Report - telegrom-fw.com/

Report Overview

Submitted URL
telegrom-fw.com/
IP
188.114.96.4
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 00:56:05
Access
public
Website Title
Telegram Web
Final URL
telegrom-fw.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
116

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
venus.web.telegram.org	47739	2003-12-15	2017-01-29	2024-04-16	820 B	999 B	149.154.167.99
kws2.web.telegram.org	49675	2003-12-15	2021-06-23	2024-04-17	2.3 kB	872 B	149.154.167.99
ia.51.la	59607	2005-01-17	2017-10-31	2024-04-14	650 B	304 B	203.107.86.226
js.users.51.la	53024	2005-01-17	2012-05-30	2024-04-16	400 B	5.5 kB	47.246.44.202
telegrom-fw.com	unknown	unknown	No data	No data	16 kB	580 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram
2024-04-17	medium	telegrom-fw.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed
2024-04-18	medium	telegrom-fw.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	js.users.51.la/21862019.js	4.9 kB	2024-04-18	2024-04-28
Pretty URL js.users.51.la/21862019.js IP 47.246.44.202 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 02:56:11 Last Seen2024-04-28 19:21:47 Times Seen6 Hash 9301b84e3564c5bb7b02efd5e36c60fe eaf6df9f55d952afbb2903c7d38da7a598e6e929 1b4b59de8752147bb8a666b3e7b3e4bcb7b0ec4f8c20a544a725f79e82762411 Loading...

	telegrom-fw.com/pageSignQR-BuEZqNkj.js	5.7 kB	2024-04-05	2024-04-28
Pretty URL telegrom-fw.com/pageSignQR-BuEZqNkj.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-05 20:07:32 Last Seen2024-04-28 19:21:47 Times Seen17 Hash c1216adcb6764e759cd5998ef61b0a5c 5ea307b65b6c15b15b061016c0950a9d842aeff7 11f97697956f29406c3ce66d8d6d67e357e7620a4592f1c9a4d4f6a60deab89f Loading...

	telegrom-fw.com/page-g1hbv_Nl.js	10 kB	2024-04-05	2024-04-28
Pretty URL telegrom-fw.com/page-g1hbv_Nl.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-05 20:07:32 Last Seen2024-04-28 19:21:47 Times Seen28 Hash d440faca4d406ba2c6b1d5a02e0c2300 5b6d6948eb17a1d8901f9c0ceb4618c3a722f373 00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279 Loading...

	telegrom-fw.com/textToSvgURL-Cnw_Q8Rw.js	357 B	2024-03-27	2024-04-30
Pretty URL telegrom-fw.com/textToSvgURL-Cnw_Q8Rw.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-04-30 05:55:10 Times Seen28 Hash 3f6402acb182a218e34ebe26b03fcd23 2601dfbce5087a38142e34596e5b094c7760dc80 88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998 Loading...

	telegrom-fw.com/qr-code-styling-BqER1AUU.js	66 kB	2024-03-27	2024-04-28
Pretty URL telegrom-fw.com/qr-code-styling-BqER1AUU.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-04-28 19:21:47 Times Seen17 Hash fea56d870467eee7980f4cfe0485c514 c4ee632b8825e210c494d34209a4d118a2b221a2 3a096f8810bd6d74877f45109b2f177acc1a452dedca404611dae397597440c4 Loading...

	telegrom-fw.com/countries-CzeCvYH8.js	24 kB	2024-03-27	2024-04-30
Pretty URL telegrom-fw.com/countries-CzeCvYH8.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-04-30 05:55:10 Times Seen22 Hash 24d43ec6ffdef8fdf4310a4a8b65b206 8974a9f0f2a76920b5080c3f239fe21396e4ce73 6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae Loading...

	telegrom-fw.com/langSign-CN-ja8rh.js	1.8 kB	2024-04-18	2024-04-28
Pretty URL telegrom-fw.com/langSign-CN-ja8rh.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 02:56:11 Last Seen2024-04-28 19:21:47 Times Seen3 Hash c63d5da5bd7ba7ce9950e3344d0b4b15 c9b4b0e4aaaca6618ca5a473d59ea1fb4e63b113 9d92f0262e8470ee576294573f41f46a57e1f5d81f91e4e2b31a03138549ece6 Loading...

