Report - telegramcn.github.io/

Report Overview

Submitted URL
telegramcn.github.io/
IP
185.199.111.153
ASN
#54113 FASTLY
Submitted
2024-05-07 17:39:46
Access
public
Website Title
Telegram Web
Final URL
telegramcn.github.io/#/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
telegramcn.github.io	unknown	2013-03-08	2017-12-21	2024-02-23	8.2 kB	847 kB	185.199.109.153
venus.web.telegram.org	47739	2003-12-15	2017-01-29	2024-05-07	2.4 kB	3.2 kB	149.154.167.99
vesta.web.telegram.org	567573	2003-12-15	2017-01-30	2024-04-30	1.4 kB	2.0 kB	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram
2024-05-07	medium	telegramcn.github.io/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	telegramcn.github.io/js/app.js	2.6 MB	2023-05-29	2024-05-07
Pretty URL telegramcn.github.io/js/app.js IP 185.199.109.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 13:20:01 Last Seen2024-05-07 19:39:47 Times Seen22 Hash 0c39094ddb8c652451c4ac8b12e55f3b 9cc69637d48c3cb5c5022d3f267e7e5a9ecd2196 8f11ba5d9dc9d4bc0a3127e5e943b680895653c3979573fbe801b91e23e6ceb5 Loading...

HTTP Transactions (26)

URL IP Response Size

telegramcn.github.io/

185.199.109.153

200 OK

646 B

URL User Request GET HTTP/2
telegramcn.github.io/
IP
185.199.109.153:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1587), with no line terminators
Size
646 B (646 bytes)
Hash
ea4531e88ad98bd951ca1643e5c3de2f
af94b6d23d297cc359e6d73750cea2461af84bb5
983c76f6b5797d8976c1d3766f5dc7ede83fb10c84b5091838aef6690eeff23e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: text/html; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-633"
expires: Tue, 07 May 2024 12:11:30 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 3936:235561:1AFC1FE:1BA9191:663A180F
accept-ranges: bytes
age: 430
date: Tue, 07 May 2024 17:39:19 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1715103560.578684,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: a84267b42b0e66c261dff72fd5b669edf2ef26b0
content-length: 646
X-Firefox-Spdy: h2

telegramcn.github.io/css/app.css

185.199.109.153

200 OK

37 kB

URL GET HTTP/2
telegramcn.github.io/css/app.css
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
assembler source, ASCII text, with very long lines (556)
Size
37 kB (37135 bytes)
Hash
0471a5be5d85c01c9b1cb9568f1cbafc
37270e67b3d5d339c9492c70c87526a612a9f8f7
2daa84a5c15cd34ddf6640ea13cce0b90674c019c3b1ad39f25be1f3871bbe4f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /css/app.css HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: text/css; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-2ee39"
expires: Tue, 07 May 2024 17:49:20 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 923C:313486:197365C:1A059BB:663A6747
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:20 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103560.035747,VS0,VE158
vary: Accept-Encoding
x-fastly-request-id: dc97ca8d82aa49badd21a1b2396b9b16f7aad482
content-length: 37135
X-Firefox-Spdy: h2

telegramcn.github.io/js/app.js

185.199.109.153

200 OK

707 kB

URL GET HTTP/2
telegramcn.github.io/js/app.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
data
Size
707 kB (707378 bytes)
Hash
0c39094ddb8c652451c4ac8b12e55f3b
9cc69637d48c3cb5c5022d3f267e7e5a9ecd2196
8f11ba5d9dc9d4bc0a3127e5e943b680895653c3979573fbe801b91e23e6ceb5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /js/app.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-28230b"
expires: Tue, 07 May 2024 17:49:20 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 5064:ED6F4:31CBE7F:331E12D:663A6747
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:20 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103560.037902,VS0,VE224
vary: Accept-Encoding
x-fastly-request-id: 0e69666764a6b8f13c86a224fe4da43c572a7996
content-length: 707378
X-Firefox-Spdy: h2

telegramcn.github.io/css/desktop.css

185.199.109.153

200 OK

7.9 kB

URL GET HTTP/2
telegramcn.github.io/css/desktop.css
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
ASCII text
Size
7.9 kB (7863 bytes)
Hash
22382d4f647e1e11c12881d993fc5713
2667c839ceb62f0878ac8639c67cd333f75e3f0e
5ca036e3fbbf0f439ce4fb3c9b688d1e23e5f80a7a15fb5486d28af623869d09

