b-b2ba"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Mon, 12 Sep 2022 09:10:51 GMT
Server: nginx/1.18.0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7402
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:28:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d79a3a5bd7dc7aa6cab306176fafd11
0d5cb1f3e3ea510308034a5e569c0e65fae30835
57979dfcf6fdc76f04e4790c2b94b876e188ac780aa49d9bfc8a58c498dc4203
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7185
x-amzn-requestid: e7b997d7-f9ce-40c6-b9bb-372ee10d8ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTAfEX5oAMFcHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb9c-31e295e33ead940f381121a1;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:43:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YW8Pk1qXdq3DBNRDO3abND1HGTqhUInN2Wo3N8Uzb0zzyXrsKPCvYg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:48:52 GMT
age: 85148
etag: "0d5cb1f3e3ea510308034a5e569c0e65fae30835"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HCJ483GPdpPhC7oYm1GrA02BqqST9sfqfCBSA93rZqaQYl-jezgP5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:20:40 GMT
age: 83240
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: igIWZ2IhMA_GIovp4HgIHtGeDt5xoX0iThoQFKjnNJUYP_uMdO7FHw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 07:21:02 GMT
age: 50818
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a75be68e82e6a0ba74932fbe74c7b30
36310320605833289e78cd248c45915363a0a0c3
56d709b77802037254b7922e3f85d1b1652b70dfc4b6c65b03e4149d3b1f22ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6443
x-amzn-requestid: b6f3be01-6086-4fc1-8bec-c4caa1fe806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSKMG04IAMFRxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330ca41-5452d1805d3f4d71303142c9;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tx-lL61dT3iakJd8VZw31hzMklubUDBQxE6LBhxsJUqyMM0bqCk73g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:28:23 GMT
age: 82777
etag: "36310320605833289e78cd248c45915363a0a0c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c11e6fef1be62b971bd9daf378bfc95
ef9d756cbcda72cf7ef5029b7d384cd1fbaed633
b8369f83d6dddcd2355b81d8eb200791788165e56881ce21e1a1e9c8bb1bb2ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13584
x-amzn-requestid: 198bd2b4-d4ae-4f19-a500-463aee52b890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHgFdNoAMFwEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc9-19a1f7d2102820da4b21f18b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yl8BCwdlIePsc4gIX4IYH0L6NHipn_5fBsa9nyYy14w0m49jPUYXBw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:51 GMT
age: 84609
etag: "ef9d756cbcda72cf7ef5029b7d384cd1fbaed633"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 83864
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
217.144.102.219200 OK 2.3 kB URL HTTP/1.1 web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
IP 217.144.102.219:0
File type ASCII text, with very long lines (4706)
Hash 5c8a620a1846c9dfa332e27bb63194c0
cc9ce8a1fbb700b8e7df13a17573cf0f92117efa
60733cfcb78ade4bacad7625d5422c171003af77090d75117ea12d536d180af0
Analyzer Verdict Alert fortinet Phishing
GET /z/2993.16c8478e66c86b4e22be.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 2282
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"63302fc1-1298"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/chat-bg-pattern-light.ee148af944f6580293ae.png
217.144.102.219200 OK 273 kB URL HTTP/1.1 web.telegram-account.host/z/chat-bg-pattern-light.ee148af944f6580293ae.png
IP 217.144.102.219:0
File type PNG image data, 1123 x 2307, 4-bit colormap, non-interlaced\012- data
Size 273 kB (272875 bytes)
Hash 3d558d8de7082a2b2355076c8988c3fd
d74980e29b0ec2f102b0dcd614503fd42a255b85
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7
GET /z/chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/main.5f8478ed77320e7b9dfd.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 272875
