| js.users.51.la/21862019.js | 47.246.44.202 | 200 OK | 4.9 kB |
URL GET HTTP/1.1js.users.51.la/21862019.js IP47.246.44.202:443 ASN#24429 Zhejiang Taobao Network Co.,Ltd
CertificateIssuerGlobalSign nv-sa Subject*.users.51.la Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39 ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT
File typeJavaScript source, ASCII text, with very long lines (4898), with no line terminators Hash9301b84e3564c5bb7b02efd5e36c60fe eaf6df9f55d952afbb2903c7d38da7a598e6e929 1b4b59de8752147bb8a666b3e7b3e4bcb7b0ec4f8c20a544a725f79e82762411
GET /21862019.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Content-Length: 4898
Connection: keep-alive
Date: Thu, 18 Apr 2024 00:55:40 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1713401740
Via: cache8.l2de2[149,148,200-0,M], cache20.l2de2[150,0], ens-cache14.se2[171,171,200-0,M], ens-cache13.se2[173,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 18 Apr 2024 00:55:40 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62ca117134017404134310e
|
|
| telegrom-fw.com/index-zu6iQa6e.js | 188.114.97.1 | 200 OK | 56 kB |
URL GET HTTP/3telegrom-fw.com/index-zu6iQa6e.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (62777) Hashf50da1b030a791cee103899815ff958a 0985034c990409c0ec2f5f44d41adbf510eb709a 95da12467f4a2b799546b83f27f8f845c393343ba58cf3c9a9e635a02a3a82e7
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /index-zu6iQa6e.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:40 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-20df7"
expires: Thu, 18 Apr 2024 12:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eMDwLTL9rsIunn9K3DiL6LdMYsEL450pX3dn3fV%2F97KhoPwwyIIcNaRRgKv7fsTgKDLaHdMcme9I8PCsGcL0hF0Qjb2PJvwivE3DH2kbqIplGwoDls%2Fcpwm2H1XnOWj6%2B8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0cbbcd7b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b08"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2HADASXCjJmlyc6Al1X7sc7iqLg%2FR4JQo9X0JQcbbdj%2BgbRZ5M9BPMwy3iUAxuQ5yM5qybxKx%2FsU4eO2%2BnirC%2BEhjJ1TWQIFH0nXSfrz9IVEvkm8w36LngthRzfUrAzl18%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d2493ab50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/login.js?124 | 188.114.97.1 | 200 OK | 1.6 kB |
URL GET HTTP/3telegrom-fw.com/login.js?124 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hashbd733b64679f49fc281fbdd997ce4cf3 54a9352a395c687dbec03a508e2c4b30c93e4f0a 62811731f6e1d7914ce7ff10c4ac63c49bb2abdea0ba71bb14f83a959dea0df1
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /login.js?124 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:40 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 06:16:25 GMT
vary: Accept-Encoding
etag: W/"66065cb9-1233"
expires: Thu, 18 Apr 2024 12:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ALrsGnpHRsf986De3fm4BoNNsTvbT4fKsHNE2t1rxITVtjAiddltZBg9%2BWofGw%2B7SEwJc8q7yzn6E04uxCyoFrcbnpLkRgzLlD9vQrytMecJBS0Y%2B79vaPrKBUgvK7BdXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0cbbcd9b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry | 188.114.97.1 | 200 OK | 1.0 kB |
URL GET HTTP/3telegrom-fw.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: image/png
content-length: 1012
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-3f4"
expires: Wed, 15 May 2024 09:23:51 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 228711
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZr%2FD5XvSEc6mjJyxQKBDtXiRBSd%2BwyYIXTnYi%2Fj2zFF%2FYk3%2B797sgmtnHzNzCpacbC97bhF1D24dI1xc%2BIwreJisHOgsC4GoFIC8LgFc8VMgFbfCfqynBUUkmy4FIRrj%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0da1cb9b50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/pageSignQR-BuEZqNkj.js | 188.114.97.1 | 200 OK | 7.0 kB |
URL GET HTTP/3telegrom-fw.com/pageSignQR-BuEZqNkj.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeJava source, ASCII text, with very long lines (5017) Hashc1216adcb6764e759cd5998ef61b0a5c 5ea307b65b6c15b15b061016c0950a9d842aeff7 11f97697956f29406c3ce66d8d6d67e357e7620a4592f1c9a4d4f6a60deab89f