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /css/desktop.css HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: text/css; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-b081"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: A3D0:3781B3:478483F:497EBAF:663A6748
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.976636,VS0,VE131
vary: Accept-Encoding
x-fastly-request-id: df63025eb4bb95e0acc93fb3f986635d8ece27a4
content-length: 7863
X-Firefox-Spdy: h2

telegramcn.github.io/js/locales/en-us.json

185.199.109.153

200 OK

14 kB

URL GET HTTP/2
telegramcn.github.io/js/locales/en-us.json
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (13458 bytes)
Hash
d9e8cffed993167353c5b87af41c62a4
83d5b7bea0c7aced94f51bfc959a9c491fe21f8a
6ccf883a7c1bebb255b1248921cb5f8ceba28db75604a6972964629d6cc03b44

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /js/locales/en-us.json HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/json; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-cb51"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 8D14:17F4B9:3040208:31853CE:663A6748
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.980658,VS0,VE135
vary: Accept-Encoding
x-fastly-request-id: 4e4a9965278b59e3fafdcbb864c442f2b1b6e848
content-length: 13458
X-Firefox-Spdy: h2

telegramcn.github.io/img/iphone_home120.png

185.199.109.153

200 OK

2.7 kB

URL GET HTTP/2
telegramcn.github.io/img/iphone_home120.png
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
PNG image data, 120 x 120, 8-bit/color RGB, non-interlaced
Size
2.7 kB (2732 bytes)
Hash
86b05c2c7e8ad0de8204789716898da4
27dd329b8f2dbe583357d106ce3f538896925219
8af64f45879d661f17f4e18b7dc2b73e21c883e3960da8371993511eb9fe53ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/iphone_home120.png HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: image/png
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: "5e4f9e36-aac"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: DE22:320C75:5EF4386:6184A28:663A6748
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.151609,VS0,VE132
vary: Accept-Encoding
x-fastly-request-id: f2b2e582190871ca59be56314c994c07f023676f
content-length: 2732
X-Firefox-Spdy: h2

telegramcn.github.io/favicon.ico

185.199.109.153

200 OK

982 B

URL GET HTTP/2
telegramcn.github.io/favicon.ico
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
982 B (982 bytes)
Hash
fb606fe0a27a1c62bdfc48561d908f39
3306fba7846b0fedbd75ee0c602b3d5b8f9703d5
462c72824442b77689e0650dfe56a218cbea68b48669d68f3f7b3247af187d09

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: image/vnd.microsoft.icon
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-3bf"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 8D82:2A16A1:28393DF:294F10B:663A6747
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.152099,VS0,VE136
vary: Accept-Encoding
x-fastly-request-id: 05dab368145108a56b11dd49387d7f59f78898d0
content-length: 982
X-Firefox-Spdy: h2

telegramcn.github.io/img/icons/General.png

185.199.109.153

200 OK

6.4 kB

URL GET HTTP/2
telegramcn.github.io/img/icons/General.png
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
PNG image data, 40 x 948, 8-bit/color RGBA, non-interlaced
Size
6.4 kB (6355 bytes)
Hash
10639598adc8046b54dfa15d2e6443d0
9e4255140f3f8793ed06181cb016c5120c5cdb24
1787211bb6c15bc910e4aa84f5840a92bf1d52d9fed9975d604e91a2164d894e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/icons/General.png HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/css/app.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: image/png
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: "5e4f9e36-18d3"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: C200:320C75:5EF4398:6184A40:663A6749
accept-ranges: bytes
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.256700,VS0,VE122
vary: Accept-Encoding
x-fastly-request-id: 8a1c6b7e0b3ee34ea6e0bcc7e232406677ebb15d
content-length: 6355
X-Firefox-Spdy: h2

telegramcn.github.io/img/Telegram.svg

185.199.109.153

200 OK

2.0 kB

URL GET HTTP/2
telegramcn.github.io/img/Telegram.svg
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (2036 bytes)
Hash
4964c9bbfba510f495319c52562d70d4
dc3592a833a3e24be2d6df7a261973b7585a8392
bd24e2e781d27a24a5b689e340f6acfd17069cf48814d563160c8c9265382d77

