| | 172.67.205.76 | 200 OK | 13 kB |
URL User Request GET HTTP/2IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeHTML document, ASCII text, with very long lines (1757) Hash4a61d6110b83a46c768c746701ecd05b bad8abdcda2e98cddd470c79a3f146afe8873699 72f97be78bbf79130737e066ec6cab2dfd32c9489ad56a07d37d9c514c3e9f14
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:22:55 GMT
content-type: text/html
last-modified: Fri, 05 Apr 2024 01:07:18 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8E%2BRGZxmiwN19oIFrBRAL4X5gY8sSc37D7k96fF%2FftIzgezktLLxqPoKcI7yIGyI%2FZId%2Blpl3OhXKcVw%2Bn%2BriPIwGz9MbIs2DxBfJmSf5vDmddd8WL4TAJhk%2FOiNluWgHyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a00493bf73b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| telegram-zc.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 172.67.205.76 | 200 OK | 11 kB |
URL GET HTTP/3telegram-zc.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/index-BOAMyYaq.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:58 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b08"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oNCnlgz1%2F0hbA7dC%2BsYKo%2Fety3yBheTEva8ViwEJK69FTsTlZWkIb7pAa6Wb3hsPypJL2YJntXmZEXsJ66Jj2mc3SN%2F9EkWVtCyexGuDZkRFzIHKOSNhtKwYkva0v%2Fzx1eA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004a3acf556a5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/countries-CzeCvYH8.js | 172.67.205.76 | 200 OK | 4.9 kB |
URL GET HTTP/3telegram-zc.com/countries-CzeCvYH8.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeUnicode text, UTF-8 text, with very long lines (24043) Hash24d43ec6ffdef8fdf4310a4a8b65b206 8974a9f0f2a76920b5080c3f239fe21396e4ce73 6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /countries-CzeCvYH8.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:57 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-5e21"
expires: Fri, 26 Apr 2024 05:22:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKrexalmczNSh%2BSV61ywcxhmnA0vy9m9vEncCm2wnlsT3KarphsVkIN6ktrwIz4Xcb01aeW1OZYKpFePuxd38v6fgXZftvnJGmjBwukCjXtpSRjmR%2BPN1yXnEJPuLnafqrM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004a40d6156a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 172.67.205.76 | 200 OK | 9.0 kB |
URL GET HTTP/3telegram-zc.com/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:58 GMT
content-type: image/png
content-length: 9024
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2340"
expires: Sat, 25 May 2024 17:22:58 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vi%2BI%2FRa11jR5BXdO%2BXOs7mzpUoOusvOBQ477o9%2B1DQblIDAMbH3TrwRsCskh%2FDB5e6XHj8AJIzgBGV7qKy35H6bbkyi8iUimnnMq64i82xEg%2FtmsLnMo9aYydK8cfeUcymA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004a829c756a5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/mtproto.worker-BHJY8drK.js | 172.67.205.76 | | 239 kB |
URL telegram-zc.com/mtproto.worker-BHJY8drK.js IP172.67.205.76:0
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
Size239 kB (239044 bytes) Hashd2e40bc8349a491ff5af8d0175036342 002c71013f6f5d3743498cbd658af2f5383936eb 32ee88de45062a449a3a5742aefa0e0f9b5aa42e522ba818bf788a6cb253877d
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /mtproto.worker-BHJY8drK.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://telegram-zc.com/
Sec-Fetch-Dest: sharedworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:58 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-ec0ff"
expires: Fri, 26 Apr 2024 05:22:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4X2c2CUL2zAW0gl2GKtyK%2FuTNoym7ELgZJn5kC7YenAUDjRlDTtR2MKnpul0uBL5c5OzSqwHIdWofN7Xxx509QaofKugUVKXxHeOgfE8EHygboAShSp0UckWX7iIcS2oQpQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004a3ed3156a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegram-zc.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9yND5H/AvpPkefDd93/Dyg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 17:22:59 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fegq9Cp+MA2BoFuAeZXLeS7HRDg=
Sec-WebSocket-Protocol: binary
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
Content-Length: 0