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "62efecb8-429eb"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/8090.95514dc1ca682393cf02.js
217.144.102.219200 OK 111 kB URL HTTP/1.1 web.telegram-account.host/z/8090.95514dc1ca682393cf02.js
IP 217.144.102.219:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 111 kB (111206 bytes)
Hash 3e1534c6d883c78e3e03a76215315900
9c764b76785772ac9d197269a25a316d1241bf88
5c784783dfb2ae4b81119d04b14170c78739075cf9bd80a0e70603ce8e265d1c
Analyzer Verdict Alert fortinet Phishing
GET /z/8090.95514dc1ca682393cf02.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 111206
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"63302fc1-62103"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/5802.5a998479cf43543543ff.js
217.144.102.219200 OK 7.4 kB URL HTTP/1.1 web.telegram-account.host/z/5802.5a998479cf43543543ff.js
IP 217.144.102.219:0
File type ASCII text, with very long lines (20561)
Hash 448ca087d8a5b5a70ad73f795ff651cd
a4d48d9ad3a710f5df24fcea4e05906f13e09275
4992cf4264a8e52a27153f7211b1b0a1c0c5348a12d6f7721f27cc83c1f7a2a7
Analyzer Verdict Alert fortinet Phishing
GET /z/5802.5a998479cf43543543ff.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 7421
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"6287bae7-50da"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Fri, 20 May 2022 15:59:35 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/1516.d65ebe46f9458ef62bd5.js
217.144.102.219200 OK 3.2 kB URL HTTP/1.1 web.telegram-account.host/z/1516.d65ebe46f9458ef62bd5.js
IP 217.144.102.219:0
File type ASCII text, with very long lines (7426)
Hash 0861751af7cd14c107afae798d49c599
baa10a155d15e7b5eb98d648c21d3f10b0645ea3
d7081a5d43ae27e6e84418a6b59dd35d7f8d6412973b7ff3f8bea151413360e5
Analyzer Verdict Alert fortinet Phishing
GET /z/1516.d65ebe46f9458ef62bd5.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 3159
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"63302fc1-1d38"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Sun, 25 Sep 2022 10:38:57 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/favicon.svg
217.144.102.219200 OK 892 B URL HTTP/1.1 web.telegram-account.host/z/favicon.svg
IP 217.144.102.219:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (892), with no line terminators
Hash d9ee2d4b0edd9f8ba2fb7242162c2c47
398522893cf2cdefb5176f11bc67eab31c2d7382
a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010
Analyzer Verdict Alert fortinet Phishing
GET /z/favicon.svg HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 892
Content-Type: image/svg+xml
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "6166c642-37c"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Wed, 13 Oct 2021 11:42:58 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/icon-192x192.png
217.144.102.219200 OK 3.1 kB URL HTTP/1.1 web.telegram-account.host/z/icon-192x192.png
IP 217.144.102.219:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8
GET /z/icon-192x192.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 3059
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: "6166c642-bf3"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Wed, 13 Oct 2021 11:42:58 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/rlottie-wasm.js
217.144.102.219200 OK 24 kB URL HTTP/1.1 web.telegram-account.host/z/rlottie-wasm.js
IP 217.144.102.219:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f077347c5953b552c4bf167d9f03a1ea
ffc98d3c9e2fca0c91071815dc4ecba0a0577de0
8260a8d4d71790db0ece34debcc0adfedf2ca8f7e385e28eb2fa535e332060a1
Analyzer Verdict Alert fortinet Phishing
GET /z/rlottie-wasm.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 23712
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"608a011a-15695"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Thu, 29 Apr 2021 00:43:06 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/5313.3417bfbe0af0b56e2830.js