	telegrom-fw.com/login.js?124	4.7 kB	2024-04-18	2024-04-28
Pretty URL telegrom-fw.com/login.js?124 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 02:56:11 Last Seen2024-04-28 19:21:47 Times Seen5 Hash bd733b64679f49fc281fbdd997ce4cf3 54a9352a395c687dbec03a508e2c4b30c93e4f0a 62811731f6e1d7914ce7ff10c4ac63c49bb2abdea0ba71bb14f83a959dea0df1 Loading...

	telegrom-fw.com/button-B3xQoZLZ.js	8.8 kB	2024-04-05	2024-04-28
Pretty URL telegrom-fw.com/button-B3xQoZLZ.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-05 20:07:32 Last Seen2024-04-28 19:21:47 Times Seen17 Hash 4bcb39a4d50ae506798c5d162e3f59f1 1da55ba7a3886fc018129f9446c382239426f465 3337b82c7bcd2719f17e92190ffb2561a54bca4901a0ef9b7dd73054cf4f4e6e Loading...

	telegrom-fw.com/putPreloader-B4MN6Snw.js	699 B	2024-04-05	2024-04-28
Pretty URL telegrom-fw.com/putPreloader-B4MN6Snw.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-05 20:07:32 Last Seen2024-04-28 19:21:47 Times Seen15 Hash 44a29c8706c72bbe919547ed1b7d8066 9e64e7a4ed6324fa80d58ed70b698ea935d560b7 1e1c221a3074721e056507e2191d0c5bbcdcbd537b4c5d9a60c6b9235c8c397e Loading...

	telegrom-fw.com/_commonjsHelpers-Cpj98o6Y.js	290 B	2024-03-27	2024-04-28
Pretty URL telegrom-fw.com/_commonjsHelpers-Cpj98o6Y.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-27 05:15:17 Last Seen2024-04-28 19:21:47 Times Seen18 Hash bbbefd4e3c7c2ef2ae262565d6edf65e fbdb4413462ae109c237c5fc96e91212a27f9131 7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48 Loading...

	telegrom-fw.com/index-zu6iQa6e.js	135 kB	2024-04-05	2024-04-28
Pretty URL telegrom-fw.com/index-zu6iQa6e.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-05 20:07:33 Last Seen2024-04-28 19:21:47 Times Seen17 Hash f50da1b030a791cee103899815ff958a 0985034c990409c0ec2f5f44d41adbf510eb709a 95da12467f4a2b799546b83f27f8f845c393343ba58cf3c9a9e635a02a3a82e7 Loading...

	telegrom-fw.com/lang-CQhMF3zZ.js	121 kB	2024-04-05	2024-04-28
Pretty URL telegrom-fw.com/lang-CQhMF3zZ.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-05 20:07:32 Last Seen2024-04-28 19:21:47 Times Seen18 Hash 202f3aa9967436024f13078cdc6e7bf3 ec2f96fd70174080f758a5f8cdc28c2dcf2c0b31 dd12733aeb807f4e3e15388ca87e049d50b4dc006e5cb6b8d75edc981c4a387d Loading...

HTTP Transactions (38)

URL IP Response Size

js.users.51.la/21862019.js

47.246.44.202

200 OK

4.9 kB

URL GET HTTP/1.1
js.users.51.la/21862019.js
IP
47.246.44.202:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://telegrom-fw.com/
Certificate
IssuerGlobalSign nv-sa
Subject*.users.51.la
Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39
ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT

File type
JavaScript source, ASCII text, with very long lines (4898), with no line terminators
Size
4.9 kB (4898 bytes)
Hash
9301b84e3564c5bb7b02efd5e36c60fe
eaf6df9f55d952afbb2903c7d38da7a598e6e929
1b4b59de8752147bb8a666b3e7b3e4bcb7b0ec4f8c20a544a725f79e82762411