Origin: https://telegram-zc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegram-zc.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4Uz6rRQ6egPh5tvOxLFf/w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 17:22:59 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hxU78TKO31oHZhe4+McEm/G2ayY=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://telegram-zc.com
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IwmMQmUq9Tg7leBh+NpnYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 17:22:59 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5u3sbDRgRjTPmEfmHjLrZk1I9os=
Sec-WebSocket-Protocol: binary
|
|
| telegram-zc.com/lang-CQhMF3zZ.js | 172.67.205.76 | 200 OK | 66 kB |
URL GET HTTP/3telegram-zc.com/lang-CQhMF3zZ.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeUnicode text, UTF-8 text, with very long lines (14604) Hash202f3aa9967436024f13078cdc6e7bf3 ec2f96fd70174080f758a5f8cdc28c2dcf2c0b31 dd12733aeb807f4e3e15388ca87e049d50b4dc006e5cb6b8d75edc981c4a387d
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /lang-CQhMF3zZ.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:58 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1d820"
expires: Fri, 26 Apr 2024 05:22:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1Q2OiOLxIPy7XeoyhzePqY5IfUz%2BEGuMXcxDFGuCiKwiyCv2bKTG1UmcEYILst3QWy%2BLBUS9HXcZsiF3j%2BlUy5lhfszGhLLUcNcHcp4XtZ%2BtA0tIj9n%2BmJboY2I%2BRf3zVY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004a40d5b56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/page-g1hbv_Nl.js | 172.67.205.76 | 200 OK | 30 kB |
URL GET HTTP/3telegram-zc.com/page-g1hbv_Nl.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (10306) Hashd440faca4d406ba2c6b1d5a02e0c2300 5b6d6948eb17a1d8901f9c0ceb4618c3a722f373 00ba512d85fe78658603389ed0a9a401103ec3a0464eb30d057a07febd670279
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /page-g1hbv_Nl.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-286d"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZETOz%2FBeQluIoO0TSPXw78FhZledCIoM%2BMq0XZ8a%2BXIbOOZchRJgeTYI3Mc7qUONXBGzEEfZGz8RbvI3PvRtWwRVTRifoFT%2FFT13GE5G%2BvWewQj%2B3H%2FkEDFMDLC9k4Ecg8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004b29e4d56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/textToSvgURL-Cnw_Q8Rw.js | 172.67.205.76 | 200 OK | 9.9 kB |
URL GET HTTP/3telegram-zc.com/textToSvgURL-Cnw_Q8Rw.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (306) Hash3f6402acb182a218e34ebe26b03fcd23 2601dfbce5087a38142e34596e5b094c7760dc80 88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-Cnw_Q8Rw.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-165"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=enT0%2FZ6F8CXj1SMQSc6fJU4uIUgkV0gdNniKDvw2FY%2BjD7HdWp9kf%2FLagdrrJrPVsglLhAowhs%2B0abMftiq4KrJff4MAMhBKCNyjxGw6UrFSr%2B6Lxa5jCP9GqebrkIX7kdQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004abfe3056a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/button-B3xQoZLZ.js | 172.67.205.76 | 200 OK | 8.8 kB |
URL GET HTTP/3telegram-zc.com/button-B3xQoZLZ.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hashc1077e650e70abb26ed92cf8782b6a67 c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TD%2FE1h%2FS3Vig9JYrj%2FBXsPtbKcoW379Hd%2B5ob1IYLeNdBCzp8ljC1DqfU2vnE9VIwLRjk5Uyar%2FQAAwaX05oqsgTuOXxaU4at0zOD8Jiam%2Bc2479RjDvTeQ8pNpF3RFwFKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004b29e4f56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/qr-code-styling-BqER1AUU.js | 172.67.205.76 | 200 OK | 66 kB |
URL GET HTTP/3telegram-zc.com/qr-code-styling-BqER1AUU.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:23:00 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFvmQ2L8AIBG9nybm4e6cyNHUZWgfTwJVYid%2FC3wHUksvBqOKxKZ00tg9NWUamFOw6wfe2gDafi3MxqqfJB5NSOrs4Vcp8t0SJI6dAWfVVYV%2BYOYbh%2Bc0A%2BXKGbHtCzXriU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004b2de8f56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/qr-code-styling-BqER1AUU.js | 172.67.205.76 | 200 OK | 66 kB |