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-BuEZqNkj.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1630"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HbLX3b633o%2BNxEhptj7diopOP3lEcfkj5KWjcvZkV49mvIuwhJkcoHsbMY17Q9mWgilT%2BiHk8mx4ace%2F1nHSXpKHD5yI7DCmP%2BKvLsLOxT5FzhAnc2FNvgFQMuchtgSCMug%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d62b1bb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
Content-Length: 0
Origin: https://telegrom-fw.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: text/html
content-length: 169
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +7yFiBcXNxnG3QpC/rvQ/A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: POa3CLA3e3cY7saZBk70Z/Yd80A=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0EuPaU/kggXi6f2TlN7NkA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CZMmLUSCzB8xBtnrHuKrZSFsTaM=
Sec-WebSocket-Protocol: binary
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
Content-Length: 0
Origin: https://telegrom-fw.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: futSkVAY6/woIHxTZpG3cw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AVHpccjiiMVjMIpaW8RYaTLHSk8=
Sec-WebSocket-Protocol: binary
|
|
| telegrom-fw.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 188.114.97.1 | 200 OK | 9.0 kB |
URL GET HTTP/3telegrom-fw.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: image/png
content-length: 9024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2340"
expires: Sat, 18 May 2024 00:55:42 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmtlY2nnRzCdp0MnNxuS4PR%2BvVmWBRFZ%2FukrLuMzN0PavOh3KflVK%2Bz0BCX%2BU8pA%2BGfHyNRqEYQWigun%2BqA8U80epmv9CEEDvEyCYDUMPVRFk2ojAnVWzKDRmusGmPLsF3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0da1cb8b50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegrom-fw.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: U/1Di/hVZBvHA6RhIo/Agw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 00:55:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bI70xqa0D8mcrERyyGwCB65SAAw=
Sec-WebSocket-Protocol: binary
|
|
| telegrom-fw.com/index-BOAMyYaq.css?tele | 188.114.97.1 | 200 OK | 114 kB |
URL GET HTTP/3telegrom-fw.com/index-BOAMyYaq.css?tele IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeassembler source, ASCII text Size114 kB (114416 bytes) Hash76a96eb95e9a06a1806d0303f2eeb2ac 356af94c8b94893c508ca2323da43e42cf22c0ad 350052f7485a56b6f38b0374bbbdd89b585d528c7dc5ab7b7e419763608e4d15
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /index-BOAMyYaq.css?tele HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:40 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 04:25:17 GMT
vary: Accept-Encoding
etag: W/"660642ad-7d1ac"
expires: Thu, 18 Apr 2024 12:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMOvxYrLksqKcp%2FLv7AWmwmtiKkGCp4UBQJUCr4K5relc8lAszK%2BIPRDeeLC9c8RXC49DHRGNXDD8rksEhZb2bdracr2EToKLScGQps%2BLJXnd9vAZCzAXEkf4vF%2BNT65n%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0cbbcdab50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/_commonjsHelpers-Cpj98o6Y.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3telegrom-fw.com/_commonjsHelpers-Cpj98o6Y.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
Hashbbbefd4e3c7c2ef2ae262565d6edf65e fbdb4413462ae109c237c5fc96e91212a27f9131 7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-122"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bqj6hAhbzYYiwL5ozAFd2e23TSCfoBWEKM6uDltqqLPm4YNMqF7mAOuCQyMQ3eTGGt2boBP4Pfj8BcuiWXycIqEbvlU9LA%2FW2kSn23cOvi5V6h4qCec4WBD7Beq6jx4mQUw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0da3cc2b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 | 188.114.97.1 | 200 OK | 8.0 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 8024, version 1.0 Hash073578b7f22768baa58cf9a87380538a 702b779b7ea064cc4713f2234dc74b1097aee389 f36d71c69bcec4ce625d2923d36a4b1f64bbc2e5691c99cf8a4f3b0f79d1edb4