HTTP Headers

GET /21862019.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Content-Length: 4898
Connection: keep-alive
Date: Thu, 18 Apr 2024 00:55:40 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1713401740
Via: cache8.l2de2[149,148,200-0,M], cache20.l2de2[150,0], ens-cache14.se2[171,171,200-0,M], ens-cache13.se2[173,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 18 Apr 2024 00:55:40 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62ca117134017404134310e

telegrom-fw.com/index-zu6iQa6e.js

188.114.97.1

200 OK

56 kB

URL GET HTTP/3
telegrom-fw.com/index-zu6iQa6e.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (62777)
Size
56 kB (56368 bytes)
Hash
f50da1b030a791cee103899815ff958a
0985034c990409c0ec2f5f44d41adbf510eb709a
95da12467f4a2b799546b83f27f8f845c393343ba58cf3c9a9e635a02a3a82e7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-zu6iQa6e.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:40 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-20df7"
expires: Thu, 18 Apr 2024 12:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eMDwLTL9rsIunn9K3DiL6LdMYsEL450pX3dn3fV%2F97KhoPwwyIIcNaRRgKv7fsTgKDLaHdMcme9I8PCsGcL0hF0Qjb2PJvwivE3DH2kbqIplGwoDls%2Fcpwm2H1XnOWj6%2B8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0cbbcd7b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b08"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2HADASXCjJmlyc6Al1X7sc7iqLg%2FR4JQo9X0JQcbbdj%2BgbRZ5M9BPMwy3iUAxuQ5yM5qybxKx%2FsU4eO2%2BnirC%2BEhjJ1TWQIFH0nXSfrz9IVEvkm8w36LngthRzfUrAzl18%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d2493ab50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/login.js?124

188.114.97.1

200 OK

1.6 kB

URL GET HTTP/3
telegrom-fw.com/login.js?124
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
1.6 kB (1569 bytes)
Hash
bd733b64679f49fc281fbdd997ce4cf3
54a9352a395c687dbec03a508e2c4b30c93e4f0a
62811731f6e1d7914ce7ff10c4ac63c49bb2abdea0ba71bb14f83a959dea0df1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.js?124 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:40 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 06:16:25 GMT
vary: Accept-Encoding
etag: W/"66065cb9-1233"
expires: Thu, 18 Apr 2024 12:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ALrsGnpHRsf986De3fm4BoNNsTvbT4fKsHNE2t1rxITVtjAiddltZBg9%2BWofGw%2B7SEwJc8q7yzn6E04uxCyoFrcbnpLkRgzLlD9vQrytMecJBS0Y%2B79vaPrKBUgvK7BdXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0cbbcd9b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry

188.114.97.1

200 OK

1.0 kB

URL GET HTTP/3
telegrom-fw.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.0 kB (1012 bytes)
Hash
e3ce05eb00b3215df220efaf0fd06e21
d1533966f79dc2984c34317035f31cf3c91298c9
0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: image/png
content-length: 1012
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-3f4"
expires: Wed, 15 May 2024 09:23:51 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 228711
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZr%2FD5XvSEc6mjJyxQKBDtXiRBSd%2BwyYIXTnYi%2Fj2zFF%2FYk3%2B797sgmtnHzNzCpacbC97bhF1D24dI1xc%2BIwreJisHOgsC4GoFIC8LgFc8VMgFbfCfqynBUUkmy4FIRrj%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0da1cb9b50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/pageSignQR-BuEZqNkj.js

188.114.97.1

200 OK

7.0 kB

URL GET HTTP/3
telegrom-fw.com/pageSignQR-BuEZqNkj.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Java source, ASCII text, with very long lines (5017)
Size
7.0 kB (7030 bytes)
Hash
c1216adcb6764e759cd5998ef61b0a5c
5ea307b65b6c15b15b061016c0950a9d842aeff7
11f97697956f29406c3ce66d8d6d67e357e7620a4592f1c9a4d4f6a60deab89f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pageSignQR-BuEZqNkj.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1630"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HbLX3b633o%2BNxEhptj7diopOP3lEcfkj5KWjcvZkV49mvIuwhJkcoHsbMY17Q9mWgilT%2BiHk8mx4ace%2F1nHSXpKHD5yI7DCmP%2BKvLsLOxT5FzhAnc2FNvgFQMuchtgSCMug%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d62b1bb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
Content-Length: 0
Origin: https://telegrom-fw.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: text/html
content-length: 169
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +7yFiBcXNxnG3QpC/rvQ/A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: POa3CLA3e3cY7saZBk70Z/Yd80A=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0EuPaU/kggXi6f2TlN7NkA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CZMmLUSCzB8xBtnrHuKrZSFsTaM=
Sec-WebSocket-Protocol: binary