URL GET HTTP/3telegram-zc.com/qr-code-styling-BqER1AUU.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-BqER1AUU.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10254"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3hoyosuY8vem3pZ0YOExndRB35WeiTmyZtY7F3oI5lurid2tUL3m%2BdzoZxQUiwCxIzlu%2BtWeoXVEhVHSWvSFKaJ9Xx1chTSFbpXVfkPeIIRpdfz9WbbP7uQeuHEqZPS%2FM%2Bs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004b2de9456a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/putPreloader-B4MN6Snw.js | 172.67.205.76 | 200 OK | 699 B |
URL GET HTTP/3telegram-zc.com/putPreloader-B4MN6Snw.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash7bd6d90b050585f83f816a092429a8cb f08c4031eb56b8c0f16906fb09e217a3e0bbb424 7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/pageSignQR-BuEZqNkj.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KXB%2B9blS3OALSqZCVxo6NLN5nBmZiBceSbhm2Sm2TznuJ%2FjexkFbY0yImnn%2Br1ugUiiqSF2s8FaFyXiLbloVUrTbf8uDGN6C%2BQd6gr5TW4wWB1Hdj50%2BJyUP8U%2BW2EMJcKg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004b29e5256a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/_commonjsHelpers-Cpj98o6Y.js | 172.67.205.76 | 200 OK | 290 B |
URL GET HTTP/3telegram-zc.com/_commonjsHelpers-Cpj98o6Y.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash2f62150f51e1c96c4a1f8fa5d6c72c2a d9529066ad04e0b66323fa0e7f12133bbc6940a4 e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:23:00 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-122"
expires: Fri, 26 Apr 2024 05:23:00 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HNPSTLOiqHMfXAgUWcYJQkZHdHIGmIJd0Zr4rAW2gmA%2BU089g%2BsagyuRxHmQbaVp%2BHBVgmtpl43snhMdn7ZAf9vckc1SjmE8i%2Bhx1A0mViTEI3K9lpNaUuFog5J07uFCPQY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004b2de9356a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/_commonjsHelpers-Cpj98o6Y.js | 172.67.205.76 | 200 OK | 290 B |
URL GET HTTP/3telegram-zc.com/_commonjsHelpers-Cpj98o6Y.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash2f62150f51e1c96c4a1f8fa5d6c72c2a d9529066ad04e0b66323fa0e7f12133bbc6940a4 e306f66b5964b6d3477db797068e0a94b0ef6cf594018197576f4450d9645d5b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-Cpj98o6Y.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/qr-code-styling-BqER1AUU.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:23:00 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-122"
expires: Fri, 26 Apr 2024 05:23:00 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSN52mBMazye8oT6f8GIQtz%2FAwYO6XbJwF9EFWxsHGZ3nFQR49wgQnDFV758CUoHPbu6U6nrYR0EI8ThmFhlS2qbuv49AvIgm9Sankf74%2Fa3y3OL2l6xd9GcC%2BzGbsH%2BdDc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004b4987756a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/assets/img/logo_padded.svg | 172.67.205.76 | 200 OK | 1.1 kB |
URL GET HTTP/3telegram-zc.com/assets/img/logo_padded.svg IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeSVG Scalable Vector Graphics image Hash4c0b48654a4881c325148a5e00964160 d7d21756c9dd4c1bf4d97087811745aad60506a0 7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/logo_padded.svg HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:23:02 GMT
content-type: image/svg+xml
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: W/"66059e32-42d"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3UJIAWaWjIhf3h1WO6QpjI70MZ7tcG1OcFFo14GSpHCbVdiH7quB3cxreNF254gGQszKZAUD9YlLzsKbmydoY2L8aXwBGn1MQzcCFuVYReXiSZsu66obj%2Frlu0HyQJWN7Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004c12d7756a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/putPreloader-B4MN6Snw.js | 172.67.205.76 | 200 OK | 699 B |
URL GET HTTP/3telegram-zc.com/putPreloader-B4MN6Snw.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (736), with no line terminators Hash7bd6d90b050585f83f816a092429a8cb f08c4031eb56b8c0f16906fb09e217a3e0bbb424 7f6574895bc12efd5b5d0ceb5be4667dbeead1b439fea437013773a056ea60ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-B4MN6Snw.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
etag: W/"6606391f-2bb"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oJMDBAtDTG942ibMoo%2B9VI6oo%2Fv0lEdSktqOEEWlmTu25zZ%2Flb48ArHaFi1lFbzdZ0Mo9gzYrO9KzVtKhNu8xWYoJtCuD8pXvWCQiE6%2BLQn9blPfZXhTx8OpGLO42FkMPhs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004abee2c56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 172.67.205.76 | 200 OK | 11 kB |