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /img/Telegram.svg HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/css/app.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: image/svg+xml
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-14c9"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: DE04:31E846:48C6F0:4A7564:663A6748
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.256972,VS0,VE131
vary: Accept-Encoding
x-fastly-request-id: 71dbf5c63e1eeea424646e70307483a4ba71905a
content-length: 2036
X-Firefox-Spdy: h2

telegramcn.github.io/js/lib/crypto_worker.js

185.199.109.153

200 OK

534 B

URL GET HTTP/2
telegramcn.github.io/js/lib/crypto_worker.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
ASCII text
Size
534 B (534 bytes)
Hash
71e05d663296e5122981424d5b8f756f
f4b4bf884bd101adfb192e5e69be504c0fa46dd9
fe146019189901e1e9b9a1d1ce67ed7435ddf121c04461169c6fd4b3e8ed1f6c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /js/lib/crypto_worker.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-4a3"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 5048:313486:197374C:1A05AB6:663A6749
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.313538,VS0,VE125
vary: Accept-Encoding
x-fastly-request-id: 38a8bc23a99886d3de6e3aefd7d9351a3dd60d27
content-length: 534
X-Firefox-Spdy: h2

venus.web.telegram.org/apiw1

149.154.167.99

200 OK

84 B

URL POST HTTP/2
venus.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
84 B (84 bytes)
Hash
713851ca777e3ad50b1839a94f71e5fb
58c0714a7f33450a013fecb74b11e179a3cc1e7f
d972f10252a64eb238bcd7ce29ccff5f48d3897c117edfad3e0430c2f3579727

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 40
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:21 GMT
content-type: application/octet-stream
content-length: 84
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

telegramcn.github.io/js/lib/polyfill.js

185.199.109.153

200 OK

1.7 kB

URL GET HTTP/2
telegramcn.github.io/js/lib/polyfill.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/js/lib/crypto_worker.js
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
1.7 kB (1672 bytes)
Hash
b530810019a85da1b809ad5ca05b9d78
12f7fd232ccdd4f8bd500d24b00594fd87aa880d
efbe1b8cd2f0d607180f5e17863ef1918232b0401b15e61e49ec76f8ac49dee2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /js/lib/polyfill.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/js/lib/crypto_worker.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-117e"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: C200:320C75:5EF43BE:6184A5F:663A6749
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.481079,VS0,VE126
vary: Accept-Encoding
x-fastly-request-id: f1cf8d55239d6c25671012b4b71a9874a0d93dce
content-length: 1672
X-Firefox-Spdy: h2

telegramcn.github.io/js/lib/bin_utils.js

185.199.109.153

200 OK

4.3 kB

URL GET HTTP/2
telegramcn.github.io/js/lib/bin_utils.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/js/lib/crypto_worker.js
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
ASCII text
Size
4.3 kB (4261 bytes)
Hash
ff3766aeac6bdf4b355f93dba1b7d6f9
4fd4b8d4f42e17199f1e60d3e5237fa6acc447b3
0c5729f25599688103762e69ca5da531baffc0f0169787e7190e4ff5a1583f9a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /js/lib/bin_utils.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/js/lib/crypto_worker.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-3dbc"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 7646:23C9E4:10D7EC2:113FBE7:663A6749
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.483056,VS0,VE125
vary: Accept-Encoding
x-fastly-request-id: f48a8fbf8543ae65ac0fece74a87fd16b3a64154
content-length: 4261
X-Firefox-Spdy: h2

telegramcn.github.io/vendor/jsbn/jsbn_combined.js

185.199.109.153

200 OK

11 kB

URL GET HTTP/2
telegramcn.github.io/vendor/jsbn/jsbn_combined.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/js/lib/crypto_worker.js
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
ASCII text, with very long lines (661)
Size
11 kB (11253 bytes)
Hash
d7eb1b82e658eef11ce3d8fd9caf10d5
5f6537a517860b4c57fbd2d0de201b5ba80bec2b
bf35737ecb19f93b2e4c411eb6a3ce6e6b9398d14c199cccec272e70865807ed