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 8024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1f58"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D5WPAicLTJtFcCksf10e%2F1gCBm1mJwPi7NE7B9xPE3p%2BnKzZewC50ZpDg%2BNR9ipmW2YxtFqSdykfbK4BOOe0zeHy%2Ff5Dm%2BVh8gTPmMQZtPEVI%2BzJT8LMY%2BEiWdmTFj%2FEWGc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0de5e04b50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/crypto.worker-CfCshcpI.js | 188.114.97.1 | 200 OK | 32 kB |
URL GET HTTP/3telegrom-fw.com/crypto.worker-CfCshcpI.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash0efdde008dca467f870e5a41e96006d5 ebadf267c3d3eb15b3ef6d7d0a07dec87b95d0f5 db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /crypto.worker-CfCshcpI.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10d02"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RnV6nxJWF9UeTDumxSdUoN8tmFgPsUoN4ADHjHF3MPQRiSMcFaghhDtAJmHuZssKwXbF2Hrp4hGnbhcNRiRPrPEYI428qkPW1mgrNVjgZWcViO4gaA%2B2U%2BEFiyuJltFnpqQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d25943b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/lang-CQhMF3zZ.js | 188.114.97.1 | 200 OK | 46 kB |
URL GET HTTP/3telegrom-fw.com/lang-CQhMF3zZ.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeUnicode text, UTF-8 text, with very long lines (14604) Hash202f3aa9967436024f13078cdc6e7bf3 ec2f96fd70174080f758a5f8cdc28c2dcf2c0b31 dd12733aeb807f4e3e15388ca87e049d50b4dc006e5cb6b8d75edc981c4a387d
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /lang-CQhMF3zZ.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-zu6iQa6e.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1d820"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YE3rYaNvfG7fFnqz4G%2BrF8pZUKPX%2BsdAe%2F9JgU%2BwT%2BS1YZ%2FFA0XUsIXB9LjuiEJd9wFIPSkzJshziTmeqcrbCTwpfoC5YswRber6pLlrlHsUl6lBnM7fn7MKCLdsc4JJ7mI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d2a9aab50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 | 188.114.97.1 | 200 OK | 8.0 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 8024, version 1.0 Hash073578b7f22768baa58cf9a87380538a 702b779b7ea064cc4713f2234dc74b1097aee389 f36d71c69bcec4ce625d2923d36a4b1f64bbc2e5691c99cf8a4f3b0f79d1edb4
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 8024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1f58"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lLNmvB2et%2FoCBALQHl9yLFowoUoJn4e28vwaFlVUWCsK5WWUsDQoUDCmMeGR7nQ3DdQXa2M8pThL0Z1v3zQiKFhpdMpPpHuXtgl%2BjhPKyVbMOP%2BaUwAcRmNQ40e3fUydIpo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0df5e6db50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/countries-CzeCvYH8.js | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3telegrom-fw.com/countries-CzeCvYH8.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeUnicode text, UTF-8 text, with very long lines (24043) Hash24d43ec6ffdef8fdf4310a4a8b65b206 8974a9f0f2a76920b5080c3f239fe21396e4ce73 6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /countries-CzeCvYH8.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-zu6iQa6e.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-5e21"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8cgIQ0caQPMmk6GsXEHZ3u3CuWXVpOmz%2BqNn2mCwWojmd1qu0z2bYq%2FlT8rGV0fYKmY0in7TazZtEBB3xbN8VZiLzJ1Vr%2FiRWE5smVHn72sNoRdNFAeoHj2GDyHNDgJ3Krc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d2a9acb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2 | 188.114.97.1 | 200 OK | 6.9 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 6864, version 1.0 Hash2efb23d70eb9a590216a126ce28120b0 27786db7735f04a4d59ad023fd327d2dea51ae68 af2fdef955568dc79de38bfb097d53586855945811b638d6c41513bd62e25cc4
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:44 GMT
content-type: font/woff2
content-length: 6864