URL GET HTTP/3telegram-zc.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/index-BOAMyYaq.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:23:01 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-2b30"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=liFYzggU7ZzY0EPds3N17Fy5wfs8hgsJ0YXUucJBnCjpdoSsb2t%2FzdB0JePiqzeRzlr7kJJ2teX1Enh0Al2b8XajaqSCUn8szKSvqSOcv7IQp0Cx3QO7BiVraFfiaNuyCF8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004b81c1156a5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/button-B3xQoZLZ.js | 172.67.205.76 | 200 OK | 8.8 kB |
URL GET HTTP/3telegram-zc.com/button-B3xQoZLZ.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (9521), with no line terminators Hashc1077e650e70abb26ed92cf8782b6a67 c1bf8062f0184ae28a3b8685d3a0488d7bc7b6dc a8ea778f014efd52489c0503177c7d9635942ee605e70374b7015f6b9f5ca70a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /button-B3xQoZLZ.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-2259"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MTp272aPZXjaFSJ15l0L3s5pBH8VTYF3z8Ad6vmhfLa6NLdYFcHDAsfZ9IyGvQgf4u1sAnYi6u5OH3SWdUoBCsCFoK%2Bo9vm0yZGczrJEUf6jpfa8AX4v2rZJ7jFv3dOTQgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004abee2856a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/pageSignQR-BuEZqNkj.js | 172.67.205.76 | 200 OK | 5.7 kB |
URL GET HTTP/3telegram-zc.com/pageSignQR-BuEZqNkj.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (5845), with no line terminators Hash48e52eb9f64780058bd685e2a1e1b018 fe3467b3b670be0c648e20baf028e799bbf710b8 70ef65a5de591fd3f2e82a6f9e466ac9890c12b1ad67615d497a65de1b992033
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-BuEZqNkj.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1630"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BbGiSud%2FNGgQSZP7T8gR1kFCcm8QxMFqmjm3aw2rQwFkIhsgUNB2n98fJYlMSEEzORZ5HxbOjYPYuL951PAfwn1rkeehD%2BAgEdZJQm4Th27FiIvduqjcuM2t35m68zK%2BMoI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004abfe3456a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/langSign-CN-ja8rh.js | 172.67.205.76 | 200 OK | 1.8 kB |
URL GET HTTP/3telegram-zc.com/langSign-CN-ja8rh.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (1930), with no line terminators Hash3eb4b75460039dd8bb5a35a881d65086 c976473a33457220fadca83956b846ec3da6423d d6a82edc505002cfe31c9cc06788cb0b3ea1c5c3fb93bfaef6d9fa6f1f69bee5
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /langSign-CN-ja8rh.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/index-zu6iQa6e.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:58 GMT
content-type: application/javascript
last-modified: Fri, 05 Apr 2024 08:07:57 GMT
vary: Accept-Encoding
etag: W/"660fb15d-6d9"
expires: Fri, 26 Apr 2024 05:22:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=40TB5dlevOeW9VAdLVb4XIsEQ8mIe2%2FvrAN5CpGJAfSpYeO2Uwca1FfIIsc5RccJ%2B7ZXWqQmpCcEQ%2FlqZy5NPgToaXCJ12pWqIRNVaxPArMWjrfa9Z%2F8nFuP%2B0KPJQoKixk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004a40d5e56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/index-zu6iQa6e.js | 172.67.205.76 | 200 OK | 135 kB |
URL GET HTTP/3telegram-zc.com/index-zu6iQa6e.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
Size135 kB (134647 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /index-zu6iQa6e.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:56 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-20df7"
expires: Fri, 26 Apr 2024 05:22:56 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PCJimdufu5N1lduklZGRfF3rv6PHE9HpFyQfnhYqJZ60Yy8LGVqlqQ84i010EtVmqJo47YvqiXIVHFQKm45iXrBlwpTIbsRkcmFTtZAme5lQKpn4uiviEhNoehShW%2FB6MW0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a00499baa056a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/login.js | 172.67.205.76 | 200 OK | 4.7 kB |
IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (4474), with no line terminators Hashf757d1c3be94b4bb8cf4f31434ad2906 70b7eb1bd3bef7fa76502cb93482a6e0f87a112f 33660b5b27e514fcec1a7a6c5c5afb6aa9d2bc4cf20547dae55c9eb9a4b2606e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /login.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:56 GMT