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /vendor/jsbn/jsbn_combined.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/js/lib/crypto_worker.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-90c8"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: C212:EFAF3:35446C5:36BEA33:663A6749
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.484276,VS0,VE135
vary: Accept-Encoding
x-fastly-request-id: 652a2559fbd0b3c4cc72c82c18c98ac820a732b2
content-length: 11253
X-Firefox-Spdy: h2

telegramcn.github.io/vendor/leemon_bigint/bigint.js

185.199.109.153

200 OK

14 kB

URL GET HTTP/2
telegramcn.github.io/vendor/leemon_bigint/bigint.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/js/lib/crypto_worker.js
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
14 kB (14111 bytes)
Hash
99290db3a3369437ba0d44152dc36ba1
2382de9bdf5bdf705531b41a88de8f2868959b20
358c053657f1248c79d797b02c00660d8c5e9a11c786cabcd45f58d11e723dec

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /vendor/leemon_bigint/bigint.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/js/lib/crypto_worker.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-bf99"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: DE22:320C75:5EF43BE:6184A63:663A6749
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.485019,VS0,VE141
vary: Accept-Encoding
x-fastly-request-id: 218581dc3b09b20fa27fd7018b180cba3f30c140
content-length: 14111
X-Firefox-Spdy: h2

telegramcn.github.io/vendor/closure/long.js

185.199.109.153

200 OK

5.7 kB

URL GET HTTP/2
telegramcn.github.io/vendor/closure/long.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/js/lib/crypto_worker.js
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
ASCII text
Size
5.7 kB (5651 bytes)
Hash
b0a35c095dc09f1fd10de13953946b82
5405ea3612003c91e32f721d664953a3c59d617d
aa33fd722e9ffa58aca046c34ba1d850bbccc689b6eceaaef4700337cfa7a597

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /vendor/closure/long.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/js/lib/crypto_worker.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-5bfe"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: C20A:23C9E4:10D7EC4:113FBEB:663A6747
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.493715,VS0,VE137
vary: Accept-Encoding
x-fastly-request-id: 66ea950459cc76cee2c162f71f94795cbb112e7f
content-length: 5651
X-Firefox-Spdy: h2

telegramcn.github.io/vendor/rusha/rusha.js

185.199.109.153

200 OK

4.5 kB

URL GET HTTP/2
telegramcn.github.io/vendor/rusha/rusha.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/js/lib/crypto_worker.js
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
4.5 kB (4473 bytes)
Hash
779d54331470a66576a5292e61fc1680
374808b2f6828c82f6b33e2acc4091ea23e31a15
94352db37951f2a1b8194b8261171c2984d57d5999726c607ccc912895540f5b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /vendor/rusha/rusha.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/js/lib/crypto_worker.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-424a"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: E764:313486:197376C:1A05ADD:663A6749
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.498331,VS0,VE133
vary: Accept-Encoding
x-fastly-request-id: 4cf77a27eb10cfa7b9b6ef2544afb82c782f95c2
content-length: 4473
X-Firefox-Spdy: h2

telegramcn.github.io/vendor/cryptoJS/crypto.js

185.199.109.153

200 OK

11 kB

URL GET HTTP/2
telegramcn.github.io/vendor/cryptoJS/crypto.js
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/js/lib/crypto_worker.js
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
11 kB (11411 bytes)
Hash
6d1ac0184656afab590fbf06e7bc8c5d
d19746a7093963f02edce52c35b2fa348f581e7c
3f0843eec5370cfa3e77ed908dc39353f1c8ba6facdfd88105605e6807a4dde2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /vendor/cryptoJS/crypto.js HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/js/lib/crypto_worker.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-10096"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: DE14:320C75:5EF43BF:6184A66:663A6747
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715103561.496266,VS0,VE278
vary: Accept-Encoding
x-fastly-request-id: 8655bfe8e01fc4fd3e6c4fbe229114d7737e7811
content-length: 11411
X-Firefox-Spdy: h2

telegramcn.github.io/favicon.ico

185.199.109.153

200 OK

982 B

URL GET HTTP/2
telegramcn.github.io/favicon.ico
IP
185.199.109.153:443
ASN
#54113 FASTLY

Requested by
https://telegramcn.github.io/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
982 B (982 bytes)
Hash
fb606fe0a27a1c62bdfc48561d908f39
3306fba7846b0fedbd75ee0c602b3d5b8f9703d5
462c72824442b77689e0650dfe56a218cbea68b48669d68f3f7b3247af187d09