217.144.102.219200 OK 21 kB URL HTTP/1.1 web.telegram-account.host/z/5313.3417bfbe0af0b56e2830.js
IP 217.144.102.219:0
File type ASCII text, with very long lines (65453)
Hash 48e148ebf2c58a5820532f97406cd4ab
53dd8b9535ab5b32942456a18e9c40ba1295aaed
f5de6008bb4573321beba95f95c27cd7bbd1fe44c1ef25e3fd3a8947194b1be5
Analyzer Verdict Alert fortinet Phishing
GET /z/5313.3417bfbe0af0b56e2830.js HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web.telegram-account.host/z/8090.95514dc1ca682393cf02.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 21064
Content-Type: application/javascript
Date: Mon, 26 Sep 2022 21:28:00 GMT
Etag: W/"6287bae7-11136"
Expires: Mon, 26 Sep 2022 22:28:00 GMT
Last-Modified: Fri, 20 May 2022 15:59:35 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/rlottie-wasm.wasm
217.144.102.219200 OK 134 kB URL HTTP/1.1 web.telegram-account.host/z/rlottie-wasm.wasm
IP 217.144.102.219:0
File type WebAssembly (wasm) binary module version 0x1 (MVP)\012- data
Size 134 kB (134238 bytes)
Hash 1972951cc4b562a0a1bc770b8dd82214
ce196e05a711eac9ae13ad444eb80115cb68f38c
1730a5d5f025f607594d55fa78056234b7ff67a29a0472bb157b5b5d27939c69
Analyzer Verdict Alert fortinet Phishing
GET /z/rlottie-wasm.wasm HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Length: 134238
Content-Type: application/wasm
Date: Mon, 26 Sep 2022 21:28:01 GMT
Etag: W/"608a011a-4d890"
Expires: Mon, 26 Sep 2022 22:28:01 GMT
Last-Modified: Thu, 29 Apr 2021 00:43:06 GMT
Server: nginx/1.18.0
web.telegram-account.host/z/QrPlane.a921709f266564f65b7e.tgs
217.144.102.219200 OK 2.1 kB URL HTTP/1.1 web.telegram-account.host/z/QrPlane.a921709f266564f65b7e.tgs
IP 217.144.102.219:0
File type gzip compressed data, was "PlaneLogoPlain.json", last modified: Fri Dec 17 11:58:31 2021, from Unix\012- data
Hash 9fe5425a55be5cfd60c1ee5f2ca2c733
6055dbe3afe9575b921a9863534e91428a847021
486cbe566d05f023f3c72ec00b55f921deb1f7aed2efb630fe717425e2d98d0a
Analyzer Verdict Alert fortinet Phishing
GET /z/QrPlane.a921709f266564f65b7e.tgs HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.telegram-account.host/z/2993.16c8478e66c86b4e22be.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 2101
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 21:28:01 GMT
Etag: "62efecb8-835"
Expires: Mon, 26 Sep 2022 22:28:01 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0
zws2.web.telegram.org/apiws
149.154.167.99101 Switching Protocols 0 B URL HTTP/1.1 zws2.web.telegram.org/apiws
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web.telegram-account.host
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Kkig+4vMYNHzWgDrv4p0ag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Mon, 26 Sep 2022 21:28:02 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pVZOsP58wFqvxJYc7PAhdTW4U9w=
Sec-WebSocket-Protocol: binary
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash c61102238e8e0fed5a3902b5037f91b3
e8c2878c7ef536038a3b0a92513e56e5f21c2507
96b913fac3388a78dc0480f94872e0a920c43bc1d408a027e11add77036cb21b
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 21:28:03 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 18:35:02 GMT
Expires: Tue, 27 Sep 2022 18:35:02 GMT
ETag: "e8c2878c7ef536038a3b0a92513e56e5f21c2507"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
web.telegram-account.host/z/blank.8dd283bceccca95a48d8.png
217.144.102.219200 OK 68 B URL HTTP/1.1 web.telegram-account.host/z/blank.8dd283bceccca95a48d8.png
IP 217.144.102.219:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /z/blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.telegram-account.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.telegram-account.host/z/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Length: 68
Content-Type: image/png
Date: Mon, 26 Sep 2022 21:28:04 GMT
Etag: "62efecb8-44"
Expires: Mon, 26 Sep 2022 22:28:04 GMT
Last-Modified: Sun, 07 Aug 2022 16:47:52 GMT
Server: nginx/1.18.0