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
Content-Length: 0
Origin: https://telegrom-fw.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: futSkVAY6/woIHxTZpG3cw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AVHpccjiiMVjMIpaW8RYaTLHSk8=
Sec-WebSocket-Protocol: binary

telegrom-fw.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry

188.114.97.1

200 OK

9.0 kB

URL GET HTTP/3
telegrom-fw.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (9024 bytes)
Hash
87fecdadac0beb95f9b7c87b3b3236f0
822f92446c0033a32462aa21208efaef1f0d8c3c
25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: image/png
content-length: 9024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2340"
expires: Sat, 18 May 2024 00:55:42 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmtlY2nnRzCdp0MnNxuS4PR%2BvVmWBRFZ%2FukrLuMzN0PavOh3KflVK%2Bz0BCX%2BU8pA%2BGfHyNRqEYQWigun%2BqA8U80epmv9CEEDvEyCYDUMPVRFk2ojAnVWzKDRmusGmPLsF3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0da1cb8b50b-OSL
alt-svc: h3=":443"; ma=86400

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: U/1Di/hVZBvHA6RhIo/Agw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bI70xqa0D8mcrERyyGwCB65SAAw=
Sec-WebSocket-Protocol: binary

telegrom-fw.com/index-BOAMyYaq.css?tele

188.114.97.1

200 OK

114 kB

URL GET HTTP/3
telegrom-fw.com/index-BOAMyYaq.css?tele
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
assembler source, ASCII text
Size
114 kB (114416 bytes)
Hash
76a96eb95e9a06a1806d0303f2eeb2ac
356af94c8b94893c508ca2323da43e42cf22c0ad
350052f7485a56b6f38b0374bbbdd89b585d528c7dc5ab7b7e419763608e4d15

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-BOAMyYaq.css?tele HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:40 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 04:25:17 GMT
vary: Accept-Encoding
etag: W/"660642ad-7d1ac"
expires: Thu, 18 Apr 2024 12:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMOvxYrLksqKcp%2FLv7AWmwmtiKkGCp4UBQJUCr4K5relc8lAszK%2BIPRDeeLC9c8RXC49DHRGNXDD8rksEhZb2bdracr2EToKLScGQps%2BLJXnd9vAZCzAXEkf4vF%2BNT65n%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0cbbcdab50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/_commonjsHelpers-Cpj98o6Y.js

188.114.97.1

200 OK

12 kB

URL GET HTTP/3
telegrom-fw.com/_commonjsHelpers-Cpj98o6Y.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text
Size
12 kB (11456 bytes)
Hash
bbbefd4e3c7c2ef2ae262565d6edf65e
fbdb4413462ae109c237c5fc96e91212a27f9131
7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-122"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bqj6hAhbzYYiwL5ozAFd2e23TSCfoBWEKM6uDltqqLPm4YNMqF7mAOuCQyMQ3eTGGt2boBP4Pfj8BcuiWXycIqEbvlU9LA%2FW2kSn23cOvi5V6h4qCec4WBD7Beq6jx4mQUw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0da3cc2b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2

188.114.97.1

200 OK

8.0 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8024, version 1.0
Size
8.0 kB (8024 bytes)
Hash
073578b7f22768baa58cf9a87380538a
702b779b7ea064cc4713f2234dc74b1097aee389
f36d71c69bcec4ce625d2923d36a4b1f64bbc2e5691c99cf8a4f3b0f79d1edb4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 8024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1f58"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D5WPAicLTJtFcCksf10e%2F1gCBm1mJwPi7NE7B9xPE3p%2BnKzZewC50ZpDg%2BNR9ipmW2YxtFqSdykfbK4BOOe0zeHy%2Ff5Dm%2BVh8gTPmMQZtPEVI%2BzJT8LMY%2BEiWdmTFj%2FEWGc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0de5e04b50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/crypto.worker-CfCshcpI.js