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: telegramcn.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
content-type: image/vnd.microsoft.icon
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Feb 2020 09:09:10 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"5e4f9e36-3bf"
expires: Tue, 07 May 2024 17:49:21 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 8D82:2A16A1:28393DF:294F10B:663A6747
accept-ranges: bytes
date: Tue, 07 May 2024 17:39:21 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 1
x-timer: S1715103562.778017,VS0,VE6
vary: Accept-Encoding
x-fastly-request-id: beda38c438f70507ecb8679b855d893640f7048d
content-length: 982
X-Firefox-Spdy: h2

venus.web.telegram.org/apiw1

149.154.167.99

200 OK

652 B

URL POST HTTP/2
venus.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
652 B (652 bytes)
Hash
472882b92455a826ff69a822e6dc2aef
9f3e1a24e7a965fcd868494d0ef3fe7569dc55a4
b3ad78f1a42c681a03b65ec75c68ec27023acaf1588a932d74d97f00ab8858b2

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 340
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:23 GMT
content-type: application/octet-stream
content-length: 652
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

venus.web.telegram.org/apiw1

149.154.167.99

200 OK

72 B

URL POST HTTP/2
venus.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
72 B (72 bytes)
Hash
9e8b087c18d65cc85487ebb130abc12c
271d667a2ea9fd6dcf9d7e4ed60034929256a714
5b64b15e004440414f939b0dd5ac4b67ab1bab01bf3304d3b40d3fccb9583874

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 396
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:25 GMT
content-type: application/octet-stream
content-length: 72
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

venus.web.telegram.org/apiw1

149.154.167.99

200 OK

168 B

URL POST HTTP/2
venus.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
168 B (168 bytes)
Hash
3b83ab62fee9dc4715532dcbf98b1920
35c2aa47d73f92b861b9c6d5fa4a1c844a6913ac
c3953c6c08e75327721cc0b86ab54d71dfa8606297ad268084005227617634a9

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 328
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:26 GMT
content-type: application/octet-stream
content-length: 168
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

vesta.web.telegram.org/apiw1

149.154.167.99

200 OK

84 B

URL POST HTTP/2
vesta.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
84 B (84 bytes)
Hash
2cdae9ba424378e314aaebdbb2a3f64e
febbd8e106444ddd925ab94e208d751a7b4d23ae
8540b80a7cf907942d647702ec826c0143f76e0636e0ac141707ea1c22bd0118

HTTP Headers

POST /apiw1 HTTP/1.1
Host: vesta.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 40
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:26 GMT
content-type: application/octet-stream
content-length: 84
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

venus.web.telegram.org/apiw1

149.154.167.99

200 OK

168 B

URL POST HTTP/2
venus.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
168 B (168 bytes)
Hash
2a2135c49888df5546d681f10d346797
4ad9e6a0c8c6be4a2dc3ee063bd682707a37f610
e04c0ac001c58cebf4706df8496cf378624dd9c12c78e1c273ee6cb4fe200706

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 120
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:26 GMT
content-type: application/octet-stream
content-length: 168
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

vesta.web.telegram.org/apiw1

149.154.167.99

200 OK

652 B

URL POST HTTP/2
vesta.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
652 B (652 bytes)
Hash
780ea6ef02eae0209120554d8af12a75
23740f658f5d8ac335fe5c2228c367315a857c0a
4f6a68ad944c7a4399c6b2a96f3f7e136ede02ea322238ff46ee88d8974cfbd1

HTTP Headers

POST /apiw1 HTTP/1.1
Host: vesta.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 340
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:29 GMT
content-type: application/octet-stream
content-length: 652
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

vesta.web.telegram.org/apiw1

149.154.167.99

200 OK

72 B

URL POST HTTP/2
vesta.web.telegram.org/apiw1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegramcn.github.io/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type
data
Size
72 B (72 bytes)
Hash
25485798f7eea72cd753336384635537
a07ff74116cf97ada2189d13aeeb3988be8b2495
5902eaf24b5ad29a06d7c9b12f50689df98a2cb015371e55befda6cf57d5f3af

HTTP Headers

POST /apiw1 HTTP/1.1
Host: vesta.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 396
Origin: https://telegramcn.github.io
DNT: 1
Connection: keep-alive
Referer: https://telegramcn.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 17:39:31 GMT
content-type: application/octet-stream
content-length: 72
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (26)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size