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1ad0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3ubsG%2B%2B7O5SkgNVFJ9c8zHQWWmXRY8mufHbiEqOVGo1l1VBp%2BFhDLSxBqkmQ%2Fp9lfiR1aMdQVSAGTY53TuDaAZGKss3eULaJMY6vCENLpOspAnZS3odNxsuv%2BFlhG5Qc8Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e20f81b50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/textToSvgURL-Cnw_Q8Rw.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3telegrom-fw.com/textToSvgURL-Cnw_Q8Rw.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeASCII text, with very long lines (306) Hash3f6402acb182a218e34ebe26b03fcd23 2601dfbce5087a38142e34596e5b094c7760dc80 88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-165"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BT3vnQAJdaYQ031e3ennuXt%2Bd9FiloCl%2BMGoOIJYsIBLJ6aAV0opmAN6hBnZIMZiNs%2F%2FgazFB9kcoWqWt0IJ7pIFrmKBX0oQrCvPAvZtUOtIJ6hlh%2BZaEGEB10XLAPSGtj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d63b21b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ia.51.la/go1?id=21862019&rt=1713401740697&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=Telegram%2520is%2520a%2520cloud-based%2520mobi&ing=1&ekc=&sid=1713401740697&tt=Telegram%2520Web&kw=&cu=https%253A%252F%252Ftelegrom-fw.com%252F&pu= | 203.107.86.226 | 200 | 0 B |
URL GET HTTP/1.1ia.51.la/go1?id=21862019&rt=1713401740697&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=Telegram%2520is%2520a%2520cloud-based%2520mobi&ing=1&ekc=&sid=1713401740697&tt=Telegram%2520Web&kw=&cu=https%253A%252F%252Ftelegrom-fw.com%252F&pu= IP203.107.86.226:443 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
CertificateIssuerGlobalSign nv-sa Subject*.51.la Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79 ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21862019&rt=1713401740697&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=Telegram%2520is%2520a%2520cloud-based%2520mobi&ing=1&ekc=&sid=1713401740697&tt=Telegram%2520Web&kw=&cu=https%253A%252F%252Ftelegrom-fw.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Thu, 18 Apr 2024 00:55:42 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=1c6215223594250905fbb400aa4428c21f1eb436783f30fb53c49432d901f2d6; Path=/; HttpOnly
acw_tc=ac11000117134017421073793e8d9b65a7ee4e95f6fc10541142b16072506c;path=/;HttpOnly;Max-Age=1800
|
|
| telegrom-fw.com/putPreloader-B4MN6Snw.js | 188.114.97.1 | 200 OK | 699 B |
URL GET HTTP/3telegrom-fw.com/putPreloader-B4MN6Snw.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash7bd6d90b050585f83f816a092429a8cb f08c4031eb56b8c0f16906fb09e217a3e0bbb424 7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWS0cj3GIo6HyUCZ9NYnMos0am7sRErF%2FM8%2FZs1ZhvPSTI12wn6Mg4%2F1MnMrQR9yGM5z0%2BwH9qFT2vF9YCTt447XkFIaxcDBKd6BxKj9ruBTWY8lioOpS24rqdl5%2BehecL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d9fcb2b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/qr-code-styling-BqER1AUU.js | 188.114.97.1 | 200 OK | 66 kB |
URL GET HTTP/3telegrom-fw.com/qr-code-styling-BqER1AUU.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BbOSny80wuQKAbU0cQeD5Rg4UXwfymRLx0NAfhP%2B5lz1ri9bTC84Hpj846bbfCduk10USiYNRfAy5eBZ5NYTx%2BFA1MUbEXS3wiySzFshYVbOFaVgDuHzEluZujKYBkqzNfg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0da2cc0b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2 | 188.114.97.1 | 200 OK | 6.7 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 6720, version 1.0 Hashddbe8450ae34795dee574854e9b01533 5c9aaeb1b9de21b0fb4c7d9b92276dc5ab81b8ab daf6c28c5a080458eba26ba64a95b1fcff823944d429ccb84e8a4f3a0baf05ca
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 6720
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1a40"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVABkzZLwMHsMg7AAtNq32542VJkG7WLzuzfGlShn8yWDTQWtW0y6vnWpFzR5ZngmpzTOrTAuPZcF8eKp96cfi1EOsQ80q3Hapti5gQQDv7Y71JSs2IucI2CPqlX8sS1%2BCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e0cef3b50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2 | 188.114.97.1 | 200 OK | 7.9 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 7924, version 1.0 Hash5d39c40b5f1d878434af6212575d928a 3485c7ae4231075e5b7424e73c8626fdca02e0ad ac4f45c63e7192b1c9fb64be19be7a03084e16dc33b4dcfedabb44cb390c25a2