188.114.97.1

200 OK

32 kB

URL GET HTTP/3
telegrom-fw.com/crypto.worker-CfCshcpI.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
32 kB (32322 bytes)
Hash
0efdde008dca467f870e5a41e96006d5
ebadf267c3d3eb15b3ef6d7d0a07dec87b95d0f5
db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /crypto.worker-CfCshcpI.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10d02"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RnV6nxJWF9UeTDumxSdUoN8tmFgPsUoN4ADHjHF3MPQRiSMcFaghhDtAJmHuZssKwXbF2Hrp4hGnbhcNRiRPrPEYI428qkPW1mgrNVjgZWcViO4gaA%2B2U%2BEFiyuJltFnpqQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d25943b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/lang-CQhMF3zZ.js

188.114.97.1

200 OK

46 kB

URL GET HTTP/3
telegrom-fw.com/lang-CQhMF3zZ.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (14604)
Size
46 kB (45497 bytes)
Hash
202f3aa9967436024f13078cdc6e7bf3
ec2f96fd70174080f758a5f8cdc28c2dcf2c0b31
dd12733aeb807f4e3e15388ca87e049d50b4dc006e5cb6b8d75edc981c4a387d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lang-CQhMF3zZ.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-zu6iQa6e.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1d820"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YE3rYaNvfG7fFnqz4G%2BrF8pZUKPX%2BsdAe%2F9JgU%2BwT%2BS1YZ%2FFA0XUsIXB9LjuiEJd9wFIPSkzJshziTmeqcrbCTwpfoC5YswRber6pLlrlHsUl6lBnM7fn7MKCLdsc4JJ7mI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d2a9aab50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2

188.114.97.1

200 OK

8.0 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8024, version 1.0
Size
8.0 kB (8024 bytes)
Hash
073578b7f22768baa58cf9a87380538a
702b779b7ea064cc4713f2234dc74b1097aee389
f36d71c69bcec4ce625d2923d36a4b1f64bbc2e5691c99cf8a4f3b0f79d1edb4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 8024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1f58"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lLNmvB2et%2FoCBALQHl9yLFowoUoJn4e28vwaFlVUWCsK5WWUsDQoUDCmMeGR7nQ3DdQXa2M8pThL0Z1v3zQiKFhpdMpPpHuXtgl%2BjhPKyVbMOP%2BaUwAcRmNQ40e3fUydIpo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0df5e6db50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/countries-CzeCvYH8.js

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
telegrom-fw.com/countries-CzeCvYH8.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (24043)
Size
11 kB (10631 bytes)
Hash
24d43ec6ffdef8fdf4310a4a8b65b206
8974a9f0f2a76920b5080c3f239fe21396e4ce73
6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /countries-CzeCvYH8.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-zu6iQa6e.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-5e21"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8cgIQ0caQPMmk6GsXEHZ3u3CuWXVpOmz%2BqNn2mCwWojmd1qu0z2bYq%2FlT8rGV0fYKmY0in7TazZtEBB3xbN8VZiLzJ1Vr%2FiRWE5smVHn72sNoRdNFAeoHj2GDyHNDgJ3Krc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d2a9acb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2

188.114.97.1

200 OK

6.9 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6864, version 1.0
Size
6.9 kB (6864 bytes)
Hash
2efb23d70eb9a590216a126ce28120b0
27786db7735f04a4d59ad023fd327d2dea51ae68
af2fdef955568dc79de38bfb097d53586855945811b638d6c41513bd62e25cc4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:44 GMT
content-type: font/woff2
content-length: 6864
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1ad0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3ubsG%2B%2B7O5SkgNVFJ9c8zHQWWmXRY8mufHbiEqOVGo1l1VBp%2BFhDLSxBqkmQ%2Fp9lfiR1aMdQVSAGTY53TuDaAZGKss3eULaJMY6vCENLpOspAnZS3odNxsuv%2BFlhG5Qc8Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e20f81b50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/textToSvgURL-Cnw_Q8Rw.js