content-type: application/javascript
last-modified: Fri, 05 Apr 2024 01:04:18 GMT
vary: Accept-Encoding
etag: W/"660f4e12-122b"
expires: Fri, 26 Apr 2024 05:22:56 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1QDV6jbLL1CG0RUzknu18ni2ZlizWD5HKU%2F%2FnERes7Kt6lnj5tOv5T5Dk1mhG3A2lUMU%2Fth7zsKRk9U%2BLt0RNgGTn8T1L9nxEO8ItzQkRtMUaBDzuE4oAYR71baRZGSKm5s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a00499baa556a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry | 172.67.205.76 | 200 OK | 1.0 kB |
URL GET HTTP/3telegram-zc.com/assets/img/favicon-16x16.png?v=jw3mK7G9Ry IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:58 GMT
content-type: image/png
content-length: 1012
last-modified: Thu, 28 Mar 2024 16:43:30 GMT
etag: "66059e32-3f4"
expires: Sat, 25 May 2024 17:22:58 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zpzlpoh8q9TS26xlU%2FZXUAVHEiRsnvEXahNkRNJ8zpaOoOFJ1tN6F7G%2BCDYyVatrWjuJEA6wK1Tv8jD2FsXWSgmAkNYFdqNC%2FTn%2FglqpwH%2FqTgO7YI8o%2FrEh9hfQtaZh7qA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a004a829c956a5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/pageSignQR-BuEZqNkj.js | 172.67.205.76 | 200 OK | 5.7 kB |
URL GET HTTP/3telegram-zc.com/pageSignQR-BuEZqNkj.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeASCII text, with very long lines (5845), with no line terminators Hash48e52eb9f64780058bd685e2a1e1b018 fe3467b3b670be0c648e20baf028e799bbf710b8 70ef65a5de591fd3f2e82a6f9e466ac9890c12b1ad67615d497a65de1b992033
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-BuEZqNkj.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:59 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-1630"
expires: Fri, 26 Apr 2024 05:22:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tmfma%2FeV3jADoWWcoI6yiHKIPc0rfI0QhY%2BLhSz0hqmiMPucXkoFUnuYABYc66UqlR7IloUZe5QRFvbWT44vqDfzqHjtDR579y2eBwSLUB4xKjL%2FNBVjswARI9HJ5Udasrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004abee2356a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/index-BOAMyYaq.css | 172.67.205.76 | 200 OK | 512 kB |
URL GET HTTP/3telegram-zc.com/index-BOAMyYaq.css IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
Size512 kB (512428 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /index-BOAMyYaq.css HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram-zc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:57 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 04:25:17 GMT
vary: Accept-Encoding
etag: W/"660642ad-7d1ac"
expires: Fri, 26 Apr 2024 05:22:56 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kspeq4V5ttstBzZNhl%2BvLpbpAbGnWU8eaCnfFrA2pEQYmRomJkA8vuvm4Qjz9H%2FPrvIV1ESmTUozWv9Urq%2B4TDyElzr5h67BAOyqttLSGOyOauE%2FBRDN7W%2BhB7B33fhHdBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a00499baa956a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram-zc.com/crypto.worker-CfCshcpI.js | 172.67.205.76 | 200 OK | 69 kB |
URL GET HTTP/3telegram-zc.com/crypto.worker-CfCshcpI.js IP172.67.205.76:443
CertificateIssuerGoogle Trust Services LLC Subjecttelegram-zc.com Fingerprint8B:0D:C5:F5:7F:ED:2D:CD:D0:5F:F5:E2:16:87:A1:2D:FE:7C:75:BC ValiditySat, 06 Apr 2024 04:00:04 GMT - Fri, 05 Jul 2024 04:00:03 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash0efdde008dca467f870e5a41e96006d5 ebadf267c3d3eb15b3ef6d7d0a07dec87b95d0f5 db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /crypto.worker-CfCshcpI.js HTTP/1.1
Host: telegram-zc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegram-zc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:22:58 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 03:44:31 GMT
vary: Accept-Encoding
etag: W/"6606391f-10d02"
expires: Fri, 26 Apr 2024 05:22:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqaIiFnt7b14r%2Bu0rjpurgIHTfPpWMq2d6of%2F3nfEAslFGOSwugZNGOK2z6jEUFbJXocclOwHTooZskvk9c3jgAvysqWV6LCGcz4wGJmTIgeL9A6QRk%2F4bsphQd3iKhK%2Fpc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a004a3cd1056a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|