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 7924
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-1ef4"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CH5e9VWHoRHX718MqLRVM6mR4Y9UqbG7acjwAtuguBLYtL4KI7zxARi0MVmVaYYF6RVD3MLfGDHxNWBXojnq5c180urHzOXceYxmgra5tXU5CYCDWSrC7fZA2X0wSIhM5Rs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e0bef2b50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| | 188.114.97.1 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeHTML document, ASCII text, with very long lines (1757) Hash7678bf5a79c731853e633915815f0836 46130eb8bb640a795511a2f14e021a1f127aefd7 4d8518457cbf055cba07f791eadc5e8cb3c30f506ed72e2e113a4645c5c21e84
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 00:55:39 GMT
content-type: text/html
last-modified: Sat, 30 Mar 2024 11:39:46 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTvjLTR2o2miRG5P6TXQZcQaBriCkgZV%2BLZ2GQx%2BKPwZwUV0iSN0g4uo564SNUpPHvAV2CpsvAyFQ1iooNsN5oALsFk%2BdanDqBuWTd7N2Uj9gPi0RNYF5zI9OyCV1UIo6cU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0c82dc156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| telegrom-fw.com/putPreloader-B4MN6Snw.js | 188.114.97.1 | 200 OK | 699 B |
URL GET HTTP/3telegrom-fw.com/putPreloader-B4MN6Snw.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash7bd6d90b050585f83f816a092429a8cb f08c4031eb56b8c0f16906fb09e217a3e0bbb424 7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ybnQPfuzTUXfw52gGtG796B3OtQC2NBLAPjEAhK%2BfVg2J%2Fu5nC2v8MxH%2FrYTef7GaGjN0ivsZUoYCSiawLVsaM9UsQyzxe1Q83XAMpWZUMD6We3rL8vepi83c1hP%2B71aRnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0d63b20b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/page-g1hbv_Nl.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3telegrom-fw.com/page-g1hbv_Nl.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeASCII text, with very long lines (10306) Hashd440faca4d406ba2c6b1d5a02e0c2300 5b6d6948eb17a1d8901f9c0ceb4618c3a722f373 00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /page-g1hbv_Nl.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-286d"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAwHzXCLGnmqqCcE0Vcp%2B0G0V07hiXJRK6G1GKWr6jvNayT3vHP97VJy9tbgLOFyxHOY5%2BY3EI3inUobfapgsHAyPKcpumq%2Bi0Qxuh7cdIDt5JS6Xq%2F%2Fi0mRlB068KG7Gxs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d9fcb0b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/qr-code-styling-BqER1AUU.js | 188.114.97.1 | 200 OK | 66 kB |
URL GET HTTP/3telegrom-fw.com/qr-code-styling-BqER1AUU.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BG23wngcgTxsWNWKfzO8wBN%2FfSYMm0G0hQxL24Fe%2B1BRRvMz9c4ODaAQB9FEBGn%2BPZKMtY0iOsp0OPenlU2%2Fl7lPB2YtbhzasJ6q8cAvi9ayy1zLLTPJuPYPSROIZEeuR4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0da3cc3b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b30"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aQDft8zyjCWV0slAllH%2BOE014DvmhgwBUgLmvtAOSUWhEqQJHqrPrnnEYGqkZheTeYL71ZLglfVXnzMsFQpJAgRhnOJoqSh%2BtbDtD28xdVWtVcLU0eg1M%2FkGi3nUPg%2FRyVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0df2e5db50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/button-B3xQoZLZ.js | 188.114.97.1 | 200 OK | 8.8 kB |
URL GET HTTP/3telegrom-fw.com/button-B3xQoZLZ.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hashc1077e650e70abb26ed92cf8782b6a67 c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/pageSignQR-BuEZqNkj.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tozf4E1Q%2BNPKl1j3pLFZ%2BdO%2Bt6WZe6YiaNPtAbHWDdhuYTgK8X1zdhFctb4BiyLj6UwBRWFF%2FArZWqJ8RaPhe%2FHcsPTaAkzjKWoVwTJFz00OD5Zpw2vuerUMygyTI2Smbpw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d9fcb1b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/img/logo_padded.svg | 188.114.97.1 | 200 OK | 1.1 kB |