188.114.97.1

200 OK

10 kB

URL GET HTTP/3
telegrom-fw.com/textToSvgURL-Cnw_Q8Rw.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text, with very long lines (306)
Size
10 kB (10277 bytes)
Hash
3f6402acb182a218e34ebe26b03fcd23
2601dfbce5087a38142e34596e5b094c7760dc80
88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-165"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BT3vnQAJdaYQ031e3ennuXt%2Bd9FiloCl%2BMGoOIJYsIBLJ6aAV0opmAN6hBnZIMZiNs%2F%2FgazFB9kcoWqWt0IJ7pIFrmKBX0oQrCvPAvZtUOtIJ6hlh%2BZaEGEB10XLAPSGtj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d63b21b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ia.51.la/go1?id=21862019&rt=1713401740697&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=Telegram%2520is%2520a%2520cloud-based%2520mobi&ing=1&ekc=&sid=1713401740697&tt=Telegram%2520Web&kw=&cu=https%253A%252F%252Ftelegrom-fw.com%252F&pu=

203.107.86.226

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=21862019&rt=1713401740697&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=Telegram%2520is%2520a%2520cloud-based%2520mobi&ing=1&ekc=&sid=1713401740697&tt=Telegram%2520Web&kw=&cu=https%253A%252F%252Ftelegrom-fw.com%252F&pu=
IP
203.107.86.226:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://telegrom-fw.com/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21862019&rt=1713401740697&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=Telegram%2520is%2520a%2520cloud-based%2520mobi&ing=1&ekc=&sid=1713401740697&tt=Telegram%2520Web&kw=&cu=https%253A%252F%252Ftelegrom-fw.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 18 Apr 2024 00:55:42 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=1c6215223594250905fbb400aa4428c21f1eb436783f30fb53c49432d901f2d6; Path=/; HttpOnly
acw_tc=ac11000117134017421073793e8d9b65a7ee4e95f6fc10541142b16072506c;path=/;HttpOnly;Max-Age=1800

telegrom-fw.com/putPreloader-B4MN6Snw.js

188.114.97.1

200 OK

699 B

URL GET HTTP/3
telegrom-fw.com/putPreloader-B4MN6Snw.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
7bd6d90b050585f83f816a092429a8cb
f08c4031eb56b8c0f16906fb09e217a3e0bbb424
7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWS0cj3GIo6HyUCZ9NYnMos0am7sRErF%2FM8%2FZs1ZhvPSTI12wn6Mg4%2F1MnMrQR9yGM5z0%2BwH9qFT2vF9YCTt447XkFIaxcDBKd6BxKj9ruBTWY8lioOpS24rqdl5%2BehecL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d9fcb2b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/qr-code-styling-BqER1AUU.js

188.114.97.1

200 OK

66 kB

URL GET HTTP/3
telegrom-fw.com/qr-code-styling-BqER1AUU.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type

Size
66 kB (66132 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BbOSny80wuQKAbU0cQeD5Rg4UXwfymRLx0NAfhP%2B5lz1ri9bTC84Hpj846bbfCduk10USiYNRfAy5eBZ5NYTx%2BFA1MUbEXS3wiySzFshYVbOFaVgDuHzEluZujKYBkqzNfg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0da2cc0b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2

188.114.97.1

200 OK

6.7 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6720, version 1.0
Size
6.7 kB (6720 bytes)
Hash
ddbe8450ae34795dee574854e9b01533
5c9aaeb1b9de21b0fb4c7d9b92276dc5ab81b8ab
daf6c28c5a080458eba26ba64a95b1fcff823944d429ccb84e8a4f3a0baf05ca

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 6720
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1a40"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVABkzZLwMHsMg7AAtNq32542VJkG7WLzuzfGlShn8yWDTQWtW0y6vnWpFzR5ZngmpzTOrTAuPZcF8eKp96cfi1EOsQ80q3Hapti5gQQDv7Y71JSs2IucI2CPqlX8sS1%2BCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e0cef3b50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2