URL GET HTTP/3telegrom-fw.com/assets/img/logo_padded.svg IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeSVG Scalable Vector Graphics image Hash4c0b48654a4881c325148a5e00964160 d7d21756c9dd4c1bf4d97087811745aad60506a0 7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/logo_padded.svg HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:44 GMT
content-type: image/svg+xml
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: W/"66059e32-42d"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4ms6jkNM%2BYEsa2XXpjGV7aws9AR0cAFpmHDkpY0W6uQUEN3n00ifxPt12KUrfs2n3Yp1dAoHaN6HCPRk0CFUuqw8v0klkBKj66XBAxxI43mSX7tfod5p4B109AjBWnSOS8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0e5693bb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3telegrom-fw.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-BOAMyYaq.css?tele
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:43 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b30"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaORSqOW7j90%2B4UYz9pn%2FiHhUaF1PalCF1hQWiOUJv%2BTG6phWjv6MPa1wC9sy0oxkq0eWyE0bWHTwxIo2nUc3ZJezl%2Foxa5R9g5xnfbtTxyJy0gvMIPK79id7YORJfXfLkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760b0de4dfeb50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/button-B3xQoZLZ.js | 188.114.97.1 | 200 OK | 8.8 kB |
URL GET HTTP/3telegrom-fw.com/button-B3xQoZLZ.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hashc1077e650e70abb26ed92cf8782b6a67 c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aOC4hHpfz0t4%2BlYuNlCaTChV5z8RJFyhGv%2BrhqbfMuxeL70JcvePk0JEEJAHKYcmotWQ9NKLf%2BGHmGEg0FyW6nPfS1SWw6v5b2sTJATis2la6D%2FVpDbho9YhnV16F2cUYms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d62b1eb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/langSign-CN-ja8rh.js | 188.114.97.1 | 200 OK | 1.8 kB |
URL GET HTTP/3telegrom-fw.com/langSign-CN-ja8rh.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeUnicode text, UTF-8 text, with very long lines (1385), with no line terminators Hash8808dfab51f58f8f18a980400b6242a4 cf1ae2a725e2efa763d7463961554650a3cce645 6f66aa3ed42f6f5dd576ac3fcf6514d1dcd72f3d8b8db0c99d34d02ef779d822
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /langSign-CN-ja8rh.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegrom-fw.com/index-zu6iQa6e.js
Cookie: __tins__21862019=%7B%22sid%22%3A%201713401740697%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713403540697%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:41 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:49:31 GMT
vary: Accept-Encoding
etag: W/"66063a4b-6ef"
expires: Thu, 18 Apr 2024 12:55:41 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YU9jyTc7X%2BY6I1R%2BWfjNA5Bv3bkfEKDLoU44G9kGWcJ7XmeqJvXmyWKWgdXee%2BVMHia2hKGZFv4y9A42SQy8PifX97VCQ%2Bh5cZARxYFdZBxCDt23%2FvngDk%2BQupu8T0%2Bq3e0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d2a9abb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegrom-fw.com/page-g1hbv_Nl.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3telegrom-fw.com/page-g1hbv_Nl.js IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegrom-fw.com FingerprintDF:18:75:7C:E9:FF:83:EC:80:34:50:EA:B3:D7:67:F9:48:CB:CC:2B ValidityTue, 05 Mar 2024 04:38:01 GMT - Mon, 03 Jun 2024 04:38:00 GMT
File typeASCII text, with very long lines (10306) Hashd440faca4d406ba2c6b1d5a02e0c2300 5b6d6948eb17a1d8901f9c0ceb4618c3a722f373 00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /page-g1hbv_Nl.js HTTP/1.1
Host: telegrom-fw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegrom-fw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 00:55:42 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-286d"
expires: Thu, 18 Apr 2024 12:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z7euhHzph6VRv%2BtCCP2FC3o81lo03fKRBcgiyrnbTall5FYPuR9nHlL0PL2Tm4kv6RclHHo4Q0cKKV0qW4%2Bat1RXpBLj8hnBWteulCnyGRAKmhVJ%2FXwmBAlmeUQEAmXN108%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8760b0d62b1cb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|