188.114.97.1

200 OK

7.9 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7924, version 1.0
Size
7.9 kB (7924 bytes)
Hash
5d39c40b5f1d878434af6212575d928a
3485c7ae4231075e5b7424e73c8626fdca02e0ad
ac4f45c63e7192b1c9fb64be19be7a03084e16dc33b4dcfedabb44cb390c25a2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 7924
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1ef4"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CH5e9VWHoRHX718MqLRVM6mR4Y9UqbG7acjwAtuguBLYtL4KI7zxARi0MVmVaYYF6RVD3MLfGDHxNWBXojnq5c180urHzOXceYxmgra5tXU5CYCDWSrC7fZA2X0wSIhM5Rs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e0bef2b50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/

188.114.97.1

200 OK

14 kB

URL User Request GET HTTP/2
telegrom-fw.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
HTML document, ASCII text, with very long lines (1757)
Size
14 kB (13763 bytes)
Hash
7678bf5a79c731853e633915815f0836
46130eb8bb640a795511a2f14e021a1f127aefd7
4d8518457cbf055cba07f791eadc5e8cb3c30f506ed72e2e113a4645c5c21e84

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 00:55:39 GMT
content-type: text/html
last-modified: Sat, 30 Mar 2024 11:39:46 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTvjLTR2o2miRG5P6TXQZcQaBriCkgZV%2BLZ2GQx%2BKPwZwUV0iSN0g4uo564SNUpPHvAV2CpsvAyFQ1iooNsN5oALsFk%2BdanDqBuWTd7N2Uj9gPi0RNYF5zI9OyCV1UIo6cU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0c82dc156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

telegrom-fw.com/putPreloader-B4MN6Snw.js

188.114.97.1

200 OK

699 B

URL GET HTTP/3
telegrom-fw.com/putPreloader-B4MN6Snw.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
7bd6d90b050585f83f816a092429a8cb
f08c4031eb56b8c0f16906fb09e217a3e0bbb424
7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ybnQPfuzTUXfw52gGtG796B3OtQC2NBLAPjEAhK%2BfVg2J%2Fu5nC2v8MxH%2FrYTef7GaGjN0ivsZUoYCSiawLVsaM9UsQyzxe1Q83XAMpWZUMD6We3rL8vepi83c1hP%2B71aRnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d63b20b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/page-g1hbv_Nl.js

188.114.97.1

200 OK

10 kB

URL GET HTTP/3
telegrom-fw.com/page-g1hbv_Nl.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text, with very long lines (10306)
Size
10 kB (10349 bytes)
Hash
d440faca4d406ba2c6b1d5a02e0c2300
5b6d6948eb17a1d8901f9c0ceb4618c3a722f373
00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /page-g1hbv_Nl.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-286d"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAwHzXCLGnmqqCcE0Vcp%2B0G0V07hiXJRK6G1GKWr6jvNayT3vHP97VJy9tbgLOFyxHOY5%2BY3EI3inUobfapgsHAyPKcpumq%2Bi0Qxuh7cdIDt5JS6Xq%2F%2Fi0mRlB068KG7Gxs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d9fcb0b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/qr-code-styling-BqER1AUU.js

188.114.97.1

200 OK

66 kB

URL GET HTTP/3
telegrom-fw.com/qr-code-styling-BqER1AUU.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type

Size
66 kB (66132 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BG23wngcgTxsWNWKfzO8wBN%2FfSYMm0G0hQxL24Fe%2B1BRRvMz9c4ODaAQB9FEBGn%2BPZKMtY0iOsp0OPenlU2%2Fl7lPB2YtbhzasJ6q8cAvi9ayy1zLLTPJuPYPSROIZEeuR4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0da3cc3b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b30"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aQDft8zyjCWV0slAllH%2BOE014DvmhgwBUgLmvtAOSUWhEqQJHqrPrnnEYGqkZheTeYL71ZLglfVXnzMsFQpJAgRhnOJoqSh%2BtbDtD28xdVWtVcLU0eg1M%2FkGi3nUPg%2FRyVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0df2e5db50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/button-B3xQoZLZ.js

188.114.97.1

200 OK

8.8 kB

URL GET HTTP/3
telegrom-fw.com/button-B3xQoZLZ.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text, with very long lines (9521), with no line terminators
Size
8.8 kB (8793 bytes)
Hash
c1077e650e70abb26ed92cf8782b6a67
c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc
a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tozf4E1Q%2BNPKl1j3pLFZ%2BdO%2Bt6WZe6YiaNPtAbHWDdhuYTgK8X1zdhFctb4BiyLj6UwBRWFF%2FArZWqJ8RaPhe%2FHcsPTaAkzjKWoVwTJFz00OD5Zpw2vuerUMygyTI2Smbpw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d9fcb1b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/img/logo_padded.svg

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/3
telegrom-fw.com/assets/img/logo_padded.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1069 bytes)
Hash
4c0b48654a4881c325148a5e00964160
d7d21756c9dd4c1bf4d97087811745aad60506a0
7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/logo_padded.svg HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:44 GMT
content-type: image/svg+xml
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: W/"66059e32-42d"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4ms6jkNM%2BYEsa2XXpjGV7aws9AR0cAFpmHDkpY0W6uQUEN3n00ifxPt12KUrfs2n3Yp1dAoHaN6HCPRk0CFUuqw8v0klkBKj66XBAxxI43mSX7tfod5p4B109AjBWnSOS8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e5693bb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b30"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaORSqOW7j90%2B4UYz9pn%2FiHhUaF1PalCF1hQWiOUJv%2BTG6phWjv6MPa1wC9sy0oxkq0eWyE0bWHTwxIo2nUc3ZJezl%2Foxa5R9g5xnfbtTxyJy0gvMIPK79id7YORJfXfLkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0de4dfeb50b-OSL
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/button-B3xQoZLZ.js

188.114.97.1

200 OK

8.8 kB

URL GET HTTP/3
telegrom-fw.com/button-B3xQoZLZ.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text, with very long lines (9521), with no line terminators
Size
8.8 kB (8793 bytes)
Hash
c1077e650e70abb26ed92cf8782b6a67
c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc
a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aOC4hHpfz0t4%2BlYuNlCaTChV5z8RJFyhGv%2BrhqbfMuxeL70JcvePk0JEEJAHKYcmotWQ9NKLf%2BGHmGEg0FyW6nPfS1SWw6v5b2sTJATis2la6D%2FVpDbho9YhnV16F2cUYms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d62b1eb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/langSign-CN-ja8rh.js

188.114.97.1

200 OK

1.8 kB

URL GET HTTP/3
telegrom-fw.com/langSign-CN-ja8rh.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (1385), with no line terminators
Size
1.8 kB (1775 bytes)
Hash
8808dfab51f58f8f18a980400b6242a4
cf1ae2a725e2efa763d7463961554650a3cce645
6f66aa3ed42f6f5dd576ac3fcf6514d1dcd72f3d8b8db0c99d34d02ef779d822

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /langSign-CN-ja8rh.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-zu6iQa6e.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:49:31 GMT
vary: Accept-Encoding
etag: W/"66063a4b-6ef"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YU9jyTc7X%2BY6I1R%2BWfjNA5Bv3bkfEKDLoU44G9kGWcJ7XmeqJvXmyWKWgdXee%2BVMHia2hKGZFv4y9A42SQy8PifX97VCQ%2Bh5cZARxYFdZBxCDt23%2FvngDk%2BQupu8T0%2Bq3e0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d2a9abb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegrom-fw.com/page-g1hbv_Nl.js

188.114.97.1

200 OK

10 kB

URL GET HTTP/3
telegrom-fw.com/page-g1hbv_Nl.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegrom-fw.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecttelegrom-fw.com
FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B
ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT

File type
ASCII text, with very long lines (10306)
Size
10 kB (10349 bytes)
Hash
d440faca4d406ba2c6b1d5a02e0c2300
5b6d6948eb17a1d8901f9c0ceb4618c3a722f373
00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /page-g1hbv_Nl.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-286d"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z7euhHzph6VRv%2BtCCP2FC3o81lo03fKRBcgiyrnbTall5FYPuR9nHlL0PL2Tm4kv6RclHHo4Q0cKKV0qW4%2Bat1RXpBLj8hnBWteulCnyGRAKmhVJ%2FXwmBAlmeUQEAmXN108%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d62b1